From 6c210400aec116d623a67d0796832f51a6581d2a Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Thu, 4 Dec 2025 15:16:10 +0000 Subject: [PATCH 001/141] Backport #87895 to 25.8: Forbid clear column for iceberg --- src/Storages/ObjectStorage/DataLakes/Iceberg/Mutations.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Storages/ObjectStorage/DataLakes/Iceberg/Mutations.cpp b/src/Storages/ObjectStorage/DataLakes/Iceberg/Mutations.cpp index c7ef9a654903..73847e176b04 100644 --- a/src/Storages/ObjectStorage/DataLakes/Iceberg/Mutations.cpp +++ b/src/Storages/ObjectStorage/DataLakes/Iceberg/Mutations.cpp @@ -458,6 +458,8 @@ void alter( metadata_json_generator.generateAddColumnMetadata(params[0].column_name, params[0].data_type); break; case AlterCommand::Type::DROP_COLUMN: + if (params[0].clear) + throw Exception(ErrorCodes::BAD_ARGUMENTS, "Clear column is not supported for iceberg. Please use UPDATE instead"); metadata_json_generator.generateDropColumnMetadata(params[0].column_name); break; case AlterCommand::Type::MODIFY_COLUMN: From b9a0deff7a0dbe566bbce3897e05fd7c61237fbf Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Mon, 8 Dec 2025 23:12:52 +0000 Subject: [PATCH 002/141] Backport #90761 to 25.8: Fix access validation for ALTER UPDATE with `remote` table function --- src/TableFunctions/TableFunctionRemote.cpp | 17 +++++++++++ ...3727_alter_with_localhost_remote.reference | 0 .../03727_alter_with_localhost_remote.sql | 30 +++++++++++++++++++ 3 files changed, 47 insertions(+) create mode 100644 tests/queries/0_stateless/03727_alter_with_localhost_remote.reference create mode 100644 tests/queries/0_stateless/03727_alter_with_localhost_remote.sql diff --git a/src/TableFunctions/TableFunctionRemote.cpp b/src/TableFunctions/TableFunctionRemote.cpp index 94b754ca77a3..552850dc9a69 100644 --- a/src/TableFunctions/TableFunctionRemote.cpp +++ b/src/TableFunctions/TableFunctionRemote.cpp @@ -21,6 +21,7 @@ #include #include #include +#include namespace DB @@ -315,6 +316,22 @@ StoragePtr TableFunctionRemote::executeImpl(const ASTPtr & /*ast_function*/, Con cached_columns = getActualTableStructure(context, is_insert_query); assert(cluster); + + bool has_local_shard = false; + for (const auto & shard_info : cluster->getShardsInfo()) + { + if (shard_info.isLocal()) + { + has_local_shard = true; + break; + } + } + + if (has_local_shard && !is_insert_query) + context->checkAccess(AccessType::SELECT, remote_table_id); + else if (has_local_shard) + context->checkAccess(AccessType::INSERT, remote_table_id); + StoragePtr res = std::make_shared( StorageID(getDatabaseName(), table_name), cached_columns, diff --git a/tests/queries/0_stateless/03727_alter_with_localhost_remote.reference b/tests/queries/0_stateless/03727_alter_with_localhost_remote.reference new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/tests/queries/0_stateless/03727_alter_with_localhost_remote.sql b/tests/queries/0_stateless/03727_alter_with_localhost_remote.sql new file mode 100644 index 000000000000..18e649cf75db --- /dev/null +++ b/tests/queries/0_stateless/03727_alter_with_localhost_remote.sql @@ -0,0 +1,30 @@ +-- Tags: no-replicated-database, no-parallel + +DROP USER IF EXISTS test_03727; +CREATE USER test_03727; + +CREATE TABLE normal +( + n Int32, + s String +) +ENGINE = MergeTree() +ORDER BY n; + +CREATE TABLE secret +( + s String +) +ENGINE = MergeTree() +ORDER BY s; + +INSERT INTO normal VALUES (1, ''); +INSERT INTO secret VALUES ('secret'); + +GRANT ALTER UPDATE ON normal TO test_03727; +GRANT READ ON REMOTE to test_03727; +GRANT CREATE TEMPORARY TABLE ON *.* TO test_03727; + +EXECUTE AS test_03727 ALTER TABLE normal UPDATE s = (SELECT * FROM remote('localhost', currentDatabase(), 'secret') LIMIT 1) WHERE n=1; -- { serverError ACCESS_DENIED } + +DROP USER IF EXISTS test_03727; From 4713e8b4aa465857c06ee9ae717e7c70ed33c752 Mon Sep 17 00:00:00 2001 From: pufit Date: Wed, 17 Dec 2025 00:08:54 -0500 Subject: [PATCH 003/141] Update 03727_alter_with_localhost_remote.sql --- .../03727_alter_with_localhost_remote.sql | 29 +------------------ 1 file changed, 1 insertion(+), 28 deletions(-) diff --git a/tests/queries/0_stateless/03727_alter_with_localhost_remote.sql b/tests/queries/0_stateless/03727_alter_with_localhost_remote.sql index 18e649cf75db..7051909669d6 100644 --- a/tests/queries/0_stateless/03727_alter_with_localhost_remote.sql +++ b/tests/queries/0_stateless/03727_alter_with_localhost_remote.sql @@ -1,30 +1,3 @@ -- Tags: no-replicated-database, no-parallel -DROP USER IF EXISTS test_03727; -CREATE USER test_03727; - -CREATE TABLE normal -( - n Int32, - s String -) -ENGINE = MergeTree() -ORDER BY n; - -CREATE TABLE secret -( - s String -) -ENGINE = MergeTree() -ORDER BY s; - -INSERT INTO normal VALUES (1, ''); -INSERT INTO secret VALUES ('secret'); - -GRANT ALTER UPDATE ON normal TO test_03727; -GRANT READ ON REMOTE to test_03727; -GRANT CREATE TEMPORARY TABLE ON *.* TO test_03727; - -EXECUTE AS test_03727 ALTER TABLE normal UPDATE s = (SELECT * FROM remote('localhost', currentDatabase(), 'secret') LIMIT 1) WHERE n=1; -- { serverError ACCESS_DENIED } - -DROP USER IF EXISTS test_03727; +-- The test has been removed from the backport because it requires `EXECUTE AS` feature. From 82f2339c4bd92254932591fefc908fadb144015e Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Wed, 17 Dec 2025 17:18:10 +0000 Subject: [PATCH 004/141] Backport #89429 to 25.8: Fix `Bad get: has Null` from skip index set. --- src/Storages/MergeTree/MergeTreeIndexSet.cpp | 4 +--- .../03707_set_index_bad_get_null_bug.reference | 14 ++++++++++++++ .../03707_set_index_bad_get_null_bug.sql | 13 +++++++++++++ 3 files changed, 28 insertions(+), 3 deletions(-) create mode 100644 tests/queries/0_stateless/03707_set_index_bad_get_null_bug.reference create mode 100644 tests/queries/0_stateless/03707_set_index_bad_get_null_bug.sql diff --git a/src/Storages/MergeTree/MergeTreeIndexSet.cpp b/src/Storages/MergeTree/MergeTreeIndexSet.cpp index 5fe191e906d7..8ec0be20960f 100644 --- a/src/Storages/MergeTree/MergeTreeIndexSet.cpp +++ b/src/Storages/MergeTree/MergeTreeIndexSet.cpp @@ -700,9 +700,7 @@ bool MergeTreeIndexConditionSet::checkDAGUseless(const ActionsDAG::Node & node, } if (node.column && isColumnConst(*node.column)) { - Field literal; - node.column->get(0, literal); - return !atomic && literal.safeGet(); + return !atomic && node.column->getBool(0); } if (node.type == ActionsDAG::ActionType::FUNCTION) { diff --git a/tests/queries/0_stateless/03707_set_index_bad_get_null_bug.reference b/tests/queries/0_stateless/03707_set_index_bad_get_null_bug.reference new file mode 100644 index 000000000000..7d5596416eb0 --- /dev/null +++ b/tests/queries/0_stateless/03707_set_index_bad_get_null_bug.reference @@ -0,0 +1,14 @@ +Expression + Filter + ReadFromMergeTree + Indexes: + PrimaryKey + Condition: true + Parts: 1/1 + Granules: 1/1 + Skip + Name: v + Description: set GRANULARITY 1 + Parts: 0/1 + Granules: 0/1 + Ranges: 0 diff --git a/tests/queries/0_stateless/03707_set_index_bad_get_null_bug.sql b/tests/queries/0_stateless/03707_set_index_bad_get_null_bug.sql new file mode 100644 index 000000000000..814c08cd312d --- /dev/null +++ b/tests/queries/0_stateless/03707_set_index_bad_get_null_bug.sql @@ -0,0 +1,13 @@ +drop table if exists test; +CREATE table test +( + `ts` Int64, + `v` LowCardinality(String), + INDEX v v TYPE set(0) GRANULARITY 1 +) +ENGINE = MergeTree +ORDER BY (ts); + +INSERT INTO test (v) FORMAT Values ('VALUE1'); + +EXPLAIN indexes = 1, description=0 SELECT CAST(NULL, 'Nullable(String)') AS source, v AS v FROM test WHERE (source = 'VALUE1') OR (v ILIKE 'VALUE1'); From c6fbb13f455dca36ca0929925850f84d95f028e0 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Fri, 23 Jan 2026 15:16:53 +0000 Subject: [PATCH 005/141] Backport #94599 to 25.8: Fix crash on CREATE WORKLOAD in an active workload --- src/Common/Scheduler/Nodes/FifoQueue.h | 26 +++-- .../test_scheduler_cpu_preemptive/test.py | 106 +++++++++++++++++- 2 files changed, 123 insertions(+), 9 deletions(-) diff --git a/src/Common/Scheduler/Nodes/FifoQueue.h b/src/Common/Scheduler/Nodes/FifoQueue.h index d7fa5e90bf4f..fb72b0a345b6 100644 --- a/src/Common/Scheduler/Nodes/FifoQueue.h +++ b/src/Common/Scheduler/Nodes/FifoQueue.h @@ -9,6 +9,7 @@ #include #include +#include namespace DB @@ -119,16 +120,25 @@ class FifoQueue final : public ISchedulerQueue void purgeQueue() override { - std::lock_guard lock(mutex); - is_not_usable = true; - while (!requests.empty()) + // Collect requests to fail while holding the lock, but call failed() outside the lock + // to avoid potential deadlock with CPULeaseAllocation::mutex (lock order inversion) + std::vector requests_to_fail; { - ResourceRequest * request = &requests.front(); - requests.pop_front(); - request->failed(std::make_exception_ptr( - Exception(ErrorCodes::INVALID_SCHEDULER_NODE, "Scheduler queue with resource request is about to be destructed"))); + std::lock_guard lock(mutex); + is_not_usable = true; + while (!requests.empty()) + { + ResourceRequest * request = &requests.front(); + requests.pop_front(); + requests_to_fail.push_back(request); + } + event_queue->cancelActivation(this); } - event_queue->cancelActivation(this); + // Now notify all collected requests about the failure without holding the mutex + auto exception = std::make_exception_ptr( + Exception(ErrorCodes::INVALID_SCHEDULER_NODE, "Scheduler queue with resource request is about to be destructed")); + for (ResourceRequest * request : requests_to_fail) + request->failed(exception); } bool isActive() override diff --git a/tests/integration/test_scheduler_cpu_preemptive/test.py b/tests/integration/test_scheduler_cpu_preemptive/test.py index 334af94517a2..a9b57ff34be9 100644 --- a/tests/integration/test_scheduler_cpu_preemptive/test.py +++ b/tests/integration/test_scheduler_cpu_preemptive/test.py @@ -36,6 +36,9 @@ def start_cluster(): def clear_workloads_and_resources(): node.query( f""" + drop workload if exists production2; + drop workload if exists development2; + drop workload if exists staging; drop workload if exists production; drop workload if exists development; drop workload if exists admin; @@ -191,10 +194,12 @@ def assert_query(node, query_id, slots): # For debugging purposes LOG = [] +LOG_LOCK = threading.Lock() def mylog(message: str, *args) -> None: # Format a human-readable timestamp and append a tuple to LOG timestamp = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) - LOG.append((timestamp, message, args)) + with LOG_LOCK: + LOG.append((timestamp, message, args)) class QueryPool: @@ -204,9 +209,12 @@ def __init__(self, num_queries: int, workload: str) -> None: self.stop_event: threading.Event = threading.Event() self.threads: list[threading.Thread] = [] self.stopped: bool = True + self.errors: int = 0 + self._errors_lock: threading.Lock = threading.Lock() def start_random(self, max_billions: int, max_threads: int) -> None: assert self.stopped, "Pool is already running" + self.stopped = False def query_thread() -> None: while not self.stop_event.is_set(): @@ -223,6 +231,7 @@ def query_thread() -> None: def start_fixed(self, billions: int, max_threads: int) -> None: assert self.stopped, "Pool is already running" + self.stopped = False def query_thread() -> None: while not self.stop_event.is_set(): @@ -237,6 +246,41 @@ def query_thread() -> None: for thread in self.threads: thread.start() + def start_fixed_stop_on_error(self, billions: int, max_threads: int) -> None: + assert self.stopped, "Pool is already running" + self.stopped = False + + def query_thread() -> None: + while not self.stop_event.is_set(): + mylog(f"Running query in workload {self.workload}") + try: + node.query( + f"with (select {billions * 1000000000})::UInt64 as n select count(*) from numbers_mt(n) settings " + f"workload='{self.workload}', max_threads={max_threads}" + ) + except QueryRuntimeException as e: + mylog(f"Query in workload {self.workload} failed with exception: {e}") + with self._errors_lock: + self.errors += 1 + + for _ in range(self.num_queries): + self.threads.append(threading.Thread(target=query_thread, args=())) + for thread in self.threads: + thread.start() + + def get_errors(self) -> int: + with self._errors_lock: + return self.errors + + def wait_for_all_errors(self) -> None: + """Wait until all threads have failed with errors, then stop the pool.""" + while True: + with self._errors_lock: + if self.errors >= self.num_queries: + break + time.sleep(0.01) + self.stop() + def stop(self) -> None: mylog(f"Stopping workload {self.workload}") self.stop_event.set() @@ -416,3 +460,63 @@ def test_downscaling(with_custom_config): finally: for tid in active_ids: development.stop(tid) + + +def test_create_workload_under_load(): + """Test that creating a WORKLOAD while queries are running does not cause crashes or deadlocks.""" + node.query( + f""" + create resource cpu (master thread, worker thread); + create workload all settings max_concurrent_threads=3; + create workload production in all settings weight=1; + create workload development in all settings weight=1, max_cpus=1; + """ + ) + + production = QueryPool(2, "production") + production.start_fixed_stop_on_error(1, 2) + development = QueryPool(2, "development") + development.start_fixed_stop_on_error(1, 2) + time.sleep(1) + + assert production.get_errors() == 0, "Errors occurred in production workload" + assert development.get_errors() == 0, "Errors occurred in development workload" + + # Try to create a new workload while the queries are running + # This is sibling workload, so it should not affect existing queries + node.query( + f"create workload staging in all settings weight=2, max_cpus=1;" + ) + time.sleep(1) + assert production.get_errors() == 0, "Errors occurred in production workload" + assert development.get_errors() == 0, "Errors occurred in development workload" + + # This make production non-usable, as it will be not a leaf workload anymore + node.query( + f"create workload production2 in production;" + ) + time.sleep(1) + production.wait_for_all_errors() + assert development.get_errors() == 0, "Errors occurred in development workload" + + # Restart load inside new workload + production2 = QueryPool(2, "production2") + production2.start_fixed_stop_on_error(1, 2) + + # This make development non-usable, as it will be not a leaf workload anymore + node.query( + f"create workload development2 in development;" + ) + time.sleep(1) + development.wait_for_all_errors() + assert production2.get_errors() == 0, "Errors occurred in production2 workload" + + # Restart load inside new workload + development2 = QueryPool(2, "development2") + development2.start_fixed_stop_on_error(1, 2) + + # Cleanup + production2.stop() + development2.stop() + assert development2.get_errors() == 0, "Errors occurred in development2 workload" + assert production2.get_errors() == 0, "Errors occurred in production2 workload" From 95fed4b97cc1a0f278c71f74b47fb196239d5f27 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Thu, 29 Jan 2026 06:26:48 +0000 Subject: [PATCH 006/141] Backport #95480 to 25.8: Add missing SELECT grant check in `mergeTreeProjection` table function --- .../StorageFromMergeTreeProjection.cpp | 4 + ...2_mergetree_introspection_grants.reference | 14 +++ .../03812_mergetree_introspection_grants.sh | 86 +++++++++++++++++++ ...3813_mergetree_projection_grants.reference | 4 + .../03813_mergetree_projection_grants.sh | 42 +++++++++ 5 files changed, 150 insertions(+) create mode 100644 tests/queries/0_stateless/03812_mergetree_introspection_grants.reference create mode 100755 tests/queries/0_stateless/03812_mergetree_introspection_grants.sh create mode 100644 tests/queries/0_stateless/03813_mergetree_projection_grants.reference create mode 100755 tests/queries/0_stateless/03813_mergetree_projection_grants.sh diff --git a/src/Storages/MergeTree/StorageFromMergeTreeProjection.cpp b/src/Storages/MergeTree/StorageFromMergeTreeProjection.cpp index 9e8240b61955..74ddfa19ef9a 100644 --- a/src/Storages/MergeTree/StorageFromMergeTreeProjection.cpp +++ b/src/Storages/MergeTree/StorageFromMergeTreeProjection.cpp @@ -1,5 +1,7 @@ #include +#include +#include #include #include #include @@ -30,6 +32,8 @@ void StorageFromMergeTreeProjection::read( size_t max_block_size, size_t num_streams) { + context->checkAccess(AccessType::SELECT, parent_storage->getStorageID()); + const auto & snapshot_data = assert_cast(*storage_snapshot->data); const auto & parts = snapshot_data.parts; diff --git a/tests/queries/0_stateless/03812_mergetree_introspection_grants.reference b/tests/queries/0_stateless/03812_mergetree_introspection_grants.reference new file mode 100644 index 000000000000..a8c324bbd07b --- /dev/null +++ b/tests/queries/0_stateless/03812_mergetree_introspection_grants.reference @@ -0,0 +1,14 @@ +=== mergeTreeAnalyzeIndexes without grant === +ACCESS_DENIED +=== mergeTreeIndex without grant === +ACCESS_DENIED +=== mergeTreeAnalyzeIndexes with grant === +1 +=== mergeTreeIndex with grant === +1 +=== mergeTreeAnalyzeIndexesUUID without grant === +ACCESS_DENIED +=== mergeTreeAnalyzeIndexesUUID with grant === +1 +=== mergeTreeAnalyzeIndexes with column-only grant === +ACCESS_DENIED diff --git a/tests/queries/0_stateless/03812_mergetree_introspection_grants.sh b/tests/queries/0_stateless/03812_mergetree_introspection_grants.sh new file mode 100755 index 000000000000..b3939b3646f5 --- /dev/null +++ b/tests/queries/0_stateless/03812_mergetree_introspection_grants.sh @@ -0,0 +1,86 @@ +#!/usr/bin/env bash +# Tags: no-fasttest, no-parallel + +# Test that MergeTree introspection functions check table grants correctly. +# These functions should require SELECT permission on the source table. + +CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +# shellcheck source=../shell_config.sh +. "$CURDIR"/../shell_config.sh + +$CLICKHOUSE_CLIENT -q "DROP TABLE IF EXISTS test_grants_mt" +$CLICKHOUSE_CLIENT -q "DROP USER IF EXISTS test_user_03812" + +$CLICKHOUSE_CLIENT -q " +CREATE TABLE test_grants_mt (key Int, value Int, INDEX idx_value value TYPE minmax GRANULARITY 1) +ENGINE = MergeTree() ORDER BY key +" + +$CLICKHOUSE_CLIENT -q "INSERT INTO test_grants_mt SELECT number, number * 10 FROM numbers(1000)" + +# Create user without any grants +$CLICKHOUSE_CLIENT -q "CREATE USER test_user_03812" + +# Test mergeTreeAnalyzeIndexes - should fail without SELECT grant +echo "=== mergeTreeAnalyzeIndexes without grant ===" +$CLICKHOUSE_CLIENT --user test_user_03812 -q " +SELECT count() FROM mergeTreeAnalyzeIndexes(currentDatabase(), test_grants_mt) +" 2>&1 | grep -o 'ACCESS_DENIED' | head -1 + +# Test mergeTreeIndex - should fail without SELECT grant +echo "=== mergeTreeIndex without grant ===" +$CLICKHOUSE_CLIENT --user test_user_03812 -q " +SELECT count() FROM mergeTreeIndex(currentDatabase(), test_grants_mt) +" 2>&1 | grep -o 'ACCESS_DENIED' | head -1 + +# Grant SELECT permission +$CLICKHOUSE_CLIENT -q "GRANT SELECT ON ${CLICKHOUSE_DATABASE}.test_grants_mt TO test_user_03812" + +# Test mergeTreeAnalyzeIndexes - should work with SELECT grant +echo "=== mergeTreeAnalyzeIndexes with grant ===" +$CLICKHOUSE_CLIENT --user test_user_03812 -q " +SELECT count() > 0 FROM mergeTreeAnalyzeIndexes(currentDatabase(), test_grants_mt) +" + +# Test mergeTreeIndex - should work with SELECT grant +echo "=== mergeTreeIndex with grant ===" +$CLICKHOUSE_CLIENT --user test_user_03812 -q " +SELECT count() > 0 FROM mergeTreeIndex(currentDatabase(), test_grants_mt) +" + +# Test mergeTreeAnalyzeIndexesUUID +TABLE_UUID=$($CLICKHOUSE_CLIENT -q "SELECT uuid FROM system.tables WHERE database = currentDatabase() AND name = 'test_grants_mt'") + +# Revoke grants for UUID test +$CLICKHOUSE_CLIENT -q "REVOKE SELECT ON ${CLICKHOUSE_DATABASE}.test_grants_mt FROM test_user_03812" + +# Test mergeTreeAnalyzeIndexesUUID - should fail without SELECT grant +echo "=== mergeTreeAnalyzeIndexesUUID without grant ===" +$CLICKHOUSE_CLIENT --user test_user_03812 -q " +SELECT count() FROM mergeTreeAnalyzeIndexesUUID('$TABLE_UUID') +" 2>&1 | grep -o 'ACCESS_DENIED' | head -1 + +# Grant SELECT permission again +$CLICKHOUSE_CLIENT -q "GRANT SELECT ON ${CLICKHOUSE_DATABASE}.test_grants_mt TO test_user_03812" + +# Test mergeTreeAnalyzeIndexesUUID - should work with SELECT grant +echo "=== mergeTreeAnalyzeIndexesUUID with grant ===" +$CLICKHOUSE_CLIENT --user test_user_03812 -q " +SELECT count() > 0 FROM mergeTreeAnalyzeIndexesUUID('$TABLE_UUID') +" + +# Test mergeTreeAnalyzeIndexes with column-level grant only +$CLICKHOUSE_CLIENT -q "DROP USER IF EXISTS test_user_03812_col" +$CLICKHOUSE_CLIENT -q "CREATE USER test_user_03812_col" +$CLICKHOUSE_CLIENT -q "GRANT SELECT(key) ON ${CLICKHOUSE_DATABASE}.test_grants_mt TO test_user_03812_col" + +# mergeTreeAnalyzeIndexes checks table-level SELECT, should fail with column-only grant +echo "=== mergeTreeAnalyzeIndexes with column-only grant ===" +$CLICKHOUSE_CLIENT --user test_user_03812_col -q " +SELECT count() FROM mergeTreeAnalyzeIndexes(currentDatabase(), test_grants_mt) +" 2>&1 | grep -o 'ACCESS_DENIED' | head -1 + +# Cleanup +$CLICKHOUSE_CLIENT -q "DROP TABLE test_grants_mt" +$CLICKHOUSE_CLIENT -q "DROP USER test_user_03812" +$CLICKHOUSE_CLIENT -q "DROP USER test_user_03812_col" diff --git a/tests/queries/0_stateless/03813_mergetree_projection_grants.reference b/tests/queries/0_stateless/03813_mergetree_projection_grants.reference new file mode 100644 index 000000000000..a6219591f168 --- /dev/null +++ b/tests/queries/0_stateless/03813_mergetree_projection_grants.reference @@ -0,0 +1,4 @@ +=== mergeTreeProjection without grant === +ACCESS_DENIED +=== mergeTreeProjection with grant === +1 diff --git a/tests/queries/0_stateless/03813_mergetree_projection_grants.sh b/tests/queries/0_stateless/03813_mergetree_projection_grants.sh new file mode 100755 index 000000000000..f49a45e513ea --- /dev/null +++ b/tests/queries/0_stateless/03813_mergetree_projection_grants.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env bash +# Tags: no-fasttest, no-parallel + +# Test that mergeTreeProjection checks table grants correctly. +# This function should require SELECT permission on the source table. + +CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +# shellcheck source=../shell_config.sh +. "$CURDIR"/../shell_config.sh + +$CLICKHOUSE_CLIENT -q "DROP TABLE IF EXISTS test_proj_grants_mt" +$CLICKHOUSE_CLIENT -q "DROP USER IF EXISTS test_user_03813" + +$CLICKHOUSE_CLIENT -q " +CREATE TABLE test_proj_grants_mt (key Int, value Int, PROJECTION proj_sum (SELECT key, sum(value) GROUP BY key)) +ENGINE = MergeTree() ORDER BY key +" + +$CLICKHOUSE_CLIENT -q "INSERT INTO test_proj_grants_mt SELECT number % 10, number FROM numbers(1000)" +$CLICKHOUSE_CLIENT -q "OPTIMIZE TABLE test_proj_grants_mt FINAL" + +# Create user without any grants +$CLICKHOUSE_CLIENT -q "CREATE USER test_user_03813" + +# Test mergeTreeProjection - should fail without SELECT grant +echo "=== mergeTreeProjection without grant ===" +$CLICKHOUSE_CLIENT --user test_user_03813 -q " +SELECT count() FROM mergeTreeProjection(currentDatabase(), test_proj_grants_mt, proj_sum) +" 2>&1 | grep -o 'ACCESS_DENIED' | head -1 + +# Grant SELECT permission +$CLICKHOUSE_CLIENT -q "GRANT SELECT ON ${CLICKHOUSE_DATABASE}.test_proj_grants_mt TO test_user_03813" + +# Test mergeTreeProjection - should work with SELECT grant +echo "=== mergeTreeProjection with grant ===" +$CLICKHOUSE_CLIENT --user test_user_03813 -q " +SELECT count() > 0 FROM mergeTreeProjection(currentDatabase(), test_proj_grants_mt, proj_sum) +" + +# Cleanup +$CLICKHOUSE_CLIENT -q "DROP TABLE test_proj_grants_mt" +$CLICKHOUSE_CLIENT -q "DROP USER test_user_03813" From 5e71cd188ee7f5386fc8ca423fb96f052c1e6033 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Mon, 2 Feb 2026 13:48:51 +0000 Subject: [PATCH 007/141] Update autogenerated version to 25.8.16.34 and contributors --- cmake/autogenerated_versions.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cmake/autogenerated_versions.txt b/cmake/autogenerated_versions.txt index 24949a34cab9..0e35a4848a1b 100644 --- a/cmake/autogenerated_versions.txt +++ b/cmake/autogenerated_versions.txt @@ -2,11 +2,11 @@ # NOTE: VERSION_REVISION has nothing common with DBMS_TCP_PROTOCOL_VERSION, # only DBMS_TCP_PROTOCOL_VERSION should be incremented on protocol changes. -SET(VERSION_REVISION 54516) +SET(VERSION_REVISION 54517) SET(VERSION_MAJOR 25) SET(VERSION_MINOR 8) -SET(VERSION_PATCH 16) -SET(VERSION_GITHASH 7a0b36cf8934881236312e9fea094baaf5c709a4) -SET(VERSION_DESCRIBE v25.8.16.1-lts) -SET(VERSION_STRING 25.8.16.1) +SET(VERSION_PATCH 17) +SET(VERSION_GITHASH 7938087aa80508fb6d40b8bf024d025809a8880c) +SET(VERSION_DESCRIBE v25.8.17.1-lts) +SET(VERSION_STRING 25.8.17.1) # end of autochange From 90aaa68175dd140339fb5b3f1f6d47274c9cc9f2 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Mon, 2 Feb 2026 14:28:09 +0000 Subject: [PATCH 008/141] Backport #95535 to 25.8: Mark task as done without parent ProcessList task --- src/Interpreters/CancellationChecker.cpp | 2 +- src/Interpreters/ProcessList.cpp | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/Interpreters/CancellationChecker.cpp b/src/Interpreters/CancellationChecker.cpp index 1d037a5f14bf..086bacf25fec 100644 --- a/src/Interpreters/CancellationChecker.cpp +++ b/src/Interpreters/CancellationChecker.cpp @@ -92,7 +92,7 @@ void CancellationChecker::appendTask(const QueryStatusPtr & query, const Int64 t void CancellationChecker::appendDoneTasks(const QueryStatusPtr & query) { - std::unique_lock lock(m); + std::unique_lock lock(m); removeQueryFromSet(query); cond_var.notify_all(); } diff --git a/src/Interpreters/ProcessList.cpp b/src/Interpreters/ProcessList.cpp index 32c5ecd0a164..cd83d3532bb7 100644 --- a/src/Interpreters/ProcessList.cpp +++ b/src/Interpreters/ProcessList.cpp @@ -367,6 +367,7 @@ ProcessList::EntryPtr ProcessList::insert( ProcessListEntry::~ProcessListEntry() { + CancellationChecker::getInstance().appendDoneTasks(*it); LockAndOverCommitTrackerBlocker lock(parent.getMutex()); String user = (*it)->getClientInfo().current_user; @@ -401,8 +402,6 @@ ProcessListEntry::~ProcessListEntry() if (auto query_user = parent.queries_to_user.find(query_id); query_user != parent.queries_to_user.end()) parent.queries_to_user.erase(query_user); - CancellationChecker::getInstance().appendDoneTasks(*it); - /// This removes the memory_tracker of one request. parent.processes.erase(it); From 01e189d6de1926ccb48d51f5083ef2439a0ecde2 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Mon, 2 Feb 2026 15:27:55 +0000 Subject: [PATCH 009/141] Backport #95157 to 25.8: Fix qualified column resolution for multiple JOINs with USING --- src/Analyzer/Resolve/IdentifierResolver.cpp | 9 + .../02374_analyzer_join_using.reference | 162 +++++++++--------- .../02374_analyzer_join_using.sql.j2 | 4 +- 3 files changed, 91 insertions(+), 84 deletions(-) diff --git a/src/Analyzer/Resolve/IdentifierResolver.cpp b/src/Analyzer/Resolve/IdentifierResolver.cpp index 216d5a90bf24..745f9c974ab1 100644 --- a/src/Analyzer/Resolve/IdentifierResolver.cpp +++ b/src/Analyzer/Resolve/IdentifierResolver.cpp @@ -997,8 +997,17 @@ IdentifierResolveResult IdentifierResolver::tryResolveIdentifierFromJoin(const I { auto & resolved_column = resolved_identifier_candidate->as(); auto using_column_node_it = using_column_name_to_column_node.find(resolved_column.getColumnName()); + if (using_column_node_it == using_column_name_to_column_node.end()) + return; + + const auto & using_column_list = using_column_node_it->second->as().getExpressionOrThrow()->as(); + auto matches_using_column = [&](const auto & node) { return node->isEqual(*resolved_identifier_candidate); }; + if (std::ranges::none_of(using_column_list.getNodes(), matches_using_column)) + return; + if (using_column_node_it != using_column_name_to_column_node.end() && !using_column_node_it->second->getColumnType()->equals(*resolved_column.getColumnType())) + { // std::cerr << "... fixing type for " << resolved_column.dumpTree() << std::endl; auto resolved_column_clone = std::static_pointer_cast(resolved_column.clone()); diff --git a/tests/queries/0_stateless/02374_analyzer_join_using.reference b/tests/queries/0_stateless/02374_analyzer_join_using.reference index e83f8f37aba6..add7be34e9c2 100644 --- a/tests/queries/0_stateless/02374_analyzer_join_using.reference +++ b/tests/queries/0_stateless/02374_analyzer_join_using.reference @@ -102,12 +102,12 @@ SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeN FROM test_table_join_1 AS t1 FULL JOIN test_table_join_2 AS t2 USING (test_value); -- { serverError UNKNOWN_IDENTIFIER } SELECT 'First JOIN INNER second JOIN INNER'; First JOIN INNER second JOIN INNER -SELECT id AS using_id, toTypeName(using_id), t1.id AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), -t2.id AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) +SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), +t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 INNER JOIN test_table_join_2 AS t2 USING (id) INNER JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; -0 UInt64 0 UInt64 Join_1_Value_0 String 0 UInt64 Join_2_Value_0 String 0 UInt64 Join_3_Value_0 String -1 UInt64 1 UInt64 Join_1_Value_1 String 1 UInt64 Join_2_Value_1 String 1 UInt64 Join_3_Value_1 String +0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt32 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String +1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt32 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) @@ -123,12 +123,12 @@ SELECT 1 FROM test_table_join_1 AS t1 INNER JOIN test_table_join_2 AS t2 USING ( SELECT id FROM test_table_join_1 AS t1 INNER JOIN test_table_join_2 AS t2 ON t1.id = t2.id INNER JOIN test_table_join_3 AS t3 USING (id); -- { serverError AMBIGUOUS_IDENTIFIER } SELECT 'First JOIN INNER second JOIN LEFT'; First JOIN INNER second JOIN LEFT -SELECT id AS using_id, toTypeName(using_id), t1.id AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), -t2.id AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) +SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), +t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 INNER JOIN test_table_join_2 AS t2 USING (id) LEFT JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; -0 UInt64 0 UInt64 Join_1_Value_0 String 0 UInt64 Join_2_Value_0 String 0 UInt64 Join_3_Value_0 String -1 UInt64 1 UInt64 Join_1_Value_1 String 1 UInt64 Join_2_Value_1 String 1 UInt64 Join_3_Value_1 String +0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt32 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String +1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt32 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) @@ -144,13 +144,13 @@ SELECT 1 FROM test_table_join_1 AS t1 INNER JOIN test_table_join_2 AS t2 USING ( SELECT id FROM test_table_join_1 AS t1 INNER JOIN test_table_join_2 AS t2 ON t1.id = t2.id LEFT JOIN test_table_join_3 AS t3 USING (id); -- { serverError AMBIGUOUS_IDENTIFIER } SELECT 'First JOIN INNER second JOIN RIGHT'; First JOIN INNER second JOIN RIGHT -SELECT id AS using_id, toTypeName(using_id), t1.id AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), -t2.id AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) +SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), +t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 INNER JOIN test_table_join_2 AS t2 USING (id) RIGHT JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; -0 UInt64 0 UInt64 Join_1_Value_0 String 0 UInt64 Join_2_Value_0 String 0 UInt64 Join_3_Value_0 String -1 UInt64 1 UInt64 Join_1_Value_1 String 1 UInt64 Join_2_Value_1 String 1 UInt64 Join_3_Value_1 String -4 UInt64 0 UInt64 String 0 UInt64 String 4 UInt64 Join_3_Value_4 String +0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt32 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String +1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt32 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String +4 UInt64 1 UInt64 String 1 UInt32 String 5 UInt64 Join_3_Value_4 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) @@ -168,13 +168,13 @@ SELECT 1 FROM test_table_join_1 AS t1 INNER JOIN test_table_join_2 AS t2 USING ( SELECT id FROM test_table_join_1 AS t1 INNER JOIN test_table_join_2 AS t2 ON t1.id = t2.id RIGHT JOIN test_table_join_3 AS t3 USING (id); -- { serverError AMBIGUOUS_IDENTIFIER } SELECT 'First JOIN INNER second JOIN FULL'; First JOIN INNER second JOIN FULL -SELECT id AS using_id, toTypeName(using_id), t1.id AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), -t2.id AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) +SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), +t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 INNER JOIN test_table_join_2 AS t2 USING (id) FULL JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; -0 UInt64 0 UInt64 String 0 UInt64 String 4 UInt64 Join_3_Value_4 String -0 UInt64 0 UInt64 Join_1_Value_0 String 0 UInt64 Join_2_Value_0 String 0 UInt64 Join_3_Value_0 String -1 UInt64 1 UInt64 Join_1_Value_1 String 1 UInt64 Join_2_Value_1 String 1 UInt64 Join_3_Value_1 String +0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt32 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String +1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt32 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String +4 UInt64 1 UInt64 String 1 UInt32 String 5 UInt64 Join_3_Value_4 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) @@ -192,12 +192,12 @@ SELECT 1 FROM test_table_join_1 AS t1 INNER JOIN test_table_join_2 AS t2 USING ( SELECT id FROM test_table_join_1 AS t1 INNER JOIN test_table_join_2 AS t2 ON t1.id = t2.id FULL JOIN test_table_join_3 AS t3 USING (id); -- { serverError AMBIGUOUS_IDENTIFIER } SELECT 'First JOIN LEFT second JOIN INNER'; First JOIN LEFT second JOIN INNER -SELECT id AS using_id, toTypeName(using_id), t1.id AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), -t2.id AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) +SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), +t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 LEFT JOIN test_table_join_2 AS t2 USING (id) INNER JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; -0 UInt64 0 UInt64 Join_1_Value_0 String 0 UInt64 Join_2_Value_0 String 0 UInt64 Join_3_Value_0 String -1 UInt64 1 UInt64 Join_1_Value_1 String 1 UInt64 Join_2_Value_1 String 1 UInt64 Join_3_Value_1 String +0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt32 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String +1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt32 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) @@ -213,13 +213,13 @@ SELECT 1 FROM test_table_join_1 AS t1 LEFT JOIN test_table_join_2 AS t2 USING (i SELECT id FROM test_table_join_1 AS t1 LEFT JOIN test_table_join_2 AS t2 ON t1.id = t2.id INNER JOIN test_table_join_3 AS t3 USING (id); -- { serverError AMBIGUOUS_IDENTIFIER } SELECT 'First JOIN LEFT second JOIN LEFT'; First JOIN LEFT second JOIN LEFT -SELECT id AS using_id, toTypeName(using_id), t1.id AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), -t2.id AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) +SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), +t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 LEFT JOIN test_table_join_2 AS t2 USING (id) LEFT JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; -0 UInt64 0 UInt64 Join_1_Value_0 String 0 UInt64 Join_2_Value_0 String 0 UInt64 Join_3_Value_0 String -1 UInt64 1 UInt64 Join_1_Value_1 String 1 UInt64 Join_2_Value_1 String 1 UInt64 Join_3_Value_1 String -2 UInt64 2 UInt64 Join_1_Value_2 String 0 UInt64 String 0 UInt64 String +0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt32 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String +1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt32 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String +2 UInt64 3 UInt64 Join_1_Value_2 String 1 UInt32 String 1 UInt64 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) @@ -237,13 +237,13 @@ SELECT 1 FROM test_table_join_1 AS t1 LEFT JOIN test_table_join_2 AS t2 USING (i SELECT id FROM test_table_join_1 AS t1 LEFT JOIN test_table_join_2 AS t2 ON t1.id = t2.id LEFT JOIN test_table_join_3 AS t3 USING (id); -- { serverError AMBIGUOUS_IDENTIFIER } SELECT 'First JOIN LEFT second JOIN RIGHT'; First JOIN LEFT second JOIN RIGHT -SELECT id AS using_id, toTypeName(using_id), t1.id AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), -t2.id AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) +SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), +t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 LEFT JOIN test_table_join_2 AS t2 USING (id) RIGHT JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; -0 UInt64 0 UInt64 Join_1_Value_0 String 0 UInt64 Join_2_Value_0 String 0 UInt64 Join_3_Value_0 String -1 UInt64 1 UInt64 Join_1_Value_1 String 1 UInt64 Join_2_Value_1 String 1 UInt64 Join_3_Value_1 String -4 UInt64 0 UInt64 String 0 UInt64 String 4 UInt64 Join_3_Value_4 String +0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt32 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String +1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt32 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String +4 UInt64 1 UInt64 String 1 UInt32 String 5 UInt64 Join_3_Value_4 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) @@ -261,14 +261,14 @@ SELECT 1 FROM test_table_join_1 AS t1 LEFT JOIN test_table_join_2 AS t2 USING (i SELECT id FROM test_table_join_1 AS t1 LEFT JOIN test_table_join_2 AS t2 ON t1.id = t2.id RIGHT JOIN test_table_join_3 AS t3 USING (id); -- { serverError AMBIGUOUS_IDENTIFIER } SELECT 'First JOIN LEFT second JOIN FULL'; First JOIN LEFT second JOIN FULL -SELECT id AS using_id, toTypeName(using_id), t1.id AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), -t2.id AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) +SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), +t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 LEFT JOIN test_table_join_2 AS t2 USING (id) FULL JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; -0 UInt64 0 UInt64 String 0 UInt64 String 4 UInt64 Join_3_Value_4 String -0 UInt64 0 UInt64 Join_1_Value_0 String 0 UInt64 Join_2_Value_0 String 0 UInt64 Join_3_Value_0 String -1 UInt64 1 UInt64 Join_1_Value_1 String 1 UInt64 Join_2_Value_1 String 1 UInt64 Join_3_Value_1 String -2 UInt64 2 UInt64 Join_1_Value_2 String 0 UInt64 String 0 UInt64 String +0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt32 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String +1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt32 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String +2 UInt64 3 UInt64 Join_1_Value_2 String 1 UInt32 String 1 UInt64 String +4 UInt64 1 UInt64 String 1 UInt32 String 5 UInt64 Join_3_Value_4 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) @@ -288,12 +288,12 @@ SELECT 1 FROM test_table_join_1 AS t1 LEFT JOIN test_table_join_2 AS t2 USING (i SELECT id FROM test_table_join_1 AS t1 LEFT JOIN test_table_join_2 AS t2 ON t1.id = t2.id FULL JOIN test_table_join_3 AS t3 USING (id); -- { serverError AMBIGUOUS_IDENTIFIER } SELECT 'First JOIN RIGHT second JOIN INNER'; First JOIN RIGHT second JOIN INNER -SELECT id AS using_id, toTypeName(using_id), t1.id AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), -t2.id AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) +SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), +t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 RIGHT JOIN test_table_join_2 AS t2 USING (id) INNER JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; -0 UInt64 0 UInt64 Join_1_Value_0 String 0 UInt64 Join_2_Value_0 String 0 UInt64 Join_3_Value_0 String -1 UInt64 1 UInt64 Join_1_Value_1 String 1 UInt64 Join_2_Value_1 String 1 UInt64 Join_3_Value_1 String +0 UInt64 1 UInt32 Join_1_Value_0 String 1 UInt64 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String +1 UInt64 2 UInt32 Join_1_Value_1 String 2 UInt64 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) @@ -309,13 +309,13 @@ SELECT 1 FROM test_table_join_1 AS t1 RIGHT JOIN test_table_join_2 AS t2 USING ( SELECT id FROM test_table_join_1 AS t1 RIGHT JOIN test_table_join_2 AS t2 ON t1.id = t2.id INNER JOIN test_table_join_3 AS t3 USING (id); -- { serverError AMBIGUOUS_IDENTIFIER } SELECT 'First JOIN RIGHT second JOIN LEFT'; First JOIN RIGHT second JOIN LEFT -SELECT id AS using_id, toTypeName(using_id), t1.id AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), -t2.id AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) +SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), +t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 RIGHT JOIN test_table_join_2 AS t2 USING (id) LEFT JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; -0 UInt64 0 UInt64 Join_1_Value_0 String 0 UInt64 Join_2_Value_0 String 0 UInt64 Join_3_Value_0 String -1 UInt64 1 UInt64 Join_1_Value_1 String 1 UInt64 Join_2_Value_1 String 1 UInt64 Join_3_Value_1 String -3 UInt64 0 UInt64 String 3 UInt64 Join_2_Value_3 String 0 UInt64 String +0 UInt64 1 UInt32 Join_1_Value_0 String 1 UInt64 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String +1 UInt64 2 UInt32 Join_1_Value_1 String 2 UInt64 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String +3 UInt64 1 UInt32 String 4 UInt64 Join_2_Value_3 String 1 UInt64 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) @@ -333,13 +333,13 @@ SELECT 1 FROM test_table_join_1 AS t1 RIGHT JOIN test_table_join_2 AS t2 USING ( SELECT id FROM test_table_join_1 AS t1 RIGHT JOIN test_table_join_2 AS t2 ON t1.id = t2.id LEFT JOIN test_table_join_3 AS t3 USING (id); -- { serverError AMBIGUOUS_IDENTIFIER } SELECT 'First JOIN RIGHT second JOIN RIGHT'; First JOIN RIGHT second JOIN RIGHT -SELECT id AS using_id, toTypeName(using_id), t1.id AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), -t2.id AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) +SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), +t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 RIGHT JOIN test_table_join_2 AS t2 USING (id) RIGHT JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; -0 UInt64 0 UInt64 Join_1_Value_0 String 0 UInt64 Join_2_Value_0 String 0 UInt64 Join_3_Value_0 String -1 UInt64 1 UInt64 Join_1_Value_1 String 1 UInt64 Join_2_Value_1 String 1 UInt64 Join_3_Value_1 String -4 UInt64 0 UInt64 String 0 UInt64 String 4 UInt64 Join_3_Value_4 String +0 UInt64 1 UInt32 Join_1_Value_0 String 1 UInt64 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String +1 UInt64 2 UInt32 Join_1_Value_1 String 2 UInt64 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String +4 UInt64 1 UInt32 String 1 UInt64 String 5 UInt64 Join_3_Value_4 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) @@ -357,14 +357,14 @@ SELECT 1 FROM test_table_join_1 AS t1 RIGHT JOIN test_table_join_2 AS t2 USING ( SELECT id FROM test_table_join_1 AS t1 RIGHT JOIN test_table_join_2 AS t2 ON t1.id = t2.id RIGHT JOIN test_table_join_3 AS t3 USING (id); -- { serverError AMBIGUOUS_IDENTIFIER } SELECT 'First JOIN RIGHT second JOIN FULL'; First JOIN RIGHT second JOIN FULL -SELECT id AS using_id, toTypeName(using_id), t1.id AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), -t2.id AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) +SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), +t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 RIGHT JOIN test_table_join_2 AS t2 USING (id) FULL JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; -0 UInt64 0 UInt64 String 0 UInt64 String 4 UInt64 Join_3_Value_4 String -0 UInt64 0 UInt64 Join_1_Value_0 String 0 UInt64 Join_2_Value_0 String 0 UInt64 Join_3_Value_0 String -1 UInt64 1 UInt64 Join_1_Value_1 String 1 UInt64 Join_2_Value_1 String 1 UInt64 Join_3_Value_1 String -3 UInt64 0 UInt64 String 3 UInt64 Join_2_Value_3 String 0 UInt64 String +0 UInt64 1 UInt32 Join_1_Value_0 String 1 UInt64 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String +1 UInt64 2 UInt32 Join_1_Value_1 String 2 UInt64 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String +3 UInt64 1 UInt32 String 4 UInt64 Join_2_Value_3 String 1 UInt64 String +4 UInt64 1 UInt32 String 1 UInt64 String 5 UInt64 Join_3_Value_4 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) @@ -384,13 +384,12 @@ SELECT 1 FROM test_table_join_1 AS t1 RIGHT JOIN test_table_join_2 AS t2 USING ( SELECT id FROM test_table_join_1 AS t1 RIGHT JOIN test_table_join_2 AS t2 ON t1.id = t2.id FULL JOIN test_table_join_3 AS t3 USING (id); -- { serverError AMBIGUOUS_IDENTIFIER } SELECT 'First JOIN FULL second JOIN INNER'; First JOIN FULL second JOIN INNER -SELECT id AS using_id, toTypeName(using_id), t1.id AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), -t2.id AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) +SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), +t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 FULL JOIN test_table_join_2 AS t2 USING (id) INNER JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; -0 UInt64 0 UInt64 String 3 UInt64 Join_2_Value_3 String 0 UInt64 Join_3_Value_0 String -0 UInt64 0 UInt64 Join_1_Value_0 String 0 UInt64 Join_2_Value_0 String 0 UInt64 Join_3_Value_0 String -1 UInt64 1 UInt64 Join_1_Value_1 String 1 UInt64 Join_2_Value_1 String 1 UInt64 Join_3_Value_1 String +0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt64 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String +1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt64 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) @@ -406,14 +405,14 @@ SELECT 1 FROM test_table_join_1 AS t1 FULL JOIN test_table_join_2 AS t2 USING (i SELECT id FROM test_table_join_1 AS t1 FULL JOIN test_table_join_2 AS t2 ON t1.id = t2.id INNER JOIN test_table_join_3 AS t3 USING (id); -- { serverError AMBIGUOUS_IDENTIFIER } SELECT 'First JOIN FULL second JOIN LEFT'; First JOIN FULL second JOIN LEFT -SELECT id AS using_id, toTypeName(using_id), t1.id AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), -t2.id AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) +SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), +t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 FULL JOIN test_table_join_2 AS t2 USING (id) LEFT JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; -0 UInt64 0 UInt64 String 3 UInt64 Join_2_Value_3 String 0 UInt64 Join_3_Value_0 String -0 UInt64 0 UInt64 Join_1_Value_0 String 0 UInt64 Join_2_Value_0 String 0 UInt64 Join_3_Value_0 String -1 UInt64 1 UInt64 Join_1_Value_1 String 1 UInt64 Join_2_Value_1 String 1 UInt64 Join_3_Value_1 String -2 UInt64 2 UInt64 Join_1_Value_2 String 0 UInt64 String 0 UInt64 String +0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt64 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String +1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt64 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String +2 UInt64 3 UInt64 Join_1_Value_2 String 1 UInt64 String 1 UInt64 String +3 UInt64 1 UInt64 String 4 UInt64 Join_2_Value_3 String 1 UInt64 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) @@ -433,14 +432,13 @@ SELECT 1 FROM test_table_join_1 AS t1 FULL JOIN test_table_join_2 AS t2 USING (i SELECT id FROM test_table_join_1 AS t1 FULL JOIN test_table_join_2 AS t2 ON t1.id = t2.id LEFT JOIN test_table_join_3 AS t3 USING (id); -- { serverError AMBIGUOUS_IDENTIFIER } SELECT 'First JOIN FULL second JOIN RIGHT'; First JOIN FULL second JOIN RIGHT -SELECT id AS using_id, toTypeName(using_id), t1.id AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), -t2.id AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) +SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), +t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 FULL JOIN test_table_join_2 AS t2 USING (id) RIGHT JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; -0 UInt64 0 UInt64 String 3 UInt64 Join_2_Value_3 String 0 UInt64 Join_3_Value_0 String -0 UInt64 0 UInt64 Join_1_Value_0 String 0 UInt64 Join_2_Value_0 String 0 UInt64 Join_3_Value_0 String -1 UInt64 1 UInt64 Join_1_Value_1 String 1 UInt64 Join_2_Value_1 String 1 UInt64 Join_3_Value_1 String -4 UInt64 0 UInt64 String 0 UInt64 String 4 UInt64 Join_3_Value_4 String +0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt64 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String +1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt64 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String +4 UInt64 1 UInt64 String 1 UInt64 String 5 UInt64 Join_3_Value_4 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) @@ -458,15 +456,15 @@ SELECT 1 FROM test_table_join_1 AS t1 FULL JOIN test_table_join_2 AS t2 USING (i SELECT id FROM test_table_join_1 AS t1 FULL JOIN test_table_join_2 AS t2 ON t1.id = t2.id RIGHT JOIN test_table_join_3 AS t3 USING (id); -- { serverError AMBIGUOUS_IDENTIFIER } SELECT 'First JOIN FULL second JOIN FULL'; First JOIN FULL second JOIN FULL -SELECT id AS using_id, toTypeName(using_id), t1.id AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), -t2.id AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) +SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), +t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 FULL JOIN test_table_join_2 AS t2 USING (id) FULL JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; -0 UInt64 0 UInt64 String 0 UInt64 String 4 UInt64 Join_3_Value_4 String -0 UInt64 0 UInt64 String 3 UInt64 Join_2_Value_3 String 0 UInt64 Join_3_Value_0 String -0 UInt64 0 UInt64 Join_1_Value_0 String 0 UInt64 Join_2_Value_0 String 0 UInt64 Join_3_Value_0 String -1 UInt64 1 UInt64 Join_1_Value_1 String 1 UInt64 Join_2_Value_1 String 1 UInt64 Join_3_Value_1 String -2 UInt64 2 UInt64 Join_1_Value_2 String 0 UInt64 String 0 UInt64 String +0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt64 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String +1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt64 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String +2 UInt64 3 UInt64 Join_1_Value_2 String 1 UInt64 String 1 UInt64 String +3 UInt64 1 UInt64 String 4 UInt64 Join_2_Value_3 String 1 UInt64 String +4 UInt64 1 UInt64 String 1 UInt64 String 5 UInt64 Join_3_Value_4 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) diff --git a/tests/queries/0_stateless/02374_analyzer_join_using.sql.j2 b/tests/queries/0_stateless/02374_analyzer_join_using.sql.j2 index 20e452d3e0d2..f1be214407b6 100644 --- a/tests/queries/0_stateless/02374_analyzer_join_using.sql.j2 +++ b/tests/queries/0_stateless/02374_analyzer_join_using.sql.j2 @@ -64,8 +64,8 @@ FROM test_table_join_1 AS t1 {{ join_type }} JOIN test_table_join_2 AS t2 USING SELECT 'First JOIN {{ first_join_type }} second JOIN {{ second_join_type }}'; -SELECT id AS using_id, toTypeName(using_id), t1.id AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), -t2.id AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) +SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_id), t1.value AS t1_value, toTypeName(t1_value), +t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 {{ first_join_type }} JOIN test_table_join_2 AS t2 USING (id) {{ second_join_type }} JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; From 03a78d9758e4578dafed3eff8b6aba44578ff3d3 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Mon, 2 Feb 2026 17:25:42 +0000 Subject: [PATCH 010/141] Backport #95574 to 25.8: Bump libxml2 --- contrib/libxml2 | 2 +- contrib/libxml2-cmake/CMakeLists.txt | 1 - contrib/libxml2-cmake/README.MD | 2 +- .../linux_x86_64/include/config.h | 16 +- .../linux_x86_64/include/libxml/xmlversion.h | 167 +++++------------- 5 files changed, 54 insertions(+), 134 deletions(-) diff --git a/contrib/libxml2 b/contrib/libxml2 index 74f3154320df..b7fa62cbe8ef 160000 --- a/contrib/libxml2 +++ b/contrib/libxml2 @@ -1 +1 @@ -Subproject commit 74f3154320df8950eceae4951975cc9dfc3a254d +Subproject commit b7fa62cbe8ef0df5869e000d5b690bdedd07f33e diff --git a/contrib/libxml2-cmake/CMakeLists.txt b/contrib/libxml2-cmake/CMakeLists.txt index 482793ee0c35..dfb35933e96c 100644 --- a/contrib/libxml2-cmake/CMakeLists.txt +++ b/contrib/libxml2-cmake/CMakeLists.txt @@ -30,7 +30,6 @@ set(SRCS "${LIBXML2_SOURCE_DIR}/xmlschemas.c" "${LIBXML2_SOURCE_DIR}/xmlschemastypes.c" "${LIBXML2_SOURCE_DIR}/xmlregexp.c" - "${LIBXML2_SOURCE_DIR}/xmlunicode.c" "${LIBXML2_SOURCE_DIR}/relaxng.c" "${LIBXML2_SOURCE_DIR}/catalog.c" "${LIBXML2_SOURCE_DIR}/HTMLparser.c" diff --git a/contrib/libxml2-cmake/README.MD b/contrib/libxml2-cmake/README.MD index 10782eccfc53..439da6b9d6ba 100644 --- a/contrib/libxml2-cmake/README.MD +++ b/contrib/libxml2-cmake/README.MD @@ -1,2 +1,2 @@ -./configure CPPFLAGS="-DHAVE_GETENTROPY=0" \ No newline at end of file +./configure CPPFLAGS="-DHAVE_GETENTROPY=0" diff --git a/contrib/libxml2-cmake/linux_x86_64/include/config.h b/contrib/libxml2-cmake/linux_x86_64/include/config.h index c1fbd48d765b..600e7570e990 100644 --- a/contrib/libxml2-cmake/linux_x86_64/include/config.h +++ b/contrib/libxml2-cmake/linux_x86_64/include/config.h @@ -1,6 +1,10 @@ /* config.h. Generated from config.h.in by configure. */ /* config.h.in. Generated from configure.ac by autoheader. */ +/* Define to 1 if you have the declaration of `getentropy', and to 0 if you + don't. */ +#define HAVE_DECL_GETENTROPY 0 + /* Define to 1 if you have the declaration of `glob', and to 0 if you don't. */ #define HAVE_DECL_GLOB 1 @@ -27,12 +31,6 @@ /* Define if readline library is available */ /* #undef HAVE_LIBREADLINE */ -/* Define to 1 if you have the header file. */ -/* #undef HAVE_LZMA_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_POLL_H */ - /* Define to 1 if you have the header file. */ #define HAVE_PTHREAD_H 1 @@ -79,7 +77,7 @@ #define PACKAGE_NAME "libxml2" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "libxml2 2.14.5" +#define PACKAGE_STRING "libxml2 2.15.1" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "libxml2" @@ -88,7 +86,7 @@ #define PACKAGE_URL "" /* Define to the version of this package. */ -#define PACKAGE_VERSION "2.14.5" +#define PACKAGE_VERSION "2.15.1" /* Define to 1 if all of the C90 standard headers exist (not just the ones required in a freestanding environment). This macro is provided for @@ -96,7 +94,7 @@ #define STDC_HEADERS 1 /* Version number of package */ -#define VERSION "2.14.5" +#define VERSION "2.15.1" /* System configuration directory (/etc) */ #define XML_SYSCONFDIR "/usr/local/etc" diff --git a/contrib/libxml2-cmake/linux_x86_64/include/libxml/xmlversion.h b/contrib/libxml2-cmake/linux_x86_64/include/libxml/xmlversion.h index c8303df8f838..ff8b0ed8011b 100644 --- a/contrib/libxml2-cmake/linux_x86_64/include/libxml/xmlversion.h +++ b/contrib/libxml2-cmake/linux_x86_64/include/libxml/xmlversion.h @@ -1,330 +1,253 @@ -/* - * Summary: compile-time version information - * Description: compile-time version information for the XML library +/** + * @file + * + * @brief compile-time version information + * + * compile-time version information for the XML library * - * Copy: See Copyright for the status of this software. + * @copyright See Copyright for the status of this software. * - * Author: Daniel Veillard + * @author Daniel Veillard */ #ifndef __XML_VERSION_H__ #define __XML_VERSION_H__ /** - * LIBXML_DOTTED_VERSION: - * * the version string like "1.2.3" */ -#define LIBXML_DOTTED_VERSION "2.14.5" +#define LIBXML_DOTTED_VERSION "2.15.1" /** - * LIBXML_VERSION: - * * the version number: 1.2.3 value is 10203 */ -#define LIBXML_VERSION 21403 +#define LIBXML_VERSION 21501 /** - * LIBXML_VERSION_STRING: - * * the version number string, 1.2.3 value is "10203" */ -#define LIBXML_VERSION_STRING "21403" +#define LIBXML_VERSION_STRING "21501" /** - * LIBXML_VERSION_EXTRA: - * * extra version information, used to show a git commit description */ #define LIBXML_VERSION_EXTRA "" /** - * LIBXML_TEST_VERSION: - * * Macro to check that the libxml version in use is compatible with * the version the software has been compiled against */ -#define LIBXML_TEST_VERSION xmlCheckVersion(21403); +#define LIBXML_TEST_VERSION xmlCheckVersion(21501); +#if 1 /** - * LIBXML_THREAD_ENABLED: - * * Whether the thread support is configured in */ -#if 1 #define LIBXML_THREAD_ENABLED #endif +#if 0 /** - * LIBXML_THREAD_ALLOC_ENABLED: - * * Whether the allocation hooks are per-thread */ -#if 0 #define LIBXML_THREAD_ALLOC_ENABLED #endif /** - * LIBXML_TREE_ENABLED: - * * Always enabled since 2.14.0 */ #define LIBXML_TREE_ENABLED +#if 1 /** - * LIBXML_OUTPUT_ENABLED: - * * Whether the serialization/saving support is configured in */ -#if 1 #define LIBXML_OUTPUT_ENABLED #endif +#if 1 /** - * LIBXML_PUSH_ENABLED: - * * Whether the push parsing interfaces are configured in */ -#if 1 #define LIBXML_PUSH_ENABLED #endif +#if 1 /** - * LIBXML_READER_ENABLED: - * * Whether the xmlReader parsing interface is configured in */ -#if 1 #define LIBXML_READER_ENABLED #endif +#if 1 /** - * LIBXML_PATTERN_ENABLED: - * * Whether the xmlPattern node selection interface is configured in */ -#if 1 #define LIBXML_PATTERN_ENABLED #endif +#if 1 /** - * LIBXML_WRITER_ENABLED: - * * Whether the xmlWriter saving interface is configured in */ -#if 1 #define LIBXML_WRITER_ENABLED #endif +#if 1 /** - * LIBXML_SAX1_ENABLED: - * * Whether the older SAX1 interface is configured in */ -#if 1 #define LIBXML_SAX1_ENABLED #endif +#if 0 /** - * LIBXML_HTTP_ENABLED: - * - * Whether the HTTP support is configured in + * HTTP support was removed in 2.15 */ -#if 0 -#define LIBXML_HTTP_ENABLED +#define LIBXML_HTTP_STUBS_ENABLED #endif +#if 1 /** - * LIBXML_VALID_ENABLED: - * * Whether the DTD validation support is configured in */ -#if 1 #define LIBXML_VALID_ENABLED #endif +#if 1 /** - * LIBXML_HTML_ENABLED: - * * Whether the HTML support is configured in */ -#if 1 #define LIBXML_HTML_ENABLED #endif -/** - * LIBXML_LEGACY_ENABLED: - * +/* * Removed in 2.14 */ #undef LIBXML_LEGACY_ENABLED +#if 1 /** - * LIBXML_C14N_ENABLED: - * * Whether the Canonicalization support is configured in */ -#if 1 #define LIBXML_C14N_ENABLED #endif +#if 1 /** - * LIBXML_CATALOG_ENABLED: - * * Whether the Catalog support is configured in */ -#if 1 #define LIBXML_CATALOG_ENABLED +#define LIBXML_SGML_CATALOG_ENABLED #endif +#if 1 /** - * LIBXML_XPATH_ENABLED: - * * Whether XPath is configured in */ -#if 1 #define LIBXML_XPATH_ENABLED #endif +#if 1 /** - * LIBXML_XPTR_ENABLED: - * * Whether XPointer is configured in */ -#if 1 #define LIBXML_XPTR_ENABLED #endif +#if 1 /** - * LIBXML_XINCLUDE_ENABLED: - * * Whether XInclude is configured in */ -#if 1 #define LIBXML_XINCLUDE_ENABLED #endif +#if 1 /** - * LIBXML_ICONV_ENABLED: - * * Whether iconv support is available */ -#if 1 #define LIBXML_ICONV_ENABLED #endif +#if 0 /** - * LIBXML_ICU_ENABLED: - * * Whether icu support is available */ -#if 0 #define LIBXML_ICU_ENABLED #endif +#if 1 /** - * LIBXML_ISO8859X_ENABLED: - * * Whether ISO-8859-* support is made available in case iconv is not */ -#if 1 #define LIBXML_ISO8859X_ENABLED #endif +#if 1 /** - * LIBXML_DEBUG_ENABLED: - * * Whether Debugging module is configured in */ -#if 1 #define LIBXML_DEBUG_ENABLED #endif -/** - * LIBXML_UNICODE_ENABLED: - * +/* * Removed in 2.14 */ #undef LIBXML_UNICODE_ENABLED +#if 1 /** - * LIBXML_REGEXP_ENABLED: - * * Whether the regular expressions interfaces are compiled in */ -#if 1 #define LIBXML_REGEXP_ENABLED #endif +#if 1 /** - * LIBXML_AUTOMATA_ENABLED: - * * Whether the automata interfaces are compiled in */ -#if 1 #define LIBXML_AUTOMATA_ENABLED #endif +#if 1 /** - * LIBXML_RELAXNG_ENABLED: - * * Whether the RelaxNG validation interfaces are compiled in */ -#if 1 #define LIBXML_RELAXNG_ENABLED #endif +#if 1 /** - * LIBXML_SCHEMAS_ENABLED: - * * Whether the Schemas validation interfaces are compiled in */ -#if 1 #define LIBXML_SCHEMAS_ENABLED #endif +#if 0 /** - * LIBXML_SCHEMATRON_ENABLED: - * * Whether the Schematron validation interfaces are compiled in */ -#if 1 #define LIBXML_SCHEMATRON_ENABLED #endif +#if 1 /** - * LIBXML_MODULES_ENABLED: - * * Whether the module interfaces are compiled in */ -#if 1 #define LIBXML_MODULES_ENABLED /** - * LIBXML_MODULE_EXTENSION: - * * the string suffix used by dynamic modules (usually shared libraries) */ -#define LIBXML_MODULE_EXTENSION ".so" +#define LIBXML_MODULE_EXTENSION ".so" #endif +#if 0 /** - * LIBXML_ZLIB_ENABLED: - * * Whether the Zlib support is compiled in */ -#if 0 #define LIBXML_ZLIB_ENABLED #endif -/** - * LIBXML_LZMA_ENABLED: - * - * Whether the Lzma support is compiled in - */ -#if 0 -#define LIBXML_LZMA_ENABLED -#endif - #include #endif From 4807b6236198068a3fde91e4e10c83afef2afec2 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Mon, 2 Feb 2026 22:15:31 +0000 Subject: [PATCH 011/141] Backport #95563 to 25.8: Fix contention in CancellationChecker thread --- src/Interpreters/CancellationChecker.cpp | 67 +++++++++++++----------- src/Interpreters/CancellationChecker.h | 3 -- 2 files changed, 35 insertions(+), 35 deletions(-) diff --git a/src/Interpreters/CancellationChecker.cpp b/src/Interpreters/CancellationChecker.cpp index 1d037a5f14bf..36f38b12f59e 100644 --- a/src/Interpreters/CancellationChecker.cpp +++ b/src/Interpreters/CancellationChecker.cpp @@ -10,6 +10,10 @@ namespace DB { +/// Align all timeouts to a grid to allow batching of timeout processing. +/// Tasks may be cancelled slightly later than their exact timeout, but never before. +static constexpr UInt64 CANCELLATION_GRID_MS = 100; + struct CancellationChecker::QueryToTrack { QueryToTrack(QueryStatusPtr query_, UInt64 timeout_, UInt64 endtime_, OverflowMode overflow_mode_) @@ -63,18 +67,6 @@ void CancellationChecker::terminateThread() cond_var.notify_all(); } -bool CancellationChecker::removeQueryFromSet(QueryStatusPtr query) -{ - auto it = std::ranges::find(query_set, query, &QueryToTrack::query); - - if (it == query_set.end()) - return false; - - LOG_TEST(log, "Removing query {} from done tasks", query->getClientInfo().current_query_id); - query_set.erase(it); - return true; -} - void CancellationChecker::appendTask(const QueryStatusPtr & query, const Int64 timeout, OverflowMode overflow_mode) { if (timeout <= 0) // Avoid cases when the timeout is less or equal zero @@ -85,16 +77,29 @@ void CancellationChecker::appendTask(const QueryStatusPtr & query, const Int64 t std::unique_lock lock(m); LOG_TEST(log, "Added to set. query: {}, timeout: {} milliseconds", query->getInfo().query, timeout); const auto now = std::chrono::steady_clock::now(); - const UInt64 end_time = std::chrono::duration_cast(now.time_since_epoch()).count() + timeout; - query_set.emplace(query, timeout, end_time, overflow_mode); - cond_var.notify_all(); + const UInt64 now_ms = std::chrono::duration_cast(now.time_since_epoch()).count(); + /// Round up to the next grid boundary to enable batching of timeout checks. + /// This ensures tasks are never cancelled before their timeout, only slightly after. + const UInt64 end_time = ((now_ms + timeout + CANCELLATION_GRID_MS - 1) / CANCELLATION_GRID_MS) * CANCELLATION_GRID_MS; + auto iter = query_set.emplace(query, timeout, end_time, overflow_mode); + if (iter == query_set.begin()) // Only notify if the new task is the earliest one + cond_var.notify_all(); } void CancellationChecker::appendDoneTasks(const QueryStatusPtr & query) { - std::unique_lock lock(m); - removeQueryFromSet(query); - cond_var.notify_all(); + std::unique_lock lock(m); + + auto it = std::ranges::find(query_set, query, &QueryToTrack::query); + if (it == query_set.end()) + return; + + LOG_TEST(log, "Removing query {} from done tasks", query->getClientInfo().current_query_id); + query_set.erase(it); + + // Note that there is no need to notify the worker thread here. Even if we have just removed the earliest task, + // it will wake up before the next task anyway and fix its timeout to a proper value on wake-up. + // This optimization avoids unnecessary contention on the mutex. } void CancellationChecker::workerFunction() @@ -107,20 +112,19 @@ void CancellationChecker::workerFunction() while (!stop_thread) { UInt64 now_ms = 0; - std::chrono::steady_clock::duration duration_milliseconds = std::chrono::milliseconds(0); - if (!query_set.empty()) { - const auto next_task_it = query_set.begin(); - - // Convert UInt64 timeout to std::chrono::steady_clock::time_point - duration_milliseconds = std::chrono::milliseconds(next_task_it->timeout); - - auto end_time_ms = next_task_it->endtime; auto now = std::chrono::steady_clock::now(); now_ms = std::chrono::duration_cast(now.time_since_epoch()).count(); - if ((end_time_ms <= now_ms && duration_milliseconds.count() != 0)) + + /// Batch all tasks that have reached their deadline. + /// Since deadlines are aligned to a grid, multiple tasks often expire together. + while (!query_set.empty()) { + auto next_task_it = query_set.begin(); + if (next_task_it->endtime > now_ms || next_task_it->timeout == 0) + break; + LOG_DEBUG( log, "Cancelling the task because of the timeout: {} ms, query_id: {}", @@ -129,7 +133,6 @@ void CancellationChecker::workerFunction() tasks_to_cancel.push_back(*next_task_it); query_set.erase(next_task_it); - continue; } } @@ -142,19 +145,19 @@ void CancellationChecker::workerFunction() continue; } - /// if last time we checked there were no queries, + /// if there are no queries, /// wakeup on first query that was added so we can setup /// proper timeout for waking up the thread - if (!now_ms) + if (query_set.empty()) { cond_var.wait(lock, [&] { return stop_thread || !query_set.empty(); }); } else { - chassert(duration_milliseconds.count()); + chassert(!query_set.empty()); cond_var.wait_for( lock, - duration_milliseconds, + std::chrono::milliseconds(query_set.begin()->endtime - now_ms), [&, now_ms] { return stop_thread || (!query_set.empty() && query_set.begin()->endtime < now_ms); }); } } diff --git a/src/Interpreters/CancellationChecker.h b/src/Interpreters/CancellationChecker.h index fcc9d43f1543..c6c2a2b1f5f2 100644 --- a/src/Interpreters/CancellationChecker.h +++ b/src/Interpreters/CancellationChecker.h @@ -42,9 +42,6 @@ class CancellationChecker std::mutex m; std::condition_variable cond_var; - // Function to execute when a task's endTime is reached - bool removeQueryFromSet(QueryStatusPtr query); - static void cancelTask(CancellationChecker::QueryToTrack task); const LoggerPtr log; From dbe1502b692f0a2b5f8353223917f417d03e3743 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Tue, 3 Feb 2026 13:37:11 +0000 Subject: [PATCH 012/141] Backport #95846 to 25.8: Fix assertion failure in `applyUncommittedState` for deltas without paths --- src/Coordination/KeeperStorage.cpp | 48 +++++++++++++++++++++++++----- 1 file changed, 40 insertions(+), 8 deletions(-) diff --git a/src/Coordination/KeeperStorage.cpp b/src/Coordination/KeeperStorage.cpp index cdac684740aa..11be234d7584 100644 --- a/src/Coordination/KeeperStorage.cpp +++ b/src/Coordination/KeeperStorage.cpp @@ -559,6 +559,37 @@ struct KeeperStorageBase::Delta Operation operation; }; +std::string_view deltaTypeToString(const Operation & operation) +{ + /// Using std::visit ensures compile-time exhaustiveness checking - + /// adding a new type to Operation will cause a compilation error until handled here + return std::visit([](const T &) -> std::string_view + { + if constexpr (std::is_same_v) + return "CreateNodeDelta"; + else if constexpr (std::is_same_v) + return "RemoveNodeDelta"; + else if constexpr (std::is_same_v) + return "UpdateNodeStatDelta"; + else if constexpr (std::is_same_v) + return "UpdateNodeDataDelta"; + else if constexpr (std::is_same_v) + return "SetACLDelta"; + else if constexpr (std::is_same_v) + return "AddAuthDelta"; + else if constexpr (std::is_same_v) + return "ErrorDelta"; + else if constexpr (std::is_same_v) + return "SubDeltaEnd"; + else if constexpr (std::is_same_v) + return "FailedMultiDelta"; + else if constexpr (std::is_same_v) + return "CloseSessionDelta"; + else + static_assert(sizeof(T) == 0, "Unhandled Operation type in deltaTypeToString"); + }, operation); +} + KeeperStorageBase::DeltaIterator KeeperStorageBase::DeltaRange::begin() const { return begin_it; @@ -702,7 +733,7 @@ void KeeperStorage::UncommittedState::UncommittedNode::materializeACL template void KeeperStorage::UncommittedState::applyDelta(const Delta & delta, uint64_t * digest) { - chassert(!delta.path.empty()); + chassert(!delta.path.empty(), fmt::format("Path is empty for delta of type '{}'", deltaTypeToString(delta.operation))); UncommittedNode * uncommitted_node = nullptr; auto node_it = nodes.end(); @@ -822,7 +853,7 @@ bool KeeperStorage::UncommittedState::hasACL(int64_t session_id, bool template void KeeperStorage::UncommittedState::rollbackDelta(const Delta & delta) { - chassert(!delta.path.empty()); + chassert(!delta.path.empty(), fmt::format("Path is empty for delta of type '{}'", deltaTypeToString(delta.operation))); std::visit( [&](const DeltaType & operation) @@ -1195,16 +1226,17 @@ void KeeperStorage::applyUncommittedState(KeeperStorage & other, int6 zxids_to_apply.insert(transaction.zxid); } - auto it = uncommitted_state.deltas.begin(); - - for (; it != uncommitted_state.deltas.end(); ++it) + std::list uncommitted_deltas_to_apply; + for (const auto & uncommitted_delta : uncommitted_state.deltas) { - if (!zxids_to_apply.contains(it->zxid)) + if (!zxids_to_apply.contains(uncommitted_delta.zxid)) continue; - other.uncommitted_state.applyDelta(*it, /*digest=*/nullptr); - other.uncommitted_state.deltas.push_back(*it); + uncommitted_deltas_to_apply.push_back(uncommitted_delta); } + + other.uncommitted_state.applyDeltas(uncommitted_deltas_to_apply, /*digest=*/nullptr); + other.uncommitted_state.addDeltas(std::move(uncommitted_deltas_to_apply)); } template From 5f312bb54a8d930e55754bb5d3eed072bedda47b Mon Sep 17 00:00:00 2001 From: Vladimir Cherkasov Date: Tue, 3 Feb 2026 15:03:16 +0100 Subject: [PATCH 013/141] Fix 02374_analyzer_join_using --- .../02374_analyzer_join_using.reference | 36 ++++++++++--------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/tests/queries/0_stateless/02374_analyzer_join_using.reference b/tests/queries/0_stateless/02374_analyzer_join_using.reference index add7be34e9c2..63e648c14d68 100644 --- a/tests/queries/0_stateless/02374_analyzer_join_using.reference +++ b/tests/queries/0_stateless/02374_analyzer_join_using.reference @@ -172,9 +172,9 @@ SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_i t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 INNER JOIN test_table_join_2 AS t2 USING (id) FULL JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; +0 UInt64 1 UInt64 String 1 UInt32 String 5 UInt64 Join_3_Value_4 String 0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt32 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String 1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt32 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String -4 UInt64 1 UInt64 String 1 UInt32 String 5 UInt64 Join_3_Value_4 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) @@ -265,10 +265,10 @@ SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_i t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 LEFT JOIN test_table_join_2 AS t2 USING (id) FULL JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; +0 UInt64 1 UInt64 String 1 UInt32 String 5 UInt64 Join_3_Value_4 String 0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt32 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String 1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt32 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String 2 UInt64 3 UInt64 Join_1_Value_2 String 1 UInt32 String 1 UInt64 String -4 UInt64 1 UInt64 String 1 UInt32 String 5 UInt64 Join_3_Value_4 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) @@ -361,10 +361,10 @@ SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_i t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 RIGHT JOIN test_table_join_2 AS t2 USING (id) FULL JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; +0 UInt64 1 UInt32 String 1 UInt64 String 5 UInt64 Join_3_Value_4 String 0 UInt64 1 UInt32 Join_1_Value_0 String 1 UInt64 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String 1 UInt64 2 UInt32 Join_1_Value_1 String 2 UInt64 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String 3 UInt64 1 UInt32 String 4 UInt64 Join_2_Value_3 String 1 UInt64 String -4 UInt64 1 UInt32 String 1 UInt64 String 5 UInt64 Join_3_Value_4 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) @@ -388,8 +388,9 @@ SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_i t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 FULL JOIN test_table_join_2 AS t2 USING (id) INNER JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; -0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt64 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String -1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt64 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String +0 UInt64 1 UInt64 String 4 UInt32 Join_2_Value_3 String 1 UInt64 Join_3_Value_0 String +0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt32 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String +1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt32 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) @@ -409,10 +410,10 @@ SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_i t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 FULL JOIN test_table_join_2 AS t2 USING (id) LEFT JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; -0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt64 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String -1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt64 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String -2 UInt64 3 UInt64 Join_1_Value_2 String 1 UInt64 String 1 UInt64 String -3 UInt64 1 UInt64 String 4 UInt64 Join_2_Value_3 String 1 UInt64 String +0 UInt64 1 UInt64 String 4 UInt32 Join_2_Value_3 String 1 UInt64 Join_3_Value_0 String +0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt32 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String +1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt32 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String +2 UInt64 3 UInt64 Join_1_Value_2 String 1 UInt32 String 1 UInt64 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) @@ -436,9 +437,10 @@ SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_i t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 FULL JOIN test_table_join_2 AS t2 USING (id) RIGHT JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; -0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt64 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String -1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt64 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String -4 UInt64 1 UInt64 String 1 UInt64 String 5 UInt64 Join_3_Value_4 String +0 UInt64 1 UInt64 String 4 UInt32 Join_2_Value_3 String 1 UInt64 Join_3_Value_0 String +0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt32 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String +1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt32 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String +4 UInt64 1 UInt64 String 1 UInt32 String 5 UInt64 Join_3_Value_4 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) @@ -460,11 +462,11 @@ SELECT id AS using_id, toTypeName(using_id), t1.id + 1 AS t1_id, toTypeName(t1_i t2.id + 1 AS t2_id, toTypeName(t2_id), t2.value AS t2_value, toTypeName(t2_value), t3.id + 1 AS t3_id, toTypeName(t3_id), t3.value AS t3_value, toTypeName(t3_value) FROM test_table_join_1 AS t1 FULL JOIN test_table_join_2 AS t2 USING (id) FULL JOIN test_table_join_3 AS t3 USING(id) ORDER BY ALL; -0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt64 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String -1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt64 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String -2 UInt64 3 UInt64 Join_1_Value_2 String 1 UInt64 String 1 UInt64 String -3 UInt64 1 UInt64 String 4 UInt64 Join_2_Value_3 String 1 UInt64 String -4 UInt64 1 UInt64 String 1 UInt64 String 5 UInt64 Join_3_Value_4 String +0 UInt64 1 UInt64 String 1 UInt32 String 5 UInt64 Join_3_Value_4 String +0 UInt64 1 UInt64 String 4 UInt32 Join_2_Value_3 String 1 UInt64 Join_3_Value_0 String +0 UInt64 1 UInt64 Join_1_Value_0 String 1 UInt32 Join_2_Value_0 String 1 UInt64 Join_3_Value_0 String +1 UInt64 2 UInt64 Join_1_Value_1 String 2 UInt32 Join_2_Value_1 String 2 UInt64 Join_3_Value_1 String +2 UInt64 3 UInt64 Join_1_Value_2 String 1 UInt32 String 1 UInt64 String SELECT '--'; -- SELECT t1.value AS t1_value, toTypeName(t1_value), t2.value AS t2_value, toTypeName(t2_value), t3.value AS t3_value, toTypeName(t3_value) From 22c8b3f24e71680160300147c505329ead0a3aa8 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Thu, 5 Feb 2026 12:24:44 +0000 Subject: [PATCH 014/141] Backport #95773 to 25.8: Fix squashing partitioned delta lake data --- .../StorageObjectStorageSource.cpp | 17 ++++ tests/integration/test_storage_delta/test.py | 87 +++++++++++++++++++ 2 files changed, 104 insertions(+) diff --git a/src/Storages/ObjectStorage/StorageObjectStorageSource.cpp b/src/Storages/ObjectStorage/StorageObjectStorageSource.cpp index db47a7fc7945..5c6bc517a5c1 100644 --- a/src/Storages/ObjectStorage/StorageObjectStorageSource.cpp +++ b/src/Storages/ObjectStorage/StorageObjectStorageSource.cpp @@ -378,6 +378,23 @@ Chunk StorageObjectStorageSource::generate() } #endif + /// Convert any Const columns to full columns before returning. + /// This is necessary because when chunks with different Const values (e.g., partition columns + /// from different files in DeltaLake) are squashed together during INSERT, the squashing code + /// doesn't properly handle merging Const columns with different constant values. + /// By converting to full columns here, we ensure the values are preserved correctly. + if (chunk.hasColumns()) + { + size_t chunk_num_rows = chunk.getNumRows(); + auto columns = chunk.detachColumns(); + for (auto & column : columns) + { + if (column->isConst()) + column = column->cloneResized(chunk_num_rows)->convertToFullColumnIfConst(); + } + chunk.setColumns(std::move(columns), chunk_num_rows); + } + return chunk; } diff --git a/tests/integration/test_storage_delta/test.py b/tests/integration/test_storage_delta/test.py index 6241ed6ecd8a..b3eab26e6845 100644 --- a/tests/integration/test_storage_delta/test.py +++ b/tests/integration/test_storage_delta/test.py @@ -3569,3 +3569,90 @@ def test_write_column_order(started_cluster): ) assert num_rows * 2 == int(instance.query(f"SELECT count() FROM {table_name}")) + + +@pytest.mark.parametrize("cluster", [False, True]) +def test_partition_columns_3(started_cluster, cluster): + """Test for bug https://github.com/ClickHouse/ClickHouse/issues/95526 + + Reproduces issue where partition column values become incorrect when inserting + from DeltaLake into ClickHouse with many columns and type conversions. + """ + node = started_cluster.instances["node1"] + table_name = randomize_table_name("test_partition_columns_jumbled") + + schema = pa.schema( + [ + ("id", pa.int32()), + ("region", pa.string()), + ("state", pa.string()), + ] + ) + + data = [ + pa.array([1, 2], type=pa.int32()), + pa.array(["west", "east"], type=pa.string()), + pa.array(["CA", "NY"], type=pa.string()), + ] + + storage_options = { + "AWS_ENDPOINT_URL": f"http://{started_cluster.minio_ip}:{started_cluster.minio_port}", + "AWS_ACCESS_KEY_ID": minio_access_key, + "AWS_SECRET_ACCESS_KEY": minio_secret_key, + "AWS_ALLOW_HTTP": "true", + "AWS_S3_ALLOW_UNSAFE_RENAME": "true", + } + path = f"s3://root/{table_name}" + table = pa.Table.from_arrays(data, schema=schema) + + write_deltalake( + path, table, storage_options=storage_options, partition_by=["region", "state"] + ) + + if cluster: + delta_function = f""" + deltaLakeCluster( + cluster, + 'http://{started_cluster.minio_ip}:{started_cluster.minio_port}/root/{table_name}' , + '{minio_access_key}', + '{minio_secret_key}') + """ + else: + delta_function = f""" + deltaLake( + 'http://{started_cluster.minio_ip}:{started_cluster.minio_port}/root/{table_name}' , + '{minio_access_key}', + '{minio_secret_key}', + SETTINGS allow_experimental_delta_kernel_rs=0) + """ + + dst_table = f"{table_name}_dst" + node.query(f""" + CREATE TABLE {dst_table} ( + id Int32, + region String, + state String + ) ENGINE = MergeTree() + ORDER BY id + """) + + node.query(f""" + INSERT INTO {dst_table} + SELECT * FROM {delta_function} + """) + + result_from_delta = node.query( + f"SELECT * FROM {delta_function} ORDER BY id", + settings={"allow_experimental_delta_kernel_rs": 1, "use_hive_partitioning": 0}, + ).strip() + + result_from_table = node.query( + f"SELECT * FROM {dst_table} ORDER BY id" + ).strip() + + assert result_from_delta == result_from_table, \ + f"Partition columns jumbled!\nFrom DeltaLake:\n{result_from_delta}\n\nFrom table:\n{result_from_table}" + + expected = "1\twest\tCA\n2\teast\tNY" + assert result_from_table == expected, \ + f"Data doesn't match!\nExpected:\n{expected}\n\nGot:\n{result_from_table}" From 3f6ddd677faf1ba2e5c4c315dd63d947edbf7b3e Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Thu, 5 Feb 2026 16:27:19 +0000 Subject: [PATCH 015/141] Backport #96048 to 25.8: Fix global profiler values --- programs/server/Server.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/server/Server.cpp b/programs/server/Server.cpp index 91b85cc30cca..78bfc892efe9 100644 --- a/programs/server/Server.cpp +++ b/programs/server/Server.cpp @@ -1188,8 +1188,8 @@ try server_settings[ServerSetting::max_thread_pool_size], server_settings[ServerSetting::max_thread_pool_free_size], server_settings[ServerSetting::thread_pool_queue_size], - has_trace_collector ? server_settings[ServerSetting::global_profiler_real_time_period_ns] : 0, - has_trace_collector ? server_settings[ServerSetting::global_profiler_cpu_time_period_ns] : 0); + has_trace_collector ? server_settings[ServerSetting::global_profiler_real_time_period_ns].value : 0, + has_trace_collector ? server_settings[ServerSetting::global_profiler_cpu_time_period_ns].value : 0); if (has_trace_collector) { From c80e145ae63bd27416e0ed4246bd43b42bcc27e5 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Fri, 6 Feb 2026 05:34:56 +0000 Subject: [PATCH 016/141] Backport #96133 to 25.8: Fix use-of-uninitialized-value in `formatDateTime` --- src/Functions/formatDateTime.cpp | 13 +++++++++++-- ...2_format_datetime_fractional_msan.reference | 9 +++++++++ .../03902_format_datetime_fractional_msan.sql | 18 ++++++++++++++++++ 3 files changed, 38 insertions(+), 2 deletions(-) create mode 100644 tests/queries/0_stateless/03902_format_datetime_fractional_msan.reference create mode 100644 tests/queries/0_stateless/03902_format_datetime_fractional_msan.sql diff --git a/src/Functions/formatDateTime.cpp b/src/Functions/formatDateTime.cpp index f4fc2ba6de96..5e1a9a210950 100644 --- a/src/Functions/formatDateTime.cpp +++ b/src/Functions/formatDateTime.cpp @@ -603,7 +603,9 @@ class FunctionFormatDateTimeImpl : public IFunction for (UInt32 i = scale; i > 0; --i) { - dest[i - 1] += fractional_second % 10; + /// Use assignment instead of `+=` to avoid reading uninitialized memory + /// when the output buffer is not pre-filled with the template (variable-width formatters path). + dest[i - 1] = '0' + (fractional_second % 10); fractional_second /= 10; } return scale; @@ -617,7 +619,9 @@ class FunctionFormatDateTimeImpl : public IFunction for (UInt32 i = scale; i > 0; --i) { - dest[i - 1] += fractional_second % 10; + /// Use assignment instead of `+=` to avoid reading uninitialized memory + /// when the output buffer is not pre-filled with the template (variable-width formatters path). + dest[i - 1] = '0' + (fractional_second % 10); fractional_second /= 10; } return scale; @@ -819,6 +823,11 @@ class FunctionFormatDateTimeImpl : public IFunction return min_represent_digits; } auto str = toString(fractional_second); + /// Left-pad with zeros to `scale` digits, because `toString` does not preserve leading zeros + /// (e.g. fractional_second=5, scale=3 gives "5" but we need "005"). + /// Without this, the buffer would be left partially uninitialized. + if (str.size() < scale) + str.insert(0, scale - str.size(), '0'); if (min_represent_digits > scale) { for (UInt64 i = 0; i < min_represent_digits - scale; ++i) diff --git a/tests/queries/0_stateless/03902_format_datetime_fractional_msan.reference b/tests/queries/0_stateless/03902_format_datetime_fractional_msan.reference new file mode 100644 index 000000000000..9ab82215084b --- /dev/null +++ b/tests/queries/0_stateless/03902_format_datetime_fractional_msan.reference @@ -0,0 +1,9 @@ +January 12345678 +January 1234 +January 000000 +January 1234 +January 0 +005 +050 +005000 +00 diff --git a/tests/queries/0_stateless/03902_format_datetime_fractional_msan.sql b/tests/queries/0_stateless/03902_format_datetime_fractional_msan.sql new file mode 100644 index 000000000000..d3fa89558188 --- /dev/null +++ b/tests/queries/0_stateless/03902_format_datetime_fractional_msan.sql @@ -0,0 +1,18 @@ +-- Test for use-of-uninitialized-value in formatDateTime fractional second formatters. +-- %M is a variable-width formatter, so the output buffer is not pre-filled with the template. +-- The fractional second formatters must fully initialize their output bytes. + +-- mysqlFractionalSecondScaleNumDigits (formatdatetime_f_prints_scale_number_of_digits = 1) +SELECT formatDateTime(toDateTime64('2024-01-01 12:00:00.12345678', 8, 'UTC'), '%M %f') SETTINGS formatdatetime_f_prints_scale_number_of_digits = 1; +SELECT formatDateTime(toDateTime64('2024-01-01 12:00:00.1234', 4, 'UTC'), '%M %f') SETTINGS formatdatetime_f_prints_scale_number_of_digits = 1; +SELECT formatDateTime(toDateTime64('2024-01-01 12:00:00', 0, 'UTC'), '%M %f') SETTINGS formatdatetime_f_prints_scale_number_of_digits = 1; + +-- mysqlFractionalSecondSingleZero (formatdatetime_f_prints_single_zero = 1) +SELECT formatDateTime(toDateTime64('2024-01-01 12:00:00.1234', 4, 'UTC'), '%M %f') SETTINGS formatdatetime_f_prints_single_zero = 1; +SELECT formatDateTime(toDateTime64('2024-01-01 12:00:00', 0, 'UTC'), '%M %f') SETTINGS formatdatetime_f_prints_single_zero = 1; + +-- jodaFractionOfSecond: leading zeros must be preserved (e.g. fractional_second=5, scale=3 -> "005") +SELECT formatDateTimeInJodaSyntax(toDateTime64('2024-01-01 12:00:00.005', 3, 'UTC'), 'SSS'); +SELECT formatDateTimeInJodaSyntax(toDateTime64('2024-01-01 12:00:00.050', 3, 'UTC'), 'SSS'); +SELECT formatDateTimeInJodaSyntax(toDateTime64('2024-01-01 12:00:00.005', 3, 'UTC'), 'SSSSSS'); +SELECT formatDateTimeInJodaSyntax(toDateTime64('2024-01-01 12:00:00.005', 3, 'UTC'), 'SS'); From 349bdf390a002047cfc3586ee86bac7bdac9836e Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Fri, 6 Feb 2026 09:25:58 +0000 Subject: [PATCH 017/141] Backport #96098 to 25.8: Trim size of CachedOnDiskReadBufferFromFile structure 50x --- src/Common/ProfileEvents.cpp | 7 +----- src/Coordination/KeeperConstants.cpp | 6 ----- .../IO/CachedOnDiskReadBufferFromFile.cpp | 25 ++++--------------- src/Disks/IO/CachedOnDiskReadBufferFromFile.h | 3 +-- .../IO/CachedOnDiskWriteBufferFromFile.cpp | 1 - .../Cached/CachedObjectStorage.cpp | 2 +- src/Interpreters/FilesystemCacheLog.cpp | 12 --------- src/Interpreters/FilesystemCacheLog.h | 1 - 8 files changed, 8 insertions(+), 49 deletions(-) diff --git a/src/Common/ProfileEvents.cpp b/src/Common/ProfileEvents.cpp index 6e98ca6b7f60..ddf2efa2b823 100644 --- a/src/Common/ProfileEvents.cpp +++ b/src/Common/ProfileEvents.cpp @@ -674,6 +674,7 @@ The server successfully detected this situation and will download merged part fr M(CachedReadBufferReadFromCacheHits, "Number of times the read from filesystem cache hit the cache.", ValueType::Number) \ M(CachedReadBufferReadFromCacheMisses, "Number of times the read from filesystem cache miss the cache.", ValueType::Number) \ M(CachedReadBufferReadFromSourceMicroseconds, "Time reading from filesystem cache source (from remote filesystem, etc)", ValueType::Microseconds) \ + M(CachedReadBufferWaitReadBufferMicroseconds, "Time spend waiting for internal read buffer (includes cache waiting)", ValueType::Microseconds) \ M(CachedReadBufferReadFromCacheMicroseconds, "Time reading from filesystem cache", ValueType::Microseconds) \ M(CachedReadBufferReadFromSourceBytes, "Bytes read from filesystem cache source (from remote fs, etc)", ValueType::Bytes) \ M(CachedReadBufferReadFromCacheBytes, "Bytes read from filesystem cache", ValueType::Bytes) \ @@ -744,12 +745,6 @@ The server successfully detected this situation and will download merged part fr M(ThreadpoolReaderSubmitLookupInCacheMicroseconds, "How much time we spent checking if content is cached", ValueType::Microseconds) \ M(AsynchronousReaderIgnoredBytes, "Number of bytes ignored during asynchronous reading", ValueType::Bytes) \ \ - M(FileSegmentWaitReadBufferMicroseconds, "Metric per file segment. Time spend waiting for internal read buffer (includes cache waiting)", ValueType::Microseconds) \ - M(FileSegmentReadMicroseconds, "Metric per file segment. Time spend reading from file", ValueType::Microseconds) \ - M(FileSegmentCacheWriteMicroseconds, "Metric per file segment. Time spend writing data to cache", ValueType::Microseconds) \ - M(FileSegmentPredownloadMicroseconds, "Metric per file segment. Time spent pre-downloading data to cache (pre-downloading - finishing file segment download (after someone who failed to do that) up to the point current thread was requested to do)", ValueType::Microseconds) \ - M(FileSegmentUsedBytes, "Metric per file segment. How many bytes were actually used from current file segment", ValueType::Bytes) \ - \ M(ReadBufferSeekCancelConnection, "Number of seeks which lead to new connection (s3, http)", ValueType::Number) \ \ M(SleepFunctionCalls, "Number of times a sleep function (sleep, sleepEachRow) has been called.", ValueType::Number) \ diff --git a/src/Coordination/KeeperConstants.cpp b/src/Coordination/KeeperConstants.cpp index d15c142df6f0..5da770f67566 100644 --- a/src/Coordination/KeeperConstants.cpp +++ b/src/Coordination/KeeperConstants.cpp @@ -209,12 +209,6 @@ M(ThreadpoolReaderSubmitReadSynchronouslyMicroseconds) \ M(ThreadpoolReaderSubmitLookupInCacheMicroseconds) \ M(AsynchronousReaderIgnoredBytes) \ -\ - M(FileSegmentWaitReadBufferMicroseconds) \ - M(FileSegmentReadMicroseconds) \ - M(FileSegmentCacheWriteMicroseconds) \ - M(FileSegmentPredownloadMicroseconds) \ - M(FileSegmentUsedBytes) \ \ M(ReadBufferSeekCancelConnection) \ \ diff --git a/src/Disks/IO/CachedOnDiskReadBufferFromFile.cpp b/src/Disks/IO/CachedOnDiskReadBufferFromFile.cpp index 1775113d1bd1..9145832b9a3c 100644 --- a/src/Disks/IO/CachedOnDiskReadBufferFromFile.cpp +++ b/src/Disks/IO/CachedOnDiskReadBufferFromFile.cpp @@ -19,12 +19,7 @@ namespace ProfileEvents { -extern const Event FileSegmentWaitReadBufferMicroseconds; -extern const Event FileSegmentReadMicroseconds; -extern const Event FileSegmentCacheWriteMicroseconds; -extern const Event FileSegmentPredownloadMicroseconds; -extern const Event FileSegmentUsedBytes; - +extern const Event CachedReadBufferWaitReadBufferMicroseconds; extern const Event CachedReadBufferReadFromSourceMicroseconds; extern const Event CachedReadBufferReadFromCacheMicroseconds; extern const Event CachedReadBufferCacheWriteMicroseconds; @@ -72,7 +67,7 @@ CachedOnDiskReadBufferFromFile::CachedOnDiskReadBufferFromFile( , cache(cache_) , settings(settings_) , read_until_position(read_until_position_ ? *read_until_position_ : file_size_) - , implementation_buffer_creator(implementation_buffer_creator_) + , implementation_buffer_creator(std::move(implementation_buffer_creator_)) , query_id(query_id_) , current_buffer_id(getRandomASCIIString(8)) , user(user_) @@ -106,13 +101,9 @@ void CachedOnDiskReadBufferFromFile::appendFilesystemCacheLog( .file_segment_size = range.size(), .read_from_cache_attempted = true, .read_buffer_id = current_buffer_id, - .profile_counters = std::make_shared( - current_file_segment_counters.getPartiallyAtomicSnapshot()), .user_id = user.user_id, }; - current_file_segment_counters.reset(); - switch (type) { case CachedOnDiskReadBufferFromFile::ReadType::CACHED: @@ -443,10 +434,7 @@ CachedOnDiskReadBufferFromFile::getImplementationBuffer(FileSegment & file_segme read_buffer_for_file_segment->getFileOffsetOfBufferEnd(), file_segment.getInfoForLog()); - current_file_segment_counters.increment( - ProfileEvents::FileSegmentWaitReadBufferMicroseconds, watch.elapsedMicroseconds()); - - ProfileEvents::increment(ProfileEvents::FileSegmentWaitReadBufferMicroseconds, watch.elapsedMicroseconds()); + ProfileEvents::increment(ProfileEvents::CachedReadBufferWaitReadBufferMicroseconds, watch.elapsedMicroseconds()); [[maybe_unused]] auto download_current_segment = read_type == ReadType::REMOTE_FS_READ_AND_PUT_IN_CACHE; chassert(download_current_segment == file_segment.isDownloader()); @@ -582,8 +570,6 @@ bool CachedOnDiskReadBufferFromFile::predownload(FileSegment & file_segment) Stopwatch predownload_watch(CLOCK_MONOTONIC); SCOPE_EXIT({ predownload_watch.stop(); - current_file_segment_counters.increment( - ProfileEvents::FileSegmentPredownloadMicroseconds, predownload_watch.elapsedMicroseconds()); }); OpenTelemetry::SpanHolder span("CachedOnDiskReadBufferFromFile::predownload"); @@ -615,7 +601,6 @@ bool CachedOnDiskReadBufferFromFile::predownload(FileSegment & file_segment) watch.stop(); auto elapsed = watch.elapsedMicroseconds(); - current_file_segment_counters.increment(ProfileEvents::FileSegmentReadMicroseconds, elapsed); ProfileEvents::increment(ProfileEvents::CachedReadBufferReadFromSourceMicroseconds, elapsed); } @@ -801,7 +786,6 @@ bool CachedOnDiskReadBufferFromFile::writeCache(char * data, size_t size, size_t watch.stop(); auto elapsed = watch.elapsedMicroseconds(); - current_file_segment_counters.increment(ProfileEvents::FileSegmentCacheWriteMicroseconds, elapsed); ProfileEvents::increment(ProfileEvents::CachedReadBufferCacheWriteMicroseconds, elapsed); ProfileEvents::increment(ProfileEvents::CachedReadBufferCacheWriteBytes, size); @@ -1013,7 +997,6 @@ bool CachedOnDiskReadBufferFromFile::nextImplStep() watch.stop(); auto elapsed = watch.elapsedMicroseconds(); - current_file_segment_counters.increment(ProfileEvents::FileSegmentReadMicroseconds, elapsed); // We don't support implementation_buffer implementations that use nextimpl_working_buffer_offset. chassert(implementation_buffer->position() == implementation_buffer->buffer().begin()); @@ -1178,6 +1161,8 @@ bool CachedOnDiskReadBufferFromFile::nextImplStep() file_segment.getInfoForLog()); } + swap.reset(); + // No necessary because of the SCOPE_EXIT above, but useful for logging below. if (download_current_segment) file_segment.completePartAndResetDownloader(); diff --git a/src/Disks/IO/CachedOnDiskReadBufferFromFile.h b/src/Disks/IO/CachedOnDiskReadBufferFromFile.h index 4f26a94f91f8..455b454fa39c 100644 --- a/src/Disks/IO/CachedOnDiskReadBufferFromFile.h +++ b/src/Disks/IO/CachedOnDiskReadBufferFromFile.h @@ -142,9 +142,8 @@ class CachedOnDiskReadBufferFromFile : public ReadBufferFromFileBase FileCacheUserInfo user; bool allow_seeks_after_first_read; - [[maybe_unused]]bool use_external_buffer; + bool use_external_buffer; CurrentMetrics::Increment metric_increment{CurrentMetrics::FilesystemCacheReadBuffers}; - ProfileEvents::Counters current_file_segment_counters; FileCacheQueryLimit::QueryContextHolderPtr query_context_holder; diff --git a/src/Disks/IO/CachedOnDiskWriteBufferFromFile.cpp b/src/Disks/IO/CachedOnDiskWriteBufferFromFile.cpp index 566a57a0871d..0d7adc934dc2 100644 --- a/src/Disks/IO/CachedOnDiskWriteBufferFromFile.cpp +++ b/src/Disks/IO/CachedOnDiskWriteBufferFromFile.cpp @@ -215,7 +215,6 @@ void FileSegmentRangeWriter::appendFilesystemCacheLog(const FileSegment & file_s .file_segment_size = file_segment_range.size(), .read_from_cache_attempted = false, .read_buffer_id = {}, - .profile_counters = nullptr, }; cache_log->add(std::move(elem)); diff --git a/src/Disks/ObjectStorages/Cached/CachedObjectStorage.cpp b/src/Disks/ObjectStorages/Cached/CachedObjectStorage.cpp index 8675555f2668..4c0dfb68609c 100644 --- a/src/Disks/ObjectStorages/Cached/CachedObjectStorage.cpp +++ b/src/Disks/ObjectStorages/Cached/CachedObjectStorage.cpp @@ -85,7 +85,7 @@ std::unique_ptr CachedObjectStorage::readObject( /// NOL auto global_context = Context::getGlobalContextInstance(); auto modified_read_settings = read_settings.withNestedBuffer(); - auto read_buffer_creator = [=, this]() + auto read_buffer_creator = [this, object, read_settings, read_hint]() { return object_storage->readObject(object, patchSettings(read_settings), read_hint, file_size); }; diff --git a/src/Interpreters/FilesystemCacheLog.cpp b/src/Interpreters/FilesystemCacheLog.cpp index f518ef46ba37..d88168f16617 100644 --- a/src/Interpreters/FilesystemCacheLog.cpp +++ b/src/Interpreters/FilesystemCacheLog.cpp @@ -42,7 +42,6 @@ ColumnsDescription FilesystemCacheLogElement::getColumnsDescription() {"size", std::make_shared(), "Read size"}, {"read_type", std::make_shared(), "Read type: READ_FROM_CACHE, READ_FROM_FS_AND_DOWNLOADED_TO_CACHE, READ_FROM_FS_BYPASSING_CACHE"}, {"read_from_cache_attempted", std::make_shared(), "Whether reading from cache was attempted"}, - {"ProfileEvents", std::make_shared(low_cardinality_string, std::make_shared()), "Profile events collected while reading this file segment"}, {"read_buffer_id", std::make_shared(), "Internal implementation read buffer id"}, {"user_id", std::make_shared(), "User id of the user which created the file segment"}, }; @@ -66,17 +65,6 @@ void FilesystemCacheLogElement::appendToBlock(MutableColumns & columns) const columns[i++]->insert(file_segment_size); columns[i++]->insert(typeToString(cache_type)); columns[i++]->insert(read_from_cache_attempted); - - if (profile_counters) - { - auto * column = columns[i++].get(); - ProfileEvents::dumpToMapColumn(*profile_counters, column, true); - } - else - { - columns[i++]->insertDefault(); - } - columns[i++]->insert(read_buffer_id); columns[i++]->insert(user_id); } diff --git a/src/Interpreters/FilesystemCacheLog.h b/src/Interpreters/FilesystemCacheLog.h index 94c3986a1ab2..3d5393f15ab5 100644 --- a/src/Interpreters/FilesystemCacheLog.h +++ b/src/Interpreters/FilesystemCacheLog.h @@ -35,7 +35,6 @@ struct FilesystemCacheLogElement size_t file_segment_size = 0; bool read_from_cache_attempted; String read_buffer_id{}; - std::shared_ptr profile_counters = nullptr; String user_id{}; static std::string name() { return "FilesystemCacheLog"; } From 567502016bd63c2407ab40a69611e432b2616d05 Mon Sep 17 00:00:00 2001 From: Azat Khuzhin Date: Fri, 6 Feb 2026 14:34:48 +0100 Subject: [PATCH 018/141] Update src/Disks/ObjectStorages/Cached/CachedObjectStorage.cpp --- src/Disks/ObjectStorages/Cached/CachedObjectStorage.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Disks/ObjectStorages/Cached/CachedObjectStorage.cpp b/src/Disks/ObjectStorages/Cached/CachedObjectStorage.cpp index 4c0dfb68609c..61641f167c7f 100644 --- a/src/Disks/ObjectStorages/Cached/CachedObjectStorage.cpp +++ b/src/Disks/ObjectStorages/Cached/CachedObjectStorage.cpp @@ -85,7 +85,7 @@ std::unique_ptr CachedObjectStorage::readObject( /// NOL auto global_context = Context::getGlobalContextInstance(); auto modified_read_settings = read_settings.withNestedBuffer(); - auto read_buffer_creator = [this, object, read_settings, read_hint]() + auto read_buffer_creator = [this, object, read_settings, read_hint, file_size]() { return object_storage->readObject(object, patchSettings(read_settings), read_hint, file_size); }; From 1200828a5c4f1090cf6baeb20386d0892dad9a24 Mon Sep 17 00:00:00 2001 From: Azat Khuzhin Date: Fri, 6 Feb 2026 16:04:00 +0100 Subject: [PATCH 019/141] Update CachedOnDiskReadBufferFromFile.cpp --- src/Disks/IO/CachedOnDiskReadBufferFromFile.cpp | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/Disks/IO/CachedOnDiskReadBufferFromFile.cpp b/src/Disks/IO/CachedOnDiskReadBufferFromFile.cpp index 9145832b9a3c..3ffd3781d86a 100644 --- a/src/Disks/IO/CachedOnDiskReadBufferFromFile.cpp +++ b/src/Disks/IO/CachedOnDiskReadBufferFromFile.cpp @@ -1100,8 +1100,6 @@ bool CachedOnDiskReadBufferFromFile::nextImplStep() swap.reset(); - current_file_segment_counters.increment(ProfileEvents::FileSegmentUsedBytes, available()); - if (size == 0 && file_offset_of_buffer_end < read_until_position) { size_t cache_file_size = getFileSizeFromReadBuffer(*implementation_buffer); From eb78e818df89d9a5c8f05e41382758e6113b80fa Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Fri, 6 Feb 2026 15:27:00 +0000 Subject: [PATCH 020/141] Backport #95948 to 25.8: Fix skipping paths in JSON data type --- src/Formats/JSONExtractTree.cpp | 2 +- tests/queries/0_stateless/03821_json_skip_path_fix.reference | 1 + tests/queries/0_stateless/03821_json_skip_path_fix.sql | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 tests/queries/0_stateless/03821_json_skip_path_fix.reference create mode 100644 tests/queries/0_stateless/03821_json_skip_path_fix.sql diff --git a/src/Formats/JSONExtractTree.cpp b/src/Formats/JSONExtractTree.cpp index ae60f9ce7e0a..e77fa113fa4f 100644 --- a/src/Formats/JSONExtractTree.cpp +++ b/src/Formats/JSONExtractTree.cpp @@ -1996,7 +1996,7 @@ class ObjectJSONNode : public JSONExtractTreeNode if (!sorted_paths_to_skip.empty()) { auto it = std::lower_bound(sorted_paths_to_skip.begin(), sorted_paths_to_skip.end(), path); - if (it != sorted_paths_to_skip.begin() && path.starts_with(*std::prev(it))) + if (it != sorted_paths_to_skip.begin() && path.starts_with(*std::prev(it) + ".")) return true; } diff --git a/tests/queries/0_stateless/03821_json_skip_path_fix.reference b/tests/queries/0_stateless/03821_json_skip_path_fix.reference new file mode 100644 index 000000000000..be9e7e81710a --- /dev/null +++ b/tests/queries/0_stateless/03821_json_skip_path_fix.reference @@ -0,0 +1 @@ +{"path_1":42,"path_2":42} diff --git a/tests/queries/0_stateless/03821_json_skip_path_fix.sql b/tests/queries/0_stateless/03821_json_skip_path_fix.sql new file mode 100644 index 000000000000..8c770fd14e29 --- /dev/null +++ b/tests/queries/0_stateless/03821_json_skip_path_fix.sql @@ -0,0 +1,2 @@ +select '{"path_1" : 42, "path_2" : 42, "path" : {"a" : 42}}'::JSON(SKIP path); + From 1235b950bcb929682ff445217390e0953b4fc611 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Sat, 7 Feb 2026 03:59:48 +0000 Subject: [PATCH 021/141] Backport #96182 to 25.8: Fix lock inversion in ProcessList --- src/Interpreters/ProcessList.cpp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/Interpreters/ProcessList.cpp b/src/Interpreters/ProcessList.cpp index cd83d3532bb7..5960cf961ac1 100644 --- a/src/Interpreters/ProcessList.cpp +++ b/src/Interpreters/ProcessList.cpp @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include @@ -367,7 +368,13 @@ ProcessList::EntryPtr ProcessList::insert( ProcessListEntry::~ProcessListEntry() { - CancellationChecker::getInstance().appendDoneTasks(*it); + { + /// We need to block the overcommit tracker here to avoid lock inversion because OvercommitTracker takes a lock on the ProcessList::mutex. + /// When task is added, we lock the ProcessList::mutex, and then the CancellationChecker mutex. + OvercommitTrackerBlockerInThread blocker; + CancellationChecker::getInstance().appendDoneTasks(*it); + } + LockAndOverCommitTrackerBlocker lock(parent.getMutex()); String user = (*it)->getClientInfo().current_user; From f032afbce2d111e87621431d3ec7cb808c207ffb Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Sat, 7 Feb 2026 04:02:30 +0000 Subject: [PATCH 022/141] Backport #96172 to 25.8: Fix query condition cache hash collision for CTE folded constants --- src/Columns/ColumnFunction.cpp | 23 ++++++++++ src/Columns/ColumnFunction.h | 17 ++------ src/Interpreters/ActionsDAG.cpp | 9 ++++ ...ition_cache_cte_constant_folding.reference | 3 ++ ...y_condition_cache_cte_constant_folding.sql | 43 +++++++++++++++++++ 5 files changed, 81 insertions(+), 14 deletions(-) create mode 100644 tests/queries/0_stateless/03903_query_condition_cache_cte_constant_folding.reference create mode 100644 tests/queries/0_stateless/03903_query_condition_cache_cte_constant_folding.sql diff --git a/src/Columns/ColumnFunction.cpp b/src/Columns/ColumnFunction.cpp index 5e50ee2a954a..1719bc09c43f 100644 --- a/src/Columns/ColumnFunction.cpp +++ b/src/Columns/ColumnFunction.cpp @@ -3,6 +3,7 @@ #include #include #include +#include #include #include #include @@ -291,6 +292,28 @@ size_t ColumnFunction::allocatedBytes() const return total_size; } +void ColumnFunction::updateHashWithValue(size_t n, SipHash & hash) const +{ + hash.update(function->getName()); + for (const auto & column : captured_columns) + column.column->updateHashWithValue(n, hash); +} + +WeakHash32 ColumnFunction::getWeakHash32() const +{ + WeakHash32 hash(elements_size); + for (const auto & column : captured_columns) + hash.update(column.column->getWeakHash32()); + return hash; +} + +void ColumnFunction::updateHashFast(SipHash & hash) const +{ + hash.update(function->getName()); + for (const auto & column : captured_columns) + column.column->updateHashFast(hash); +} + void ColumnFunction::appendArguments(const ColumnsWithTypeAndName & columns) { auto args = function->getArgumentTypes().size(); diff --git a/src/Columns/ColumnFunction.h b/src/Columns/ColumnFunction.h index 0e3335332dee..0f4316caea7d 100644 --- a/src/Columns/ColumnFunction.h +++ b/src/Columns/ColumnFunction.h @@ -121,20 +121,9 @@ class ColumnFunction final : public COWHelper, Col throw Exception(ErrorCodes::NOT_IMPLEMENTED, "Cannot skip serialized {}", getName()); } - void updateHashWithValue(size_t, SipHash &) const override - { - throw Exception(ErrorCodes::NOT_IMPLEMENTED, "updateHashWithValue is not implemented for {}", getName()); - } - - WeakHash32 getWeakHash32() const override - { - throw Exception(ErrorCodes::NOT_IMPLEMENTED, "getWeakHash32 is not implemented for {}", getName()); - } - - void updateHashFast(SipHash &) const override - { - throw Exception(ErrorCodes::NOT_IMPLEMENTED, "updateHashFast is not implemented for {}", getName()); - } + void updateHashWithValue(size_t n, SipHash & hash) const override; + WeakHash32 getWeakHash32() const override; + void updateHashFast(SipHash & hash) const override; void popBack(size_t) override { diff --git a/src/Interpreters/ActionsDAG.cpp b/src/Interpreters/ActionsDAG.cpp index 300a43f3d779..9866681ef6f3 100644 --- a/src/Interpreters/ActionsDAG.cpp +++ b/src/Interpreters/ActionsDAG.cpp @@ -163,8 +163,17 @@ void ActionsDAG::Node::updateHash(SipHash & hash_state) const hash_state.update(is_deterministic_constant); if (column) + { hash_state.update(column->getName()); + /// We must also hash the actual constant value, not just the column type name. + /// Otherwise, two different constants with the same type and the same expression-based + /// result_name (e.g. from CTE constant folding) would produce identical hashes, + /// leading to query condition cache collisions and incorrect results. + if (isColumnConst(*column)) + column->updateHashWithValue(0, hash_state); + } + for (const auto & child : children) child->updateHash(hash_state); } diff --git a/tests/queries/0_stateless/03903_query_condition_cache_cte_constant_folding.reference b/tests/queries/0_stateless/03903_query_condition_cache_cte_constant_folding.reference new file mode 100644 index 000000000000..48f6d1611d27 --- /dev/null +++ b/tests/queries/0_stateless/03903_query_condition_cache_cte_constant_folding.reference @@ -0,0 +1,3 @@ +20000 2021 2022 +20000 2020 2021 +20000 2018 2019 diff --git a/tests/queries/0_stateless/03903_query_condition_cache_cte_constant_folding.sql b/tests/queries/0_stateless/03903_query_condition_cache_cte_constant_folding.sql new file mode 100644 index 000000000000..821cffd16b4d --- /dev/null +++ b/tests/queries/0_stateless/03903_query_condition_cache_cte_constant_folding.sql @@ -0,0 +1,43 @@ +-- Tags: no-random-settings + +-- Test for query condition cache correctness with CTE constant folding. +-- When constants are folded from CTE expressions, different constant values must produce +-- different hashes. Otherwise the query condition cache returns wrong results. +-- https://github.com/ClickHouse/ClickHouse/issues/96060 + +SET use_query_condition_cache = 1; + +DROP TABLE IF EXISTS test_qcc_cte; + +CREATE TABLE test_qcc_cte (activity_year Int16) ENGINE = MergeTree ORDER BY activity_year; +-- Need enough rows to have multiple granules so the cache can incorrectly exclude some. +INSERT INTO test_qcc_cte SELECT number % 10 + 2018 FROM numbers(100000); + +SYSTEM CLEAR QUERY CONDITION CACHE; + +-- First query: addMonths('2022-12-01', 0) -> year = 2022, filter: year IN (2021, 2022) +WITH block_0 AS ( + SELECT *, addMonths('2022-12-01'::date, 0) AS report_month + FROM test_qcc_cte +) +SELECT count(), min(activity_year), max(activity_year) FROM block_0 +WHERE (activity_year = toYear(report_month)) OR (activity_year = toYear(report_month) - 1); + +-- Second query: addMonths('2022-12-01', -12) -> year = 2021, filter: year IN (2020, 2021) +-- Without the fix, this would return wrong results due to cache hash collision. +WITH block_0 AS ( + SELECT *, addMonths('2022-12-01'::date, -12) AS report_month + FROM test_qcc_cte +) +SELECT count(), min(activity_year), max(activity_year) FROM block_0 +WHERE (activity_year = toYear(report_month)) OR (activity_year = toYear(report_month) - 1); + +-- Third query: addMonths('2022-12-01', -36) -> year = 2019, filter: year IN (2018, 2019) +WITH block_0 AS ( + SELECT *, addMonths('2022-12-01'::date, -36) AS report_month + FROM test_qcc_cte +) +SELECT count(), min(activity_year), max(activity_year) FROM block_0 +WHERE (activity_year = toYear(report_month)) OR (activity_year = toYear(report_month) - 1); + +DROP TABLE test_qcc_cte; From f78c55e78b0a5bf52d09f8a38f29f0103ea8b9cc Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Sun, 8 Feb 2026 15:19:29 +0000 Subject: [PATCH 023/141] Backport #90204 to 25.8: Fix applying patch parts with query condition cache --- .../QueryPlan/ReadFromMergeTree.cpp | 2 +- .../MergeTree/MergeTreeDataSelectExecutor.cpp | 5 +++- .../MergeTree/MergeTreeDataSelectExecutor.h | 1 + ...100_lwu_45_query_condition_cache.reference | 2 ++ .../03100_lwu_45_query_condition_cache.sql | 23 +++++++++++++++++++ 5 files changed, 31 insertions(+), 2 deletions(-) create mode 100644 tests/queries/0_stateless/03100_lwu_45_query_condition_cache.reference create mode 100644 tests/queries/0_stateless/03100_lwu_45_query_condition_cache.sql diff --git a/src/Processors/QueryPlan/ReadFromMergeTree.cpp b/src/Processors/QueryPlan/ReadFromMergeTree.cpp index 61e9e34fcfea..1705c58b0451 100644 --- a/src/Processors/QueryPlan/ReadFromMergeTree.cpp +++ b/src/Processors/QueryPlan/ReadFromMergeTree.cpp @@ -1999,7 +1999,7 @@ ReadFromMergeTree::AnalysisResultPtr ReadFromMergeTree::selectRangesToRead( find_exact_ranges, query_info_.isFinal()); - MergeTreeDataSelectExecutor::filterPartsByQueryConditionCache(result.parts_with_ranges, query_info_, vector_search_parameters, context_, log); + MergeTreeDataSelectExecutor::filterPartsByQueryConditionCache(result.parts_with_ranges, query_info_, vector_search_parameters, mutations_snapshot, context_, log); if (indexes->use_skip_indexes && !indexes->skip_indexes.useful_indices.empty() && query_info_.isFinal() && settings[Setting::use_skip_indexes_if_final_exact_mode]) diff --git a/src/Storages/MergeTree/MergeTreeDataSelectExecutor.cpp b/src/Storages/MergeTree/MergeTreeDataSelectExecutor.cpp index 2a8d178a5425..ffe648c83a09 100644 --- a/src/Storages/MergeTree/MergeTreeDataSelectExecutor.cpp +++ b/src/Storages/MergeTree/MergeTreeDataSelectExecutor.cpp @@ -1060,6 +1060,7 @@ void MergeTreeDataSelectExecutor::filterPartsByQueryConditionCache( RangesInDataParts & parts_with_ranges, const SelectQueryInfo & select_query_info, const std::optional & vector_search_parameters, + const MergeTreeData::MutationsSnapshotPtr & mutations_snapshot, const ContextPtr & context, LoggerPtr log) { @@ -1067,7 +1068,9 @@ void MergeTreeDataSelectExecutor::filterPartsByQueryConditionCache( if (!settings[Setting::use_query_condition_cache] || !settings[Setting::allow_experimental_analyzer] || (!select_query_info.prewhere_info && !select_query_info.filter_actions_dag) - || (vector_search_parameters.has_value())) /// vector search has filter in the ORDER BY + || (vector_search_parameters.has_value()) /// vector search has filter in the ORDER BY + || select_query_info.isFinal() + || (mutations_snapshot->hasDataMutations() || mutations_snapshot->hasPatchParts())) return; QueryConditionCachePtr query_condition_cache = context->getQueryConditionCache(); diff --git a/src/Storages/MergeTree/MergeTreeDataSelectExecutor.h b/src/Storages/MergeTree/MergeTreeDataSelectExecutor.h index 7be2415ed133..7d2b5ab231e3 100644 --- a/src/Storages/MergeTree/MergeTreeDataSelectExecutor.h +++ b/src/Storages/MergeTree/MergeTreeDataSelectExecutor.h @@ -215,6 +215,7 @@ class MergeTreeDataSelectExecutor RangesInDataParts & parts_with_ranges, const SelectQueryInfo & select_query_info, const std::optional & vector_search_parameters, + const MergeTreeData::MutationsSnapshotPtr & mutations_snapshot, const ContextPtr & context, LoggerPtr log); diff --git a/tests/queries/0_stateless/03100_lwu_45_query_condition_cache.reference b/tests/queries/0_stateless/03100_lwu_45_query_condition_cache.reference new file mode 100644 index 000000000000..ddc60e3ba0f5 --- /dev/null +++ b/tests/queries/0_stateless/03100_lwu_45_query_condition_cache.reference @@ -0,0 +1,2 @@ +0 +100000 diff --git a/tests/queries/0_stateless/03100_lwu_45_query_condition_cache.sql b/tests/queries/0_stateless/03100_lwu_45_query_condition_cache.sql new file mode 100644 index 000000000000..f1db5ce9adda --- /dev/null +++ b/tests/queries/0_stateless/03100_lwu_45_query_condition_cache.sql @@ -0,0 +1,23 @@ +DROP TABLE IF EXISTS t_lwu_condition_cache; + +SET use_query_condition_cache = 1; +SET enable_lightweight_update = 1; +SET apply_patch_parts = 1; + +CREATE TABLE t_lwu_condition_cache +( + id UInt64 DEFAULT generateSnowflakeID(), + exists UInt8 +) +ENGINE = MergeTree ORDER BY id +SETTINGS index_granularity = 8192, enable_block_number_column = 1, enable_block_offset_column = 1; + +INSERT INTO t_lwu_condition_cache (exists) SELECT 0 FROM numbers(100000); + +SELECT count() FROM t_lwu_condition_cache WHERE exists; + +UPDATE t_lwu_condition_cache SET exists = 1 WHERE 1; + +SELECT count() FROM t_lwu_condition_cache WHERE exists; + +DROP TABLE IF EXISTS t_lwu_condition_cache; From 841b255376c3ed282abd26395ca901cf77951e44 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Mon, 9 Feb 2026 09:33:15 +0000 Subject: [PATCH 024/141] Backport #95899 to 25.8: Skip S3 reads when querying DeltaLake from system.tables --- .../DataLakes/DataLakeConfiguration.h | 10 +++++ .../DataLakes/IDataLakeMetadata.h | 2 + .../DataLakes/Iceberg/IcebergMetadata.h | 2 + .../ObjectStorage/StorageObjectStorage.cpp | 6 +++ .../StorageObjectStorageConfiguration.h | 2 + tests/integration/test_storage_delta/test.py | 39 +++++++++++++++++++ 6 files changed, 61 insertions(+) diff --git a/src/Storages/ObjectStorage/DataLakes/DataLakeConfiguration.h b/src/Storages/ObjectStorage/DataLakes/DataLakeConfiguration.h index 1f01c5c12207..50552ba9c5c4 100644 --- a/src/Storages/ObjectStorage/DataLakes/DataLakeConfiguration.h +++ b/src/Storages/ObjectStorage/DataLakes/DataLakeConfiguration.h @@ -163,12 +163,22 @@ class DataLakeConfiguration : public BaseStorageConfiguration, public std::enabl return std::nullopt; } + bool supportsTotalRows() const override + { + return DataLakeMetadata::supportsTotalRows(); + } + std::optional totalRows(ContextPtr local_context) override { assertInitialized(); return current_metadata->totalRows(local_context); } + bool supportsTotalBytes() const override + { + return DataLakeMetadata::supportsTotalBytes(); + } + std::optional totalBytes(ContextPtr local_context) override { assertInitialized(); diff --git a/src/Storages/ObjectStorage/DataLakes/IDataLakeMetadata.h b/src/Storages/ObjectStorage/DataLakes/IDataLakeMetadata.h index 962e965574b4..2e5e9a5e5955 100644 --- a/src/Storages/ObjectStorage/DataLakes/IDataLakeMetadata.h +++ b/src/Storages/ObjectStorage/DataLakes/IDataLakeMetadata.h @@ -76,7 +76,9 @@ class IDataLakeMetadata : boost::noncopyable virtual void modifyFormatSettings(FormatSettings &) const {} + static constexpr bool supportsTotalRows() { return false; } virtual std::optional totalRows(ContextPtr) const { return {}; } + static constexpr bool supportsTotalBytes() { return false; } virtual std::optional totalBytes(ContextPtr) const { return {}; } /// Some data lakes specify information for reading files from disks. diff --git a/src/Storages/ObjectStorage/DataLakes/Iceberg/IcebergMetadata.h b/src/Storages/ObjectStorage/DataLakes/Iceberg/IcebergMetadata.h index e755c72946b8..a4c2e6d1b94f 100644 --- a/src/Storages/ObjectStorage/DataLakes/Iceberg/IcebergMetadata.h +++ b/src/Storages/ObjectStorage/DataLakes/Iceberg/IcebergMetadata.h @@ -89,7 +89,9 @@ class IcebergMetadata : public IDataLakeMetadata IcebergHistory getHistory(ContextPtr local_context) const; + static constexpr bool supportsTotalRows() { return true; } std::optional totalRows(ContextPtr Local_context) const override; + static constexpr bool supportsTotalBytes() { return true; } std::optional totalBytes(ContextPtr Local_context) const override; ColumnMapperPtr getColumnMapperForObject(ObjectInfoPtr object_info) const override; diff --git a/src/Storages/ObjectStorage/StorageObjectStorage.cpp b/src/Storages/ObjectStorage/StorageObjectStorage.cpp index 0d333b9a9713..c1791c831e92 100644 --- a/src/Storages/ObjectStorage/StorageObjectStorage.cpp +++ b/src/Storages/ObjectStorage/StorageObjectStorage.cpp @@ -314,6 +314,9 @@ bool StorageObjectStorage::updateExternalDynamicMetadataIfExists(ContextPtr quer std::optional StorageObjectStorage::totalRows(ContextPtr query_context) const { + if (!configuration->supportsTotalRows()) + return std::nullopt; + configuration->update( object_storage, query_context, @@ -325,6 +328,9 @@ std::optional StorageObjectStorage::totalRows(ContextPtr query_context) std::optional StorageObjectStorage::totalBytes(ContextPtr query_context) const { + if (!configuration->supportsTotalBytes()) + return std::nullopt; + configuration->update( object_storage, query_context, diff --git a/src/Storages/ObjectStorage/StorageObjectStorageConfiguration.h b/src/Storages/ObjectStorage/StorageObjectStorageConfiguration.h index 223ced7ff203..9db351a790db 100644 --- a/src/Storages/ObjectStorage/StorageObjectStorageConfiguration.h +++ b/src/Storages/ObjectStorage/StorageObjectStorageConfiguration.h @@ -131,7 +131,9 @@ class StorageObjectStorageConfiguration virtual bool isDataLakeConfiguration() const { return false; } + virtual bool supportsTotalRows() const { return false; } virtual std::optional totalRows(ContextPtr) { return {}; } + virtual bool supportsTotalBytes() const { return false; } virtual std::optional totalBytes(ContextPtr) { return {}; } virtual bool hasExternalDynamicMetadata() { return false; } diff --git a/tests/integration/test_storage_delta/test.py b/tests/integration/test_storage_delta/test.py index 6241ed6ecd8a..ba3bf120ed8f 100644 --- a/tests/integration/test_storage_delta/test.py +++ b/tests/integration/test_storage_delta/test.py @@ -3569,3 +3569,42 @@ def test_write_column_order(started_cluster): ) assert num_rows * 2 == int(instance.query(f"SELECT count() FROM {table_name}")) + + +def test_network_activity_with_system_tables(started_cluster): + instance = started_cluster.instances["node1"] + bucket = started_cluster.minio_bucket + table_name = randomize_table_name("test_network_activity_with_system_tables") + result_file = f"{table_name}_data" + + schema = pa.schema([("id", pa.int32(), False), ("name", pa.string(), False)]) + empty_arrays = [pa.array([], type=pa.int32()), pa.array([], type=pa.string())] + write_deltalake( + f"s3://root/{result_file}", + pa.Table.from_arrays(empty_arrays, schema=schema), + storage_options=get_storage_options(started_cluster), + mode="overwrite", + ) + + instance.query( + f""" + CREATE TABLE {table_name} (id Int32, name String) ENGINE = DeltaLake('http://{started_cluster.minio_ip}:{started_cluster.minio_port}/{bucket}/{result_file}/', 'minio', '{minio_secret_key}') + """ + ) + + instance.query( + f"INSERT INTO {table_name} SELECT number as name, toString(number) as id from numbers(10)" + ) + + query_id = f"{table_name}_query" + instance.query( + f"SELECT * FROM system.tables WHERE name = '{table_name}'", query_id=query_id + ) + + instance.query("SYSTEM FLUSH LOGS text_log") + + assert 0 == int( + instance.query( + f"SELECT count() FROM system.text_log WHERE query_id = '{query_id}' AND message LIKE '%Initialized scan state%'" + ) + ) From f760bf220f99b586237f84a180c12af64d1b43ff Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Mon, 9 Feb 2026 17:34:39 +0000 Subject: [PATCH 025/141] Backport #92103 to 25.8: Fix crash in WriteBufferFromHTTPServerResponse::onProgress() for async restore started via HTTP protocol --- src/Backups/RestorerFromBackup.cpp | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/Backups/RestorerFromBackup.cpp b/src/Backups/RestorerFromBackup.cpp index ba0e6718d6f1..48b1fcd96f50 100644 --- a/src/Backups/RestorerFromBackup.cpp +++ b/src/Backups/RestorerFromBackup.cpp @@ -833,6 +833,11 @@ void RestorerFromBackup::createDatabase(const String & database_name) const auto create_query_context = Context::createCopy(query_context); create_query_context->setSetting("allow_deprecated_database_ordinary", 1); + /// We shouldn't use the progress callback copied from the `query_context` because it was set in a protocol handler (e.g. HTTPHandler) + /// for the "RESTORE ASYNC" query which could have already finished (the restore process is working in the background). + /// TODO: Get rid of using `query_context` in class RestorerFromBackup. + create_query_context->setProgressCallback(nullptr); + #if CLICKHOUSE_CLOUD if (shared_catalog && SharedDatabaseCatalog::instance().shouldRestoreDatabase(create_database_query)) { @@ -1075,6 +1080,11 @@ void RestorerFromBackup::createTable(const QualifiedTableName & table_name) create_query_context->setUnderRestore(true); + /// We shouldn't use the progress callback copied from the `query_context` because it was set in a protocol handler (e.g. HTTPHandler) + /// for the "RESTORE ASYNC" query which could have already finished (the restore process is working in the background). + /// TODO: Get rid of using `query_context` in class RestorerFromBackup. + create_query_context->setProgressCallback(nullptr); + /// Execute CREATE TABLE query (we call IDatabase::createTableRestoredFromBackup() to allow the database to do some /// database-specific things). database->createTableRestoredFromBackup( From daa3abd359c438c46dd80b3117237a8e462f7c89 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Tue, 10 Feb 2026 10:30:34 +0000 Subject: [PATCH 026/141] Backport #96479 to 25.8: Fix null pointer dereference in `DataTypeFunction::updateHashImpl` --- src/DataTypes/DataTypeFunction.cpp | 8 +++++++- .../03913_data_type_function_null_arg_hash.reference | 0 .../03913_data_type_function_null_arg_hash.sql | 3 +++ 3 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 tests/queries/0_stateless/03913_data_type_function_null_arg_hash.reference create mode 100644 tests/queries/0_stateless/03913_data_type_function_null_arg_hash.sql diff --git a/src/DataTypes/DataTypeFunction.cpp b/src/DataTypes/DataTypeFunction.cpp index 51eb20f023b5..6c2386610cfd 100644 --- a/src/DataTypes/DataTypeFunction.cpp +++ b/src/DataTypes/DataTypeFunction.cpp @@ -36,10 +36,16 @@ bool DataTypeFunction::equals(const IDataType & rhs) const void DataTypeFunction::updateHashImpl(SipHash & hash) const { + /// Argument types and return type can be nullptr when the lambda is not yet resolved. hash.update(argument_types.size()); for (const auto & arg_type : argument_types) - arg_type->updateHash(hash); + { + hash.update(arg_type != nullptr); + if (arg_type) + arg_type->updateHash(hash); + } + hash.update(return_type != nullptr); if (return_type) return_type->updateHash(hash); } diff --git a/tests/queries/0_stateless/03913_data_type_function_null_arg_hash.reference b/tests/queries/0_stateless/03913_data_type_function_null_arg_hash.reference new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/tests/queries/0_stateless/03913_data_type_function_null_arg_hash.sql b/tests/queries/0_stateless/03913_data_type_function_null_arg_hash.sql new file mode 100644 index 000000000000..956fce12ae8d --- /dev/null +++ b/tests/queries/0_stateless/03913_data_type_function_null_arg_hash.sql @@ -0,0 +1,3 @@ +-- Regression test: DataTypeFunction::updateHashImpl must handle null argument types +-- https://s3.amazonaws.com/clickhouse-test-reports/json.html?REF=master&sha=b9e68f4b9b0b33c7db43b00afb3eff4ff2050694&name_0=MasterCI&name_1=AST%20fuzzer%20%28amd_ubsan%29 +SELECT arrayFold((acc, x) -> plus(acc, toString(NULL, toLowCardinality(toUInt128(4)), materialize(4), 'aaaa', materialize(4), 4, 4, 1), x), range(number), ((acc, x) -> if(x % 2, arrayPushFront(acc, x), arrayPushBack(acc, x)))) FROM system.numbers LIMIT 0; -- { serverError NUMBER_OF_ARGUMENTS_DOESNT_MATCH } From 5ee3f7148d32c3ae20bca3ac9ed8889e256958a3 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Tue, 10 Feb 2026 11:33:13 +0000 Subject: [PATCH 027/141] Backport #96103 to 25.8: Fix revoking default roles --- .../Access/InterpreterGrantQuery.cpp | 13 ++++++++- .../03822_revoke_default_role.reference | 4 +++ .../0_stateless/03822_revoke_default_role.sh | 27 +++++++++++++++++++ 3 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 tests/queries/0_stateless/03822_revoke_default_role.reference create mode 100755 tests/queries/0_stateless/03822_revoke_default_role.sh diff --git a/src/Interpreters/Access/InterpreterGrantQuery.cpp b/src/Interpreters/Access/InterpreterGrantQuery.cpp index 2b5381e96400..1b43109a05f3 100644 --- a/src/Interpreters/Access/InterpreterGrantQuery.cpp +++ b/src/Interpreters/Access/InterpreterGrantQuery.cpp @@ -319,9 +319,20 @@ namespace if (!roles_to_revoke.empty()) { if (admin_option) + { grantee.granted_roles.revokeAdminOption(grantee.granted_roles.findGrantedWithAdminOption(roles_to_revoke)); + } else - grantee.granted_roles.revoke(grantee.granted_roles.findGranted(roles_to_revoke)); + { + auto found_roles_to_revoke = grantee.granted_roles.findGranted(roles_to_revoke); + grantee.granted_roles.revoke(found_roles_to_revoke); + + if constexpr (std::is_same_v) + { + for (const auto & id : found_roles_to_revoke) + grantee.default_roles.ids.erase(id); + } + } } if (!roles_to_grant.empty()) diff --git a/tests/queries/0_stateless/03822_revoke_default_role.reference b/tests/queries/0_stateless/03822_revoke_default_role.reference new file mode 100644 index 000000000000..1d674b07c13c --- /dev/null +++ b/tests/queries/0_stateless/03822_revoke_default_role.reference @@ -0,0 +1,4 @@ +CREATE USER user_03822_default IDENTIFIED WITH no_password DEFAULT ROLE role_03822_default +role_03822_default 0 1 +After revoke: +CREATE USER user_03822_default IDENTIFIED WITH no_password DEFAULT ROLE NONE diff --git a/tests/queries/0_stateless/03822_revoke_default_role.sh b/tests/queries/0_stateless/03822_revoke_default_role.sh new file mode 100755 index 000000000000..aa51bd26e643 --- /dev/null +++ b/tests/queries/0_stateless/03822_revoke_default_role.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash + +CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +# shellcheck source=../shell_config.sh +. "$CURDIR"/../shell_config.sh + +user_name="user_03822_${CLICKHOUSE_DATABASE}" +role_name="role_03822_${CLICKHOUSE_DATABASE}" + +$CLICKHOUSE_CLIENT -q "DROP USER IF EXISTS ${user_name}" +$CLICKHOUSE_CLIENT -q "DROP ROLE IF EXISTS ${role_name}" + +$CLICKHOUSE_CLIENT -q "CREATE USER ${user_name}" +$CLICKHOUSE_CLIENT -q "CREATE ROLE ${role_name}" + +$CLICKHOUSE_CLIENT -q "GRANT ${role_name} TO ${user_name}" +$CLICKHOUSE_CLIENT -q "SET DEFAULT ROLE ${role_name} TO ${user_name}" +$CLICKHOUSE_CLIENT -q "SHOW CREATE USER ${user_name}" +$CLICKHOUSE_CLIENT --user ${user_name} -q "SHOW CURRENT ROLES" + +echo "After revoke:" +$CLICKHOUSE_CLIENT -q "REVOKE ${role_name} FROM ${user_name}" +$CLICKHOUSE_CLIENT -q "SHOW CREATE USER ${user_name}" +$CLICKHOUSE_CLIENT --user ${user_name} -q "SHOW CURRENT ROLES" + +$CLICKHOUSE_CLIENT -q "DROP USER ${user_name}" +$CLICKHOUSE_CLIENT -q "DROP ROLE ${role_name}" From 1e70af079a28fdd12c609ae6a329707e1da06908 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Tue, 10 Feb 2026 13:43:29 +0000 Subject: [PATCH 028/141] Backport #96405 to 25.8: Crash with old analyzer if JOIN and duplicated aliases --- src/Interpreters/TreeRewriter.cpp | 7 ++++ .../03903_join_alias_dups.reference | 4 +++ .../0_stateless/03903_join_alias_dups.sql.j2 | 32 +++++++++++++++++++ 3 files changed, 43 insertions(+) create mode 100644 tests/queries/0_stateless/03903_join_alias_dups.reference create mode 100644 tests/queries/0_stateless/03903_join_alias_dups.sql.j2 diff --git a/src/Interpreters/TreeRewriter.cpp b/src/Interpreters/TreeRewriter.cpp index 05768ab19284..fe68def3d353 100644 --- a/src/Interpreters/TreeRewriter.cpp +++ b/src/Interpreters/TreeRewriter.cpp @@ -1362,7 +1362,14 @@ TreeRewriterResultPtr TreeRewriter::analyzeSelect( result.analyzed_join = std::make_shared(); if (remove_duplicates) + { + Aliases aliases; + NameSet name_set; + + normalize(query, aliases, name_set, select_options.ignore_alias, settings, /* allow_self_aliases = */ true, getContext(), select_options.is_create_parameterized_view); renameDuplicatedColumns(select_query); + } + /// Perform it before analyzing JOINs, because it may change number of columns with names unique and break some logic inside JOINs if (settings[Setting::optimize_normalize_count_variants]) diff --git a/tests/queries/0_stateless/03903_join_alias_dups.reference b/tests/queries/0_stateless/03903_join_alias_dups.reference new file mode 100644 index 000000000000..30ea790176ca --- /dev/null +++ b/tests/queries/0_stateless/03903_join_alias_dups.reference @@ -0,0 +1,4 @@ +42 +1 g +42 +1 g diff --git a/tests/queries/0_stateless/03903_join_alias_dups.sql.j2 b/tests/queries/0_stateless/03903_join_alias_dups.sql.j2 new file mode 100644 index 000000000000..71aad85c3d14 --- /dev/null +++ b/tests/queries/0_stateless/03903_join_alias_dups.sql.j2 @@ -0,0 +1,32 @@ +{% for enable_analyzer in [0, 1] -%} + +SET enable_analyzer = {{ enable_analyzer }}; +SET join_algorithm = 'hash'; + +SELECT A.g +FROM ( SELECT 1::Int8 AS d ) AS B +JOIN ( SELECT 1::Int8 as d, g, 42::Int32 AS g FROM ( SELECT '128' AS g ) ) AS A +USING (d); + +WITH B AS ( +SELECT + 1 AS d + ), + A AS ( +SELECT + g, d, + MAX(IF(m = 'A', g, NULL)) AS g +FROM + ( + SELECT + 'g' AS g, 1 d, + 'A' m + ) +GROUP BY ALL ) +SELECT + B.*, + A.g +FROM + B +LEFT JOIN A USING d; +{% endfor -%} From be31e9df45a4a00e56d5e983ebe5b063b4fb4edb Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Tue, 10 Feb 2026 16:35:50 +0000 Subject: [PATCH 029/141] Backport #96450 to 25.8: Fix livelock in CancellationChecker caused by timeout overflow --- src/Interpreters/CancellationChecker.cpp | 27 ++++++++++++++----- src/Interpreters/CancellationChecker.h | 4 +-- src/Interpreters/ProcessList.cpp | 5 ++-- src/Interpreters/ProcessList.h | 5 ++-- ...ncellation_checker_large_timeout.reference | 3 +++ ...903_cancellation_checker_large_timeout.sql | 9 +++++++ 6 files changed, 41 insertions(+), 12 deletions(-) create mode 100644 tests/queries/0_stateless/03903_cancellation_checker_large_timeout.reference create mode 100644 tests/queries/0_stateless/03903_cancellation_checker_large_timeout.sql diff --git a/src/Interpreters/CancellationChecker.cpp b/src/Interpreters/CancellationChecker.cpp index 36f38b12f59e..5812ae193ca8 100644 --- a/src/Interpreters/CancellationChecker.cpp +++ b/src/Interpreters/CancellationChecker.cpp @@ -14,6 +14,10 @@ namespace DB /// Tasks may be cancelled slightly later than their exact timeout, but never before. static constexpr UInt64 CANCELLATION_GRID_MS = 100; +/// Maximum allowed timeout is 1 year in milliseconds. +/// This prevents overflow in chrono calculations and ensures reasonable behavior. +static constexpr Int64 MAX_TIMEOUT_MS = 365LL * 24 * 60 * 60 * 1000; + struct CancellationChecker::QueryToTrack { QueryToTrack(QueryStatusPtr query_, UInt64 timeout_, UInt64 endtime_, OverflowMode overflow_mode_) @@ -67,23 +71,30 @@ void CancellationChecker::terminateThread() cond_var.notify_all(); } -void CancellationChecker::appendTask(const QueryStatusPtr & query, const Int64 timeout, OverflowMode overflow_mode) +bool CancellationChecker::appendTask(const QueryStatusPtr & query, const Int64 timeout, OverflowMode overflow_mode) { if (timeout <= 0) // Avoid cases when the timeout is less or equal zero { LOG_TEST(log, "Did not add the task because the timeout is 0, query_id: {}", query->getClientInfo().current_query_id); - return; + return false; } + + /// Cap timeout to 1 year to prevent overflow in chrono calculations. + /// std::condition_variable::wait_for converts milliseconds to nanoseconds internally + /// (multiplying by 1,000,000), which overflows for values close to INT64_MAX. + const Int64 capped_timeout = std::min(timeout, MAX_TIMEOUT_MS); + std::unique_lock lock(m); - LOG_TEST(log, "Added to set. query: {}, timeout: {} milliseconds", query->getInfo().query, timeout); + LOG_TEST(log, "Added to set. query: {}, timeout: {} milliseconds", query->getInfo().query, capped_timeout); const auto now = std::chrono::steady_clock::now(); const UInt64 now_ms = std::chrono::duration_cast(now.time_since_epoch()).count(); /// Round up to the next grid boundary to enable batching of timeout checks. /// This ensures tasks are never cancelled before their timeout, only slightly after. - const UInt64 end_time = ((now_ms + timeout + CANCELLATION_GRID_MS - 1) / CANCELLATION_GRID_MS) * CANCELLATION_GRID_MS; - auto iter = query_set.emplace(query, timeout, end_time, overflow_mode); + const UInt64 end_time = ((now_ms + capped_timeout + CANCELLATION_GRID_MS - 1) / CANCELLATION_GRID_MS) * CANCELLATION_GRID_MS; + auto iter = query_set.emplace(query, capped_timeout, end_time, overflow_mode); if (iter == query_set.begin()) // Only notify if the new task is the earliest one cond_var.notify_all(); + return true; } void CancellationChecker::appendDoneTasks(const QueryStatusPtr & query) @@ -158,7 +169,11 @@ void CancellationChecker::workerFunction() cond_var.wait_for( lock, std::chrono::milliseconds(query_set.begin()->endtime - now_ms), - [&, now_ms] { return stop_thread || (!query_set.empty() && query_set.begin()->endtime < now_ms); }); + [&] { + /// Use fresh time to avoid spinning when the predicate is re-evaluated after spurious wakeups. + UInt64 fresh_now_ms = std::chrono::duration_cast(std::chrono::steady_clock::now().time_since_epoch()).count(); + return stop_thread || (!query_set.empty() && query_set.begin()->endtime <= fresh_now_ms); + }); } } } diff --git a/src/Interpreters/CancellationChecker.h b/src/Interpreters/CancellationChecker.h index c6c2a2b1f5f2..7a4f0e089de6 100644 --- a/src/Interpreters/CancellationChecker.h +++ b/src/Interpreters/CancellationChecker.h @@ -56,8 +56,8 @@ class CancellationChecker void terminateThread(); - // Method to add a new task to the multiset - void appendTask(const QueryStatusPtr & query, Int64 timeout, OverflowMode overflow_mode); + // Method to add a new task to the multiset. Returns true if the task was added. + [[nodiscard]] bool appendTask(const QueryStatusPtr & query, Int64 timeout, OverflowMode overflow_mode); // Used when some task is done void appendDoneTasks(const QueryStatusPtr & query); diff --git a/src/Interpreters/ProcessList.cpp b/src/Interpreters/ProcessList.cpp index 5960cf961ac1..be8912cc183e 100644 --- a/src/Interpreters/ProcessList.cpp +++ b/src/Interpreters/ProcessList.cpp @@ -330,11 +330,11 @@ ProcessList::EntryPtr ProcessList::insert( processes.end(), query); - CancellationChecker::getInstance().appendTask(query, query_context->getSettingsRef()[Setting::max_execution_time].totalMilliseconds(), query_context->getSettingsRef()[Setting::timeout_overflow_mode]); + bool registered_in_cancellation_checker = CancellationChecker::getInstance().appendTask(query, query_context->getSettingsRef()[Setting::max_execution_time].totalMilliseconds(), query_context->getSettingsRef()[Setting::timeout_overflow_mode]); increaseQueryKindAmount(query_kind); - res = std::make_shared(*this, process_it); + res = std::make_shared(*this, process_it, registered_in_cancellation_checker); (*process_it)->setUserProcessList(&user_process_list); (*process_it)->setProcessListEntry(res); @@ -368,6 +368,7 @@ ProcessList::EntryPtr ProcessList::insert( ProcessListEntry::~ProcessListEntry() { + if (registered_in_cancellation_checker) { /// We need to block the overcommit tracker here to avoid lock inversion because OvercommitTracker takes a lock on the ProcessList::mutex. /// When task is added, we lock the ProcessList::mutex, and then the CancellationChecker mutex. diff --git a/src/Interpreters/ProcessList.h b/src/Interpreters/ProcessList.h index 8b6cd93946c1..645acf0f67ea 100644 --- a/src/Interpreters/ProcessList.h +++ b/src/Interpreters/ProcessList.h @@ -343,10 +343,11 @@ class ProcessListEntry ProcessList & parent; Container::iterator it; + bool registered_in_cancellation_checker = false; public: - ProcessListEntry(ProcessList & parent_, Container::iterator it_) - : parent(parent_), it(it_) {} + ProcessListEntry(ProcessList & parent_, Container::iterator it_, bool registered_in_cancellation_checker_) + : parent(parent_), it(it_), registered_in_cancellation_checker(registered_in_cancellation_checker_) {} ~ProcessListEntry(); diff --git a/tests/queries/0_stateless/03903_cancellation_checker_large_timeout.reference b/tests/queries/0_stateless/03903_cancellation_checker_large_timeout.reference new file mode 100644 index 000000000000..e8183f05f5db --- /dev/null +++ b/tests/queries/0_stateless/03903_cancellation_checker_large_timeout.reference @@ -0,0 +1,3 @@ +1 +1 +1 diff --git a/tests/queries/0_stateless/03903_cancellation_checker_large_timeout.sql b/tests/queries/0_stateless/03903_cancellation_checker_large_timeout.sql new file mode 100644 index 000000000000..edadd3e08f05 --- /dev/null +++ b/tests/queries/0_stateless/03903_cancellation_checker_large_timeout.sql @@ -0,0 +1,9 @@ +-- Tags: no-fasttest +-- Test that extremely large max_execution_time values don't cause livelock in CancellationChecker. +-- The timeout is internally capped to 1 year to prevent overflow in std::condition_variable::wait_for. +-- This query should complete quickly without hanging, regardless of the huge timeout value. + +SET max_execution_time = 9223372041; -- Close to INT64_MAX / 1000000000, would overflow when converted to nanoseconds +SELECT 1; +SELECT 1; +SELECT 1; From b840f86c314b0e28830309e487135238f2b58ac7 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Wed, 11 Feb 2026 19:34:07 +0000 Subject: [PATCH 030/141] Backport #96671 to 25.8: Validate witness version in bech32 to avoid buffer overflow --- src/Functions/bech32.cpp | 19 +++++++++++++++++++ ...5_bech32_invalid_witness_version.reference | 3 +++ .../03915_bech32_invalid_witness_version.sql | 19 +++++++++++++++++++ 3 files changed, 41 insertions(+) create mode 100644 tests/queries/0_stateless/03915_bech32_invalid_witness_version.reference create mode 100644 tests/queries/0_stateless/03915_bech32_invalid_witness_version.sql diff --git a/src/Functions/bech32.cpp b/src/Functions/bech32.cpp index 3391d164b5e2..b469d2615e20 100644 --- a/src/Functions/bech32.cpp +++ b/src/Functions/bech32.cpp @@ -99,6 +99,7 @@ namespace ErrorCodes extern const int ILLEGAL_COLUMN; extern const int TOO_FEW_ARGUMENTS_FOR_FUNCTION; extern const int TOO_MANY_ARGUMENTS_FOR_FUNCTION; + extern const int BAD_ARGUMENTS; } /// Encode string to Bech32 or Bech32m address @@ -278,6 +279,24 @@ class EncodeToBech32Representation : public IFunction uint8_t witness_version = have_witness_version ? witness_version_col->getUInt(i) : default_witness_version; + /** Witness version is a versioning mechanism for Bitcoin SegWit addresses: + * - Version 0: Original SegWit (BIP-141, BIP-173), uses Bech32 encoding + * - Version 1: Taproot (BIP-341, BIP-350), uses Bech32m encoding + * - Versions 2-16: Reserved for future protocol upgrades + * + * The witness version must be in range [0, 16] per the SegWit specification. + * It also must fit in the bech32 charset which is 5 bits (0-31), otherwise + * indexing into the CHARSET array in bech32::encode will cause a buffer overflow. + */ + if (witness_version > 16) + { + throw Exception( + ErrorCodes::BAD_ARGUMENTS, + "Invalid witness version {} for function {}, expected value in range [0, 16]", + witness_version, + name); + } + bech32_data input_5bit; input_5bit.push_back(witness_version); convertbits<8, 5, true>(input_5bit, input); /// squash input from 8-bit -> 5-bit bytes diff --git a/tests/queries/0_stateless/03915_bech32_invalid_witness_version.reference b/tests/queries/0_stateless/03915_bech32_invalid_witness_version.reference new file mode 100644 index 000000000000..55b1c2ff759b --- /dev/null +++ b/tests/queries/0_stateless/03915_bech32_invalid_witness_version.reference @@ -0,0 +1,3 @@ +bc1qw3jhxaq2azfhz +bc1pw3jhxaqz7j562 +bc1sw3jhxaq2aj0ly diff --git a/tests/queries/0_stateless/03915_bech32_invalid_witness_version.sql b/tests/queries/0_stateless/03915_bech32_invalid_witness_version.sql new file mode 100644 index 000000000000..2182f04eba2e --- /dev/null +++ b/tests/queries/0_stateless/03915_bech32_invalid_witness_version.sql @@ -0,0 +1,19 @@ +-- Tags: no-fasttest +-- Test valid witness versions (0-16) +SELECT bech32Encode('bc', 'test', 0); +SELECT bech32Encode('bc', 'test', 1); +SELECT bech32Encode('bc', 'test', 16); + +-- Test invalid witness versions (should throw BAD_ARGUMENTS exception) +SELECT bech32Encode('bc', 'test', 17); -- { serverError BAD_ARGUMENTS } +SELECT bech32Encode('bc', 'test', 32); -- { serverError BAD_ARGUMENTS } +SELECT bech32Encode('bc', 'test', 40); -- { serverError BAD_ARGUMENTS } +SELECT bech32Encode('bc', 'test', 255); -- { serverError BAD_ARGUMENTS } + +-- Test the original fuzzer repro case (witness version 40 causing buffer overflow) +DROP TABLE IF EXISTS hex_data_test; +SET allow_suspicious_low_cardinality_types=1; +CREATE TABLE hex_data_test (hrp String, data String, witver LowCardinality(UInt8)) ENGINE = Memory; +INSERT INTO hex_data_test VALUES ('bc', 'test_data', 0); +SELECT bech32Encode(hrp, toFixedString('751e76e8199196d454941c45d1b3a323f1433bd6', 40), 40) FROM hex_data_test; -- { serverError BAD_ARGUMENTS } +DROP TABLE hex_data_test; From 6e06615611b4884b2b3daa0eb6bc102901b0af68 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Sat, 14 Feb 2026 15:16:13 +0000 Subject: [PATCH 031/141] Backport #96840 to 25.8: Better jemalloc introspection --- src/Storages/System/StorageSystemJemalloc.cpp | 25 ++++++++++++++++++- src/Storages/System/StorageSystemJemalloc.h | 2 -- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/src/Storages/System/StorageSystemJemalloc.cpp b/src/Storages/System/StorageSystemJemalloc.cpp index f486973be6d1..5706a1b7ec76 100644 --- a/src/Storages/System/StorageSystemJemalloc.cpp +++ b/src/Storages/System/StorageSystemJemalloc.cpp @@ -4,6 +4,7 @@ #include #include #include +#include #include #include #include @@ -47,12 +48,20 @@ void fillJemallocBins(MutableColumns & res_columns) auto ndalloc = getJeMallocValue(fmt::format("stats.arenas.{}.bins.{}.ndalloc", MALLCTL_ARENAS_ALL, bin).c_str()); auto nmalloc = getJeMallocValue(fmt::format("stats.arenas.{}.bins.{}.nmalloc", MALLCTL_ARENAS_ALL, bin).c_str()); + auto nregs = getJeMallocValue(fmt::format("arenas.bin.{}.nregs", bin).c_str()); + auto curslabs = getJeMallocValue(fmt::format("stats.arenas.{}.bins.{}.curslabs", MALLCTL_ARENAS_ALL, bin).c_str()); + auto curregs = getJeMallocValue(fmt::format("stats.arenas.{}.bins.{}.curregs", MALLCTL_ARENAS_ALL, bin).c_str()); + size_t col_num = 0; res_columns.at(col_num++)->insert(bin_index); res_columns.at(col_num++)->insert(0); res_columns.at(col_num++)->insert(size); res_columns.at(col_num++)->insert(nmalloc); res_columns.at(col_num++)->insert(ndalloc); + + res_columns.at(col_num++)->insert(nregs); + res_columns.at(col_num++)->insert(curslabs); + res_columns.at(col_num++)->insert(curregs); } /// Bins for large allocations @@ -69,6 +78,10 @@ void fillJemallocBins(MutableColumns & res_columns) res_columns.at(col_num++)->insert(size); res_columns.at(col_num++)->insert(nmalloc); res_columns.at(col_num++)->insert(ndalloc); + + res_columns.at(col_num++)->insertDefault(); + res_columns.at(col_num++)->insertDefault(); + res_columns.at(col_num++)->insertDefault(); } } @@ -93,14 +106,24 @@ StorageSystemJemallocBins::StorageSystemJemallocBins(const StorageID & table_id_ ColumnsDescription StorageSystemJemallocBins::getColumnsDescription() { - return ColumnsDescription + auto description = ColumnsDescription { { "index", std::make_shared(), "Index of the bin ordered by size."}, { "large", std::make_shared(), "True for large allocations and False for small."}, { "size", std::make_shared(), "Size of allocations in this bin."}, { "allocations", std::make_shared(), "Number of allocations."}, { "deallocations", std::make_shared(), "Number of deallocations."}, + { "nregs", std::make_shared(), "Number of regions per slab."}, + { "curslabs", std::make_shared(), "Current number of slabs."}, + { "curregs", std::make_shared(), "Current number of regions for this size class."}, }; + + description.setAliases({ + {"availregs", std::make_shared(), "nregs * curslabs"}, + {"util", std::make_shared(), "curregs / availregs"}, + }); + + return description; } Pipe StorageSystemJemallocBins::read( diff --git a/src/Storages/System/StorageSystemJemalloc.h b/src/Storages/System/StorageSystemJemalloc.h index 0cd29d991310..d457998b5c6f 100644 --- a/src/Storages/System/StorageSystemJemalloc.h +++ b/src/Storages/System/StorageSystemJemalloc.h @@ -6,8 +6,6 @@ namespace DB { -class Context; - class StorageSystemJemallocBins final : public IStorage { public: From a845d704c76c79076cdd122be33b82ff7c1b67d8 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Sun, 15 Feb 2026 00:45:01 +0000 Subject: [PATCH 032/141] Backport #96877 to 25.8: Fix std::terminate in indexOfAssumeSorted with incompatible types --- src/Functions/array/arrayIndex.h | 7 ++++--- .../03831_index_of_assume_sorted_const_exception.reference | 0 .../03831_index_of_assume_sorted_const_exception.sql | 4 ++++ 3 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 tests/queries/0_stateless/03831_index_of_assume_sorted_const_exception.reference create mode 100644 tests/queries/0_stateless/03831_index_of_assume_sorted_const_exception.sql diff --git a/src/Functions/array/arrayIndex.h b/src/Functions/array/arrayIndex.h index d829240946a5..162fd90d7bec 100644 --- a/src/Functions/array/arrayIndex.h +++ b/src/Functions/array/arrayIndex.h @@ -125,9 +125,10 @@ struct Main return left[i] >= right; } - static constexpr bool lessOrEqual(const IColumn & left, const Result & right, size_t i, size_t) noexcept { return left[i] >= right; } + static bool lessOrEqual(const IColumn & left, const Result & right, size_t i, size_t) { return left[i] >= right; } - static constexpr bool lessOrEqual(const Array& arr, const Field& rhs, size_t pos, size_t) noexcept { + static bool lessOrEqual(const Array & arr, const Field & rhs, size_t pos, size_t) + { return accurateLessOrEqual(rhs, arr[pos]); } @@ -666,7 +667,7 @@ class FunctionArrayIndex : public IFunction * @return {nullptr, null_map_item} if there are four arguments but the third is missing. * @return {null_map_data, null_map_item} if there are four arguments. */ - static NullMaps getNullMaps(const ColumnsWithTypeAndName & arguments) noexcept + static NullMaps getNullMaps(const ColumnsWithTypeAndName & arguments) { if (arguments.size() < 3) return {nullptr, nullptr}; diff --git a/tests/queries/0_stateless/03831_index_of_assume_sorted_const_exception.reference b/tests/queries/0_stateless/03831_index_of_assume_sorted_const_exception.reference new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/tests/queries/0_stateless/03831_index_of_assume_sorted_const_exception.sql b/tests/queries/0_stateless/03831_index_of_assume_sorted_const_exception.sql new file mode 100644 index 000000000000..6bbc1f0ccf33 --- /dev/null +++ b/tests/queries/0_stateless/03831_index_of_assume_sorted_const_exception.sql @@ -0,0 +1,4 @@ +-- indexOfAssumeSorted with incompatible types in constant array should throw an exception, not crash (std::terminate from noexcept). +-- https://github.com/ClickHouse/ClickHouse/issues/92975 +SELECT indexOfAssumeSorted(['1.1.1.1'::IPv4], 0); -- { serverError BAD_TYPE_OF_FIELD } +SELECT indexOfAssumeSorted(['172.181.59.225'::IPv4], 3350671033650519441::Int8); -- { serverError BAD_TYPE_OF_FIELD } From 07d0046262706c6f1bf30b49b1b17718fc616abb Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Sun, 15 Feb 2026 23:16:48 +0000 Subject: [PATCH 033/141] Backport #96878 to 25.8: Fix exception in window functions with group_by_use_nulls and CUBE/ROLLUP --- src/Planner/PlannerExpressionAnalysis.cpp | 42 +++++++++++++++++++ ...dow_functions_group_by_use_nulls.reference | 31 ++++++++++++++ ...16_window_functions_group_by_use_nulls.sql | 35 ++++++++++++++++ 3 files changed, 108 insertions(+) create mode 100644 tests/queries/0_stateless/03916_window_functions_group_by_use_nulls.reference create mode 100644 tests/queries/0_stateless/03916_window_functions_group_by_use_nulls.sql diff --git a/src/Planner/PlannerExpressionAnalysis.cpp b/src/Planner/PlannerExpressionAnalysis.cpp index bc1f16d8d18a..2bdb0651f230 100644 --- a/src/Planner/PlannerExpressionAnalysis.cpp +++ b/src/Planner/PlannerExpressionAnalysis.cpp @@ -11,6 +11,7 @@ #include #include +#include #include #include @@ -368,6 +369,47 @@ std::optional analyzeWindow( } } + /// When `group_by_use_nulls = 1` with CUBE/ROLLUP/GROUPING SETS, GROUP BY keys become Nullable + /// in the data flowing into window functions. But the aggregate function was created during analysis + /// with the original (non-nullable) argument types. We need to re-create the aggregate function + /// with the actual (nullable) argument types so that the Null combinator is properly applied. + for (auto & window_description : window_descriptions) + { + for (auto & window_function : window_description.window_functions) + { + bool types_changed = false; + DataTypes actual_argument_types; + actual_argument_types.reserve(window_function.argument_names.size()); + + for (size_t i = 0; i < window_function.argument_names.size(); ++i) + { + const auto * dag_node = before_window_actions->dag.tryFindInOutputs(window_function.argument_names[i]); + if (dag_node && !window_function.argument_types[i]->equals(*dag_node->result_type)) + { + actual_argument_types.push_back(dag_node->result_type); + types_changed = true; + } + else + { + actual_argument_types.push_back(window_function.argument_types[i]); + } + } + + if (types_changed) + { + AggregateFunctionProperties properties; + auto new_function = AggregateFunctionFactory::instance().get( + window_function.aggregate_function->getName(), + NullsAction::EMPTY, + actual_argument_types, + window_function.function_parameters, + properties); + window_function.aggregate_function = std::move(new_function); + window_function.argument_types = std::move(actual_argument_types); + } + } + } + ColumnsWithTypeAndName window_functions_additional_columns; for (auto & window_description : window_descriptions) diff --git a/tests/queries/0_stateless/03916_window_functions_group_by_use_nulls.reference b/tests/queries/0_stateless/03916_window_functions_group_by_use_nulls.reference new file mode 100644 index 000000000000..cf4a6235a6b3 --- /dev/null +++ b/tests/queries/0_stateless/03916_window_functions_group_by_use_nulls.reference @@ -0,0 +1,31 @@ + +a +--- +a +a +a +a +a +a +a +a + +a +--- +a +\N +--- +hello world +hello world +hello world +--- +test +test +test +--- +\N x +x \N +--- +1 42 3 +1 42 3 +1 42 3 diff --git a/tests/queries/0_stateless/03916_window_functions_group_by_use_nulls.sql b/tests/queries/0_stateless/03916_window_functions_group_by_use_nulls.sql new file mode 100644 index 000000000000..2cd62789abe3 --- /dev/null +++ b/tests/queries/0_stateless/03916_window_functions_group_by_use_nulls.sql @@ -0,0 +1,35 @@ +SET enable_analyzer = 1; + +-- https://github.com/ClickHouse/ClickHouse/issues/82499 +-- Window functions with `group_by_use_nulls = 1` and CUBE/ROLLUP/GROUPING SETS +-- could crash because the aggregate function was created with non-nullable argument +-- types, but the actual data columns became nullable after GROUP BY. + +-- Original reproducer from the issue: +CREATE DICTIONARY d0 (c0 Int) PRIMARY KEY (c0) SOURCE(NULL()) LAYOUT(HASHED()) LIFETIME(1); +SELECT min('a') OVER () FROM d0 GROUP BY 'a', c0 WITH CUBE WITH TOTALS SETTINGS group_by_use_nulls = 1; +DROP DICTIONARY d0; + +SELECT '---'; + +SELECT min('a') OVER () FROM numbers(3) GROUP BY 'a', number WITH CUBE WITH TOTALS SETTINGS group_by_use_nulls = 1; + +SELECT '---'; + +WITH 'a' AS x SELECT leadInFrame(x) OVER (ORDER BY x NULLS FIRST ROWS BETWEEN UNBOUNDED PRECEDING AND UNBOUNDED FOLLOWING) GROUP BY ROLLUP(x) ORDER BY 1 NULLS LAST SETTINGS group_by_use_nulls = 1; + +SELECT '---'; + +SELECT max('hello') OVER (), min('world') OVER () FROM numbers(2) GROUP BY number WITH ROLLUP SETTINGS group_by_use_nulls = 1; + +SELECT '---'; + +SELECT any('test') OVER () FROM numbers(2) GROUP BY GROUPING SETS(('test', number), ('test')) SETTINGS group_by_use_nulls = 1; + +SELECT '---'; + +WITH 'x' AS v SELECT lag(v) OVER (ORDER BY v), lead(v) OVER (ORDER BY v) GROUP BY ROLLUP(v) ORDER BY 1 NULLS FIRST SETTINGS group_by_use_nulls = 1, enable_analyzer = 1; -- lag/lead require the analyzer + +SELECT '---'; + +SELECT min(1) OVER (), max(42) OVER (), sum(1) OVER () FROM numbers(2) GROUP BY number WITH ROLLUP SETTINGS group_by_use_nulls = 1; From 3801638a86f5ffdf761a15a237abd6c3a4864c3b Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Mon, 16 Feb 2026 17:29:37 +0000 Subject: [PATCH 034/141] Backport #90010 to 25.8: Fix logical error with join_using_top_level_identifier --- src/Analyzer/Passes/CrossToInnerJoinPass.cpp | 4 +- .../Passes/LogicalExpressionOptimizerPass.cpp | 4 +- src/Analyzer/Resolve/QueryAnalyzer.cpp | 114 ++++++++++++------ src/Analyzer/Utils.cpp | 17 +-- src/Analyzer/Utils.h | 6 +- ...joins_using_top_level_identifier.reference | 4 + ...tiple_joins_using_top_level_identifier.sql | 36 ++++++ 7 files changed, 126 insertions(+), 59 deletions(-) create mode 100644 tests/queries/0_stateless/03716_multiple_joins_using_top_level_identifier.reference create mode 100644 tests/queries/0_stateless/03716_multiple_joins_using_top_level_identifier.sql diff --git a/src/Analyzer/Passes/CrossToInnerJoinPass.cpp b/src/Analyzer/Passes/CrossToInnerJoinPass.cpp index 0776099685b9..b246a7861553 100644 --- a/src/Analyzer/Passes/CrossToInnerJoinPass.cpp +++ b/src/Analyzer/Passes/CrossToInnerJoinPass.cpp @@ -152,8 +152,8 @@ class CrossToInnerJoinVisitor : public InDepthQueryTreeVisitorWithContextgetNodeType()) + std::stack nodes_to_process; + nodes_to_process.push(root_table_expression.get()); + + while (!nodes_to_process.empty()) { - case QueryTreeNodeType::TABLE: { - const auto * table_node = table_expression->as(); - chassert(table_node); + const auto * table_expression = nodes_to_process.top(); + nodes_to_process.pop(); - auto get_column_options = GetColumnsOptions(GetColumnsOptions::AllPhysical).withSubcolumns(); - for (const auto & column : table_node->getStorageSnapshot()->getColumns(get_column_options)) - existing_columns.insert(column.name); + switch (table_expression->getNodeType()) + { + case QueryTreeNodeType::TABLE: + { + const auto * table_node = table_expression->as(); + chassert(table_node); - return existing_columns; - } - case QueryTreeNodeType::TABLE_FUNCTION: { - const auto * table_function_node = table_expression->as(); - chassert(table_function_node); + auto get_column_options = GetColumnsOptions(GetColumnsOptions::AllPhysical).withSubcolumns(); + for (const auto & column : table_node->getStorageSnapshot()->getColumns(get_column_options)) + existing_columns.insert(column.name); - auto get_column_options = GetColumnsOptions(GetColumnsOptions::AllPhysical).withSubcolumns(); - for (const auto & column : table_function_node->getStorageSnapshot()->getColumns(get_column_options)) - existing_columns.insert(column.name); + break; + } + case QueryTreeNodeType::TABLE_FUNCTION: + { + const auto * table_function_node = table_expression->as(); + chassert(table_function_node); - return existing_columns; - } - case QueryTreeNodeType::QUERY: { - const auto * query_node = table_expression->as(); - chassert(query_node); + auto get_column_options = GetColumnsOptions(GetColumnsOptions::AllPhysical).withSubcolumns(); + for (const auto & column : table_function_node->getStorageSnapshot()->getColumns(get_column_options)) + existing_columns.insert(column.name); - for (const auto & column : query_node->getProjectionColumns()) - existing_columns.insert(column.name); + break; + } + case QueryTreeNodeType::QUERY: + { + const auto * query_node = table_expression->as(); + chassert(query_node); - return existing_columns; - } - case QueryTreeNodeType::UNION: { - const auto * union_node = table_expression->as(); - chassert(union_node); + for (const auto & column : query_node->getProjectionColumns()) + existing_columns.insert(column.name); - for (const auto & column : union_node->computeProjectionColumns()) - existing_columns.insert(column.name); + break; + } + case QueryTreeNodeType::UNION: + { + const auto * union_node = table_expression->as(); + chassert(union_node); - return existing_columns; + for (const auto & column : union_node->computeProjectionColumns()) + existing_columns.insert(column.name); + break; + } + case QueryTreeNodeType::JOIN: + { + const auto * join_node = table_expression->as(); + chassert(join_node); + + nodes_to_process.push(join_node->getLeftTableExpression().get()); + nodes_to_process.push(join_node->getRightTableExpression().get()); + break; + } + case QueryTreeNodeType::CROSS_JOIN: + { + const auto * cross_join_node = table_expression->as(); + chassert(cross_join_node); + for (const auto & table_expr : cross_join_node->getTableExpressions()) + nodes_to_process.push(table_expr.get()); + break; + } + default: + { + throw Exception( + ErrorCodes::LOGICAL_ERROR, + "Expected TableNode, TableFunctionNode, QueryNode or UnionNode, got {}: {}", + table_expression->getNodeTypeName(), + table_expression->formatASTForErrorMessage()); + } } - default: - throw Exception( - ErrorCodes::LOGICAL_ERROR, - "Expected TableNode, TableFunctionNode, QueryNode or UnionNode, got {}: {}", - table_expression->getNodeTypeName(), - table_expression->formatASTForErrorMessage()); } + return existing_columns; } /// Resolve join node in scope @@ -5528,8 +5560,14 @@ void QueryAnalyzer::resolveJoin(QueryTreeNodePtr & join_node, IdentifierResolveS while (existing_columns.contains(column_name_type.name)) column_name_type.name = "_" + column_name_type.name; + auto [expression_source, is_single_source] = getExpressionSource(resolved_nodes.front()); + /// Do not support `SELECT t1.a + t2.a AS id ... USING id` + if (!is_single_source) + return nullptr; + /// Create ColumnNode with expression from parent projection - return std::make_shared(std::move(column_name_type), resolved_nodes.front(), left_table_expression); + return std::make_shared(std::move(column_name_type), resolved_nodes.front(), + expression_source ? expression_source : left_table_expression); } } } diff --git a/src/Analyzer/Utils.cpp b/src/Analyzer/Utils.cpp index a873091f7960..2d866e47d85b 100644 --- a/src/Analyzer/Utils.cpp +++ b/src/Analyzer/Utils.cpp @@ -975,12 +975,7 @@ void resolveAggregateFunctionNodeByName(FunctionNode & function_node, const Stri function_node.resolveAsAggregateFunction(std::move(aggregate_function)); } -/** Returns: - * {_, false} - multiple sources - * {nullptr, true} - no sources (for constants) - * {source, true} - single source - */ -std::pair getExpressionSourceImpl(const QueryTreeNodePtr & node) +std::pair getExpressionSource(const QueryTreeNodePtr & node) { if (const auto * column = node->as()) { @@ -996,7 +991,7 @@ std::pair getExpressionSourceImpl(const QueryTreeNodePtr const auto & args = func->getArguments().getNodes(); for (const auto & arg : args) { - auto [arg_source, is_ok] = getExpressionSourceImpl(arg); + auto [arg_source, is_ok] = getExpressionSource(arg); if (!is_ok) return {nullptr, false}; @@ -1015,14 +1010,6 @@ std::pair getExpressionSourceImpl(const QueryTreeNodePtr return {nullptr, false}; } -QueryTreeNodePtr getExpressionSource(const QueryTreeNodePtr & node) -{ - auto [source, is_ok] = getExpressionSourceImpl(node); - if (!is_ok) - return nullptr; - return source; -} - /** There are no limits on the maximum size of the result for the subquery. * Since the result of the query is not the result of the entire query. */ diff --git a/src/Analyzer/Utils.h b/src/Analyzer/Utils.h index 215bc816cccc..9a19af2b4e0d 100644 --- a/src/Analyzer/Utils.h +++ b/src/Analyzer/Utils.h @@ -157,8 +157,10 @@ void resolveOrdinaryFunctionNodeByName(FunctionNode & function_node, const Strin /// Arguments and parameters are taken from the node. void resolveAggregateFunctionNodeByName(FunctionNode & function_node, const String & function_name); -/// Checks that node has only one source and returns it -QueryTreeNodePtr getExpressionSource(const QueryTreeNodePtr & node); +/// Returns single source of expression node. +/// First element of pair is source node, can be nullptr if there are no sources or multiple sources. +/// Second element of pair is true if there is at most one source, false if there are multiple sources. +std::pair getExpressionSource(const QueryTreeNodePtr & node); /// Update mutable context for subquery execution void updateContextForSubqueryExecution(ContextMutablePtr & mutable_context); diff --git a/tests/queries/0_stateless/03716_multiple_joins_using_top_level_identifier.reference b/tests/queries/0_stateless/03716_multiple_joins_using_top_level_identifier.reference new file mode 100644 index 000000000000..5b5f70835c39 --- /dev/null +++ b/tests/queries/0_stateless/03716_multiple_joins_using_top_level_identifier.reference @@ -0,0 +1,4 @@ +a_1 v +b_1 w +_1 v +b_1 w diff --git a/tests/queries/0_stateless/03716_multiple_joins_using_top_level_identifier.sql b/tests/queries/0_stateless/03716_multiple_joins_using_top_level_identifier.sql new file mode 100644 index 000000000000..820fc46048bb --- /dev/null +++ b/tests/queries/0_stateless/03716_multiple_joins_using_top_level_identifier.sql @@ -0,0 +1,36 @@ +SET analyzer_compatibility_join_using_top_level_identifier = 1; + +DROP TABLE IF EXISTS t1; +DROP TABLE IF EXISTS t2; +DROP TABLE IF EXISTS t3; + +CREATE TABLE t1 (id String, val String) ENGINE = MergeTree() ORDER BY id; +CREATE TABLE t2 (id String, code String) ENGINE = MergeTree() ORDER BY id; +CREATE TABLE t3 (id String, code String) ENGINE = MergeTree() ORDER BY id; + +INSERT INTO t1 VALUES ('a', 'v'), ('b', 'w'); +INSERT INTO t2 VALUES ('b', 'c'); +INSERT INTO t3 VALUES ('a_1', 'c'), ('b_1', 'd'); + +SET enable_analyzer = 1; + +SELECT t1.id || '_1' AS id, t1.val +FROM t1 +LEFT JOIN t2 ON t1.id = t2.id +LEFT JOIN t3 USING (id) +ORDER BY t1.val +; + +SELECT t2.id || '_1' AS id, t1.val +FROM t1 +LEFT JOIN t2 ON t1.id = t2.id +LEFT JOIN t3 USING (id) +ORDER BY t1.val +; + +SELECT t1.id || t2.id || '_1' AS id, t1.val +FROM t1 +INNER JOIN t2 ON t1.id = t2.id +LEFT JOIN t3 USING (id) +ORDER BY t1.val +; -- { serverError AMBIGUOUS_IDENTIFIER } From 55fd56aa1b801bbd614499cf3deab12219e3d3f6 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Tue, 17 Feb 2026 05:40:58 +0000 Subject: [PATCH 035/141] Backport #96170 to 25.8: Fix `AccessRights::contains` returning incorrect results with partial revokes --- src/Access/AccessRights.cpp | 46 +++++++++++++++-- src/Access/tests/gtest_access_rights_ops.cpp | 53 ++++++++++++++++++++ 2 files changed, 95 insertions(+), 4 deletions(-) diff --git a/src/Access/AccessRights.cpp b/src/Access/AccessRights.cpp index 979434eaa0d0..50901ce22154 100644 --- a/src/Access/AccessRights.cpp +++ b/src/Access/AccessRights.cpp @@ -562,12 +562,50 @@ struct AccessRights::Node friend bool operator!=(const Node & left, const Node & right) { return !(left == right); } + /// Checks whether `this` node's access rights are a superset of `other`'s bool contains(const Node & other) const { - Node tmp_node = *this; - tmp_node.makeIntersection(other); - /// If we get the same node after the intersection, our node is fully covered by the given one. - return tmp_node == other; + /// The check traverses children from both sides: + /// 1) For each child in `other`, find the matching node in `this` and verify containment. + /// 2) For each child in `this`, find the matching node in `other` and verify containment. + /// + /// The reverse traversal (step 2) is needed to handle partial revokes correctly. + /// Example: GRANT SELECT ON *.*, REVOKE SELECT ON foo.* + /// + /// this: other: + /// root (SELECT) root (SELECT) + /// | + /// "foo" (SELECT) + /// | + /// "" (leaf, USAGE) + /// + /// Step 1 alone would pass because `other` has no children to check against, but `this` does not contain `other` because + /// `this` has revoked SELECT on "foo". + + if (!flags.contains(other.flags)) + return false; + + if (other.children) + { + for (const auto & other_child : *other.children) + { + Node this_child = tryGetLeaf(other_child.node_name, other_child.level, !other_child.isLeaf()); + if (!this_child.contains(other_child)) + return false; + } + } + + if (children) + { + for (const auto & this_child : *children) + { + Node other_child = other.tryGetLeaf(this_child.node_name, this_child.level, !this_child.isLeaf()); + if (!this_child.contains(other_child)) + return false; + } + } + + return true; } void makeUnion(const Node & other) diff --git a/src/Access/tests/gtest_access_rights_ops.cpp b/src/Access/tests/gtest_access_rights_ops.cpp index b7d1c102085f..7e6f3362a902 100644 --- a/src/Access/tests/gtest_access_rights_ops.cpp +++ b/src/Access/tests/gtest_access_rights_ops.cpp @@ -924,6 +924,59 @@ TEST(AccessRights, ContainsWithWildcardsAndPartialRevokes) lhs.grantWildcard(AccessType::SELECT, "testing"); rhs.grantWildcard(AccessType::SELECT, "test"); ASSERT_FALSE(lhs.contains(rhs)); + + lhs = {}; + rhs = {}; + lhs.grantWithGrantOption(AccessType::SET_DEFINER); + lhs.revoke(AccessType::SET_DEFINER, "internal-user-1"); + rhs.grantWithGrantOption(AccessType::SET_DEFINER); + rhs.revoke(AccessType::SET_DEFINER, "internal-user-1"); + rhs.revoke(AccessType::SET_DEFINER, "internal-user-2"); + rhs.revoke(AccessType::SET_DEFINER, "internal-user-3"); + ASSERT_TRUE(lhs.contains(rhs)); + + lhs = {}; + rhs = {}; + rhs.grantWithGrantOption(AccessType::SET_DEFINER); + rhs.revoke(AccessType::SET_DEFINER, "internal-user-1"); + lhs.grantWithGrantOption(AccessType::SET_DEFINER); + lhs.revoke(AccessType::SET_DEFINER, "internal-user-1"); + lhs.revoke(AccessType::SET_DEFINER, "internal-user-2"); + lhs.revoke(AccessType::SET_DEFINER, "internal-user-3"); + ASSERT_FALSE(lhs.contains(rhs)); + + lhs = {}; + rhs = {}; + lhs.grantWithGrantOption(AccessType::SET_DEFINER); + lhs.revoke(AccessType::SET_DEFINER, "internal-user-1"); + lhs.revoke(AccessType::SET_DEFINER, "internal-user-2"); + rhs.grantWithGrantOption(AccessType::SET_DEFINER); + rhs.revoke(AccessType::SET_DEFINER, "internal-user-1"); + rhs.revoke(AccessType::SET_DEFINER, "internal-user-2"); + ASSERT_TRUE(lhs.contains(rhs)); + + lhs = {}; + rhs = {}; + lhs.grant(AccessType::CREATE_ROLE); + lhs.grant(AccessType::ROLE_ADMIN); + lhs.grantWithGrantOption(AccessType::SET_DEFINER); + lhs.revoke(AccessType::SET_DEFINER, "internal-user-1"); + rhs.grantWithGrantOption(AccessType::SET_DEFINER); + rhs.revoke(AccessType::SET_DEFINER, "internal-user-1"); + rhs.revoke(AccessType::SET_DEFINER, "internal-user-2"); + rhs.revoke(AccessType::SET_DEFINER, "internal-user-3"); + ASSERT_TRUE(lhs.contains(rhs)); + + lhs = {}; + rhs = {}; + lhs.grant(AccessType::SELECT); + lhs.revoke(AccessType::SELECT, "secret_db1"); + rhs.grant(AccessType::SELECT); + rhs.revoke(AccessType::SELECT, "secret_db1"); + rhs.revoke(AccessType::SELECT, "secret_db2"); + rhs.revoke(AccessType::SELECT, "secret_db3"); + ASSERT_TRUE(lhs.contains(rhs)); + ASSERT_FALSE(rhs.contains(lhs)); } TEST(AccessRights, ColumnLevelWildcardOperations) From 9677f47e5159032341b283aaf7c94e56eadd3141 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Tue, 17 Feb 2026 15:31:09 +0000 Subject: [PATCH 036/141] Backport #96703 to 25.8: Fix min(timestamp) returning epoch via _minmax_count_projection after TTL merge --- src/Storages/MergeTree/IMergeTreeDataPart.cpp | 3 ++ .../02253_empty_part_checksums.reference | 2 +- ..._ttl_minmax_projection_epoch_bug.reference | 2 ++ .../03916_ttl_minmax_projection_epoch_bug.sql | 29 +++++++++++++++++++ 4 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 tests/queries/0_stateless/03916_ttl_minmax_projection_epoch_bug.reference create mode 100644 tests/queries/0_stateless/03916_ttl_minmax_projection_epoch_bug.sql diff --git a/src/Storages/MergeTree/IMergeTreeDataPart.cpp b/src/Storages/MergeTree/IMergeTreeDataPart.cpp index bdffdf4f2d26..72925c51dc60 100644 --- a/src/Storages/MergeTree/IMergeTreeDataPart.cpp +++ b/src/Storages/MergeTree/IMergeTreeDataPart.cpp @@ -207,6 +207,9 @@ IMergeTreeDataPart::MinMaxIndex::WrittenFiles IMergeTreeDataPart::MinMaxIndex::s void IMergeTreeDataPart::MinMaxIndex::update(const Block & block, const Names & column_names) { + if (block.rows() == 0) + return; + if (!initialized) hyperrectangle.reserve(column_names.size()); diff --git a/tests/queries/0_stateless/02253_empty_part_checksums.reference b/tests/queries/0_stateless/02253_empty_part_checksums.reference index 65a8c9ee65e7..d5a418ff4619 100644 --- a/tests/queries/0_stateless/02253_empty_part_checksums.reference +++ b/tests/queries/0_stateless/02253_empty_part_checksums.reference @@ -5,4 +5,4 @@ 0 1 0 -0_0_0_0 Wide 370db59d5dcaef5d762b11d319c368c7 514a8be2dac94fd039dbd230065e58a4 b324ada5cd6bb14402c1e59200bd003a +0_0_0_0 Wide 85adbaf60cad8c08f040d4cb27830cf4 e73297470a3016870e8f281b48b2dd68 b324ada5cd6bb14402c1e59200bd003a diff --git a/tests/queries/0_stateless/03916_ttl_minmax_projection_epoch_bug.reference b/tests/queries/0_stateless/03916_ttl_minmax_projection_epoch_bug.reference new file mode 100644 index 000000000000..b261da18d51a --- /dev/null +++ b/tests/queries/0_stateless/03916_ttl_minmax_projection_epoch_bug.reference @@ -0,0 +1,2 @@ +1 +0 diff --git a/tests/queries/0_stateless/03916_ttl_minmax_projection_epoch_bug.sql b/tests/queries/0_stateless/03916_ttl_minmax_projection_epoch_bug.sql new file mode 100644 index 000000000000..b56e198112e2 --- /dev/null +++ b/tests/queries/0_stateless/03916_ttl_minmax_projection_epoch_bug.sql @@ -0,0 +1,29 @@ + + +DROP TABLE IF EXISTS test_ttl_minmax_epoch; + +CREATE TABLE test_ttl_minmax_epoch +( + timestamp DateTime64(9, 'UTC') +) +ENGINE = MergeTree +PARTITION BY toYYYYMMDD(timestamp) +ORDER BY (timestamp) +TTL timestamp + INTERVAL 1 MINUTE SETTINGS index_granularity = 1; + +-- rows from ~1-60 seconds ago, some will expire during merge +INSERT INTO test_ttl_minmax_epoch +SELECT + now64(9, 'UTC') - toIntervalSecond(1 + rand() % 60) AS timestamp +FROM numbers(1000); + +OPTIMIZE TABLE test_ttl_minmax_epoch FINAL; + +SELECT (SELECT min(timestamp) FROM test_ttl_minmax_epoch) = + (SELECT min(timestamp) FROM test_ttl_minmax_epoch SETTINGS optimize_use_implicit_projections = 0); + +SELECT countIf(min_time < '1971-01-01') AS parts_with_epoch_mintime +FROM system.parts +WHERE table = 'test_ttl_minmax_epoch' AND database = currentDatabase() AND active; + +DROP TABLE test_ttl_minmax_epoch; From 048f8cba41706d07b7d5b2670c42ce82841978a6 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Thu, 19 Feb 2026 00:46:29 +0000 Subject: [PATCH 037/141] Backport #94865 to 25.8: Remove skip permissions check from SQL security verification on ATTACH. --- src/Interpreters/InterpreterCreateQuery.cpp | 31 +++++++------- src/Interpreters/InterpreterCreateQuery.h | 3 +- ...01_attach_view_with_sql_security.reference | 2 + .../03801_attach_view_with_sql_security.sh | 41 +++++++++++++++++++ 4 files changed, 61 insertions(+), 16 deletions(-) create mode 100644 tests/queries/0_stateless/03801_attach_view_with_sql_security.reference create mode 100755 tests/queries/0_stateless/03801_attach_view_with_sql_security.sh diff --git a/src/Interpreters/InterpreterCreateQuery.cpp b/src/Interpreters/InterpreterCreateQuery.cpp index 2789da1c8de1..20cce6b19f0f 100644 --- a/src/Interpreters/InterpreterCreateQuery.cpp +++ b/src/Interpreters/InterpreterCreateQuery.cpp @@ -1518,7 +1518,7 @@ BlockIO InterpreterCreateQuery::createTable(ASTCreateQuery & create) create.sql_security = std::make_shared(); if (create.sql_security) - processSQLSecurityOption(getContext(), create.sql_security->as(), create.is_materialized_view, /* skip_check_permissions= */ mode >= LoadingStrictnessLevel::SECONDARY_CREATE); + processSQLSecurityOption(getContext(), create.sql_security->as(), create.is_materialized_view, mode); DDLGuardPtr ddl_guard; @@ -2454,7 +2454,7 @@ void InterpreterCreateQuery::addColumnsDescriptionToCreateQueryIfNecessary(ASTCr } } -void InterpreterCreateQuery::processSQLSecurityOption(ContextMutablePtr context_, ASTSQLSecurity & sql_security, bool is_materialized_view, bool skip_check_permissions) +void InterpreterCreateQuery::processSQLSecurityOption(ContextMutablePtr context_, ASTSQLSecurity & sql_security, bool is_materialized_view, LoadingStrictnessLevel mode) { /// If no SQL security is specified, apply default from default_*_view_sql_security setting. if (!sql_security.type) @@ -2495,27 +2495,30 @@ void InterpreterCreateQuery::processSQLSecurityOption(ContextMutablePtr context_ } /// Checks the permissions for the specified definer user. - if (sql_security.definer && !skip_check_permissions) + if (sql_security.definer) { auto definer_name = sql_security.definer->toString(); if (definer_name != current_user_name) context_->checkAccess(AccessType::SET_DEFINER, definer_name); - auto & access_control = context_->getAccessControl(); - const auto user = access_control.read(definer_name); - if (access_control.isEphemeral(access_control.getID(definer_name))) + if (mode <= LoadingStrictnessLevel::CREATE) { - definer_name = user->getName() + ":definer"; - sql_security.definer = std::make_shared(definer_name); - auto new_user = typeid_cast>(user->clone()); - new_user->setName(definer_name); - new_user->authentication_methods.clear(); - new_user->authentication_methods.emplace_back(AuthenticationType::NO_AUTHENTICATION); - access_control.insertOrReplace(new_user); + auto & access_control = context_->getAccessControl(); + const auto user = access_control.read(definer_name); + if (access_control.isEphemeral(access_control.getID(definer_name))) + { + definer_name = user->getName() + ":definer"; + sql_security.definer = std::make_shared(definer_name); + auto new_user = typeid_cast>(user->clone()); + new_user->setName(definer_name); + new_user->authentication_methods.clear(); + new_user->authentication_methods.emplace_back(AuthenticationType::NO_AUTHENTICATION); + access_control.insertOrReplace(new_user); + } } } - if (sql_security.type == SQLSecurityType::NONE && !skip_check_permissions) + if (sql_security.type == SQLSecurityType::NONE) context_->checkAccess(AccessType::ALLOW_SQL_SECURITY_NONE); } diff --git a/src/Interpreters/InterpreterCreateQuery.h b/src/Interpreters/InterpreterCreateQuery.h index 65e7ac5962a2..ab5f77a9fd36 100644 --- a/src/Interpreters/InterpreterCreateQuery.h +++ b/src/Interpreters/InterpreterCreateQuery.h @@ -84,8 +84,7 @@ class InterpreterCreateQuery : public IInterpreter, WithMutableContext void extendQueryLogElemImpl(QueryLogElement & elem, const ASTPtr & ast, ContextPtr) const override; /// Check access right, validate definer statement and replace `CURRENT USER` with actual name. - static void processSQLSecurityOption( - ContextMutablePtr context_, ASTSQLSecurity & sql_security, bool is_materialized_view = false, bool skip_check_permissions = false); + static void processSQLSecurityOption(ContextMutablePtr context_, ASTSQLSecurity & sql_security, bool is_materialized_view = false, LoadingStrictnessLevel mode = LoadingStrictnessLevel::CREATE); private: struct TableProperties diff --git a/tests/queries/0_stateless/03801_attach_view_with_sql_security.reference b/tests/queries/0_stateless/03801_attach_view_with_sql_security.reference new file mode 100644 index 000000000000..4a703b3be841 --- /dev/null +++ b/tests/queries/0_stateless/03801_attach_view_with_sql_security.reference @@ -0,0 +1,2 @@ +ACCESS_DENIED +ACCESS_DENIED diff --git a/tests/queries/0_stateless/03801_attach_view_with_sql_security.sh b/tests/queries/0_stateless/03801_attach_view_with_sql_security.sh new file mode 100755 index 000000000000..98b791ffcffe --- /dev/null +++ b/tests/queries/0_stateless/03801_attach_view_with_sql_security.sh @@ -0,0 +1,41 @@ +#!/usr/bin/env bash +# Tags: no-parallel + +CUR_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +# shellcheck source=../shell_config.sh +. "$CUR_DIR"/../shell_config.sh + +user="user03801_${CLICKHOUSE_DATABASE}_$RANDOM" +db=${CLICKHOUSE_DATABASE} + +${CLICKHOUSE_CLIENT} <&1 | grep -q "ACCESS_DENIED" && echo "ACCESS_DENIED" || echo "NO ERROR" + +${CLICKHOUSE_CLIENT} --user $user --query " + ATTACH VIEW $db.test_mv UUID '8025ef9c-d735-4c16-ab4c-7f1f5110d049' + (s String) SQL SECURITY NONE + AS SELECT * FROM $db.test_table; +" 2>&1 | grep -q "ACCESS_DENIED" && echo "ACCESS_DENIED" || echo "NO ERROR" + +${CLICKHOUSE_CLIENT} --query "GRANT ALLOW SQL SECURITY NONE ON *.* TO $user;" + +${CLICKHOUSE_CLIENT} --user $user --query " + ATTACH VIEW $db.test_mv UUID '7025ef9c-d735-4c16-ab4c-7f1f5110d049' + (s String) SQL SECURITY NONE + AS SELECT * FROM $db.test_table + SETTINGS send_logs_level = 'error'; +" + +${CLICKHOUSE_CLIENT} --query "DROP TABLE $db.test_mv;" +${CLICKHOUSE_CLIENT} --query "DROP USER $user;" From 6875fd687fefdf80b7482379f2deed843d5fbe87 Mon Sep 17 00:00:00 2001 From: pufit Date: Wed, 18 Feb 2026 22:11:01 -0500 Subject: [PATCH 038/141] Delete tests/queries/0_stateless/03812_mergetree_introspection_grants.sh --- .../03812_mergetree_introspection_grants.sh | 86 ------------------- 1 file changed, 86 deletions(-) delete mode 100755 tests/queries/0_stateless/03812_mergetree_introspection_grants.sh diff --git a/tests/queries/0_stateless/03812_mergetree_introspection_grants.sh b/tests/queries/0_stateless/03812_mergetree_introspection_grants.sh deleted file mode 100755 index b3939b3646f5..000000000000 --- a/tests/queries/0_stateless/03812_mergetree_introspection_grants.sh +++ /dev/null @@ -1,86 +0,0 @@ -#!/usr/bin/env bash -# Tags: no-fasttest, no-parallel - -# Test that MergeTree introspection functions check table grants correctly. -# These functions should require SELECT permission on the source table. - -CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) -# shellcheck source=../shell_config.sh -. "$CURDIR"/../shell_config.sh - -$CLICKHOUSE_CLIENT -q "DROP TABLE IF EXISTS test_grants_mt" -$CLICKHOUSE_CLIENT -q "DROP USER IF EXISTS test_user_03812" - -$CLICKHOUSE_CLIENT -q " -CREATE TABLE test_grants_mt (key Int, value Int, INDEX idx_value value TYPE minmax GRANULARITY 1) -ENGINE = MergeTree() ORDER BY key -" - -$CLICKHOUSE_CLIENT -q "INSERT INTO test_grants_mt SELECT number, number * 10 FROM numbers(1000)" - -# Create user without any grants -$CLICKHOUSE_CLIENT -q "CREATE USER test_user_03812" - -# Test mergeTreeAnalyzeIndexes - should fail without SELECT grant -echo "=== mergeTreeAnalyzeIndexes without grant ===" -$CLICKHOUSE_CLIENT --user test_user_03812 -q " -SELECT count() FROM mergeTreeAnalyzeIndexes(currentDatabase(), test_grants_mt) -" 2>&1 | grep -o 'ACCESS_DENIED' | head -1 - -# Test mergeTreeIndex - should fail without SELECT grant -echo "=== mergeTreeIndex without grant ===" -$CLICKHOUSE_CLIENT --user test_user_03812 -q " -SELECT count() FROM mergeTreeIndex(currentDatabase(), test_grants_mt) -" 2>&1 | grep -o 'ACCESS_DENIED' | head -1 - -# Grant SELECT permission -$CLICKHOUSE_CLIENT -q "GRANT SELECT ON ${CLICKHOUSE_DATABASE}.test_grants_mt TO test_user_03812" - -# Test mergeTreeAnalyzeIndexes - should work with SELECT grant -echo "=== mergeTreeAnalyzeIndexes with grant ===" -$CLICKHOUSE_CLIENT --user test_user_03812 -q " -SELECT count() > 0 FROM mergeTreeAnalyzeIndexes(currentDatabase(), test_grants_mt) -" - -# Test mergeTreeIndex - should work with SELECT grant -echo "=== mergeTreeIndex with grant ===" -$CLICKHOUSE_CLIENT --user test_user_03812 -q " -SELECT count() > 0 FROM mergeTreeIndex(currentDatabase(), test_grants_mt) -" - -# Test mergeTreeAnalyzeIndexesUUID -TABLE_UUID=$($CLICKHOUSE_CLIENT -q "SELECT uuid FROM system.tables WHERE database = currentDatabase() AND name = 'test_grants_mt'") - -# Revoke grants for UUID test -$CLICKHOUSE_CLIENT -q "REVOKE SELECT ON ${CLICKHOUSE_DATABASE}.test_grants_mt FROM test_user_03812" - -# Test mergeTreeAnalyzeIndexesUUID - should fail without SELECT grant -echo "=== mergeTreeAnalyzeIndexesUUID without grant ===" -$CLICKHOUSE_CLIENT --user test_user_03812 -q " -SELECT count() FROM mergeTreeAnalyzeIndexesUUID('$TABLE_UUID') -" 2>&1 | grep -o 'ACCESS_DENIED' | head -1 - -# Grant SELECT permission again -$CLICKHOUSE_CLIENT -q "GRANT SELECT ON ${CLICKHOUSE_DATABASE}.test_grants_mt TO test_user_03812" - -# Test mergeTreeAnalyzeIndexesUUID - should work with SELECT grant -echo "=== mergeTreeAnalyzeIndexesUUID with grant ===" -$CLICKHOUSE_CLIENT --user test_user_03812 -q " -SELECT count() > 0 FROM mergeTreeAnalyzeIndexesUUID('$TABLE_UUID') -" - -# Test mergeTreeAnalyzeIndexes with column-level grant only -$CLICKHOUSE_CLIENT -q "DROP USER IF EXISTS test_user_03812_col" -$CLICKHOUSE_CLIENT -q "CREATE USER test_user_03812_col" -$CLICKHOUSE_CLIENT -q "GRANT SELECT(key) ON ${CLICKHOUSE_DATABASE}.test_grants_mt TO test_user_03812_col" - -# mergeTreeAnalyzeIndexes checks table-level SELECT, should fail with column-only grant -echo "=== mergeTreeAnalyzeIndexes with column-only grant ===" -$CLICKHOUSE_CLIENT --user test_user_03812_col -q " -SELECT count() FROM mergeTreeAnalyzeIndexes(currentDatabase(), test_grants_mt) -" 2>&1 | grep -o 'ACCESS_DENIED' | head -1 - -# Cleanup -$CLICKHOUSE_CLIENT -q "DROP TABLE test_grants_mt" -$CLICKHOUSE_CLIENT -q "DROP USER test_user_03812" -$CLICKHOUSE_CLIENT -q "DROP USER test_user_03812_col" From c2017a7f179eafbb9013d76d428065dcdde824f2 Mon Sep 17 00:00:00 2001 From: pufit Date: Wed, 18 Feb 2026 22:11:21 -0500 Subject: [PATCH 039/141] Delete tests/queries/0_stateless/03812_mergetree_introspection_grants.reference --- .../03812_mergetree_introspection_grants.reference | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 tests/queries/0_stateless/03812_mergetree_introspection_grants.reference diff --git a/tests/queries/0_stateless/03812_mergetree_introspection_grants.reference b/tests/queries/0_stateless/03812_mergetree_introspection_grants.reference deleted file mode 100644 index a8c324bbd07b..000000000000 --- a/tests/queries/0_stateless/03812_mergetree_introspection_grants.reference +++ /dev/null @@ -1,14 +0,0 @@ -=== mergeTreeAnalyzeIndexes without grant === -ACCESS_DENIED -=== mergeTreeIndex without grant === -ACCESS_DENIED -=== mergeTreeAnalyzeIndexes with grant === -1 -=== mergeTreeIndex with grant === -1 -=== mergeTreeAnalyzeIndexesUUID without grant === -ACCESS_DENIED -=== mergeTreeAnalyzeIndexesUUID with grant === -1 -=== mergeTreeAnalyzeIndexes with column-only grant === -ACCESS_DENIED From 1ac9dac8306ac0dfb06c6b88c284e1e31f63a942 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Thu, 19 Feb 2026 13:42:03 +0000 Subject: [PATCH 040/141] Backport #97336 to 25.8: Fix use-after-free in StorageKeeperMap backup --- src/Storages/StorageKeeperMap.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Storages/StorageKeeperMap.cpp b/src/Storages/StorageKeeperMap.cpp index f77244086486..0c10675356cf 100644 --- a/src/Storages/StorageKeeperMap.cpp +++ b/src/Storages/StorageKeeperMap.cpp @@ -1085,10 +1085,11 @@ void StorageKeeperMap::backupData(BackupEntriesCollector & backup_entries_collec auto temp_disk = backup_entries_collector.getContext()->getGlobalTemporaryVolume()->getDisk(0); auto max_compress_block_size = backup_entries_collector.getContext()->getSettingsRef()[Setting::max_compress_block_size]; + auto self = std::static_pointer_cast(shared_from_this()); auto with_retries = std::make_shared ( getLogger(fmt::format("StorageKeeperMapBackup ({})", getStorageID().getNameForLogs())), - [&] { return getClient(); }, + [self] { return self->getClient(); }, BackupKeeperSettings(backup_entries_collector.getContext()), backup_entries_collector.getContext()->getProcessListElement() ); From d1041de074b0ed26f5d1dabb80b7f2360370e771 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Thu, 19 Feb 2026 17:30:36 +0000 Subject: [PATCH 041/141] Backport #97282 to 25.8: Add additional validations of ColumnVariant state --- src/Columns/ColumnVariant.cpp | 32 +++++++++++++++++++ src/Columns/ColumnVariant.h | 2 ++ .../Serializations/SerializationVariant.cpp | 22 ++++++++++++- 3 files changed, 55 insertions(+), 1 deletion(-) diff --git a/src/Columns/ColumnVariant.cpp b/src/Columns/ColumnVariant.cpp index fc3f00915eb8..2d8ebcfc5c40 100644 --- a/src/Columns/ColumnVariant.cpp +++ b/src/Columns/ColumnVariant.cpp @@ -203,6 +203,8 @@ ColumnVariant::ColumnVariant(DB::MutableColumnPtr local_discriminators_, DB::Mut global_to_local_discriminators[local_to_global_discriminators[i]] = i; } } + + validateState(); } namespace @@ -1759,5 +1761,35 @@ void ColumnVariant::fixDynamicStructure() variant->fixDynamicStructure(); } +void ColumnVariant::validateState() const +{ + const auto & local_discriminators_data = getLocalDiscriminators(); + const auto & offsets_data = getOffsets(); + if (local_discriminators_data.size() != offsets_data.size()) + throw Exception(ErrorCodes::LOGICAL_ERROR, "Size of discriminators and offsets should be equal, but {} and {} were given", local_discriminators_data.size(), offsets_data.size()); + + std::vector actual_variant_sizes(variants.size()); + for (size_t i = 0; i != variants.size(); ++i) + actual_variant_sizes[i] = variants[i]->size(); + + std::vector expected_variant_sizes(variants.size(), 0); + for (size_t i = 0; i != local_discriminators_data.size(); ++i) + { + auto local_discr = local_discriminators_data[i]; + if (local_discr != NULL_DISCRIMINATOR) + { + ++expected_variant_sizes[local_discr]; + if (offsets_data[i] >= actual_variant_sizes[local_discr]) + throw Exception(ErrorCodes::LOGICAL_ERROR, "Offset at position {} is {}, but variant {} ({}) has size {}", i, offsets_data[i], static_cast(local_discr), variants[local_discr]->getName(), variants[local_discr]->size()); + } + } + + for (size_t i = 0; i != variants.size(); ++i) + { + if (variants[i]->size() != expected_variant_sizes[i]) + throw Exception(ErrorCodes::LOGICAL_ERROR, "Variant {} ({}) has size {}, but expected {}", i, variants[i]->getName(), variants[i]->size(), expected_variant_sizes[i]); + } +} + } diff --git a/src/Columns/ColumnVariant.h b/src/Columns/ColumnVariant.h index a1bdbe7d4039..c537397d46cb 100644 --- a/src/Columns/ColumnVariant.h +++ b/src/Columns/ColumnVariant.h @@ -347,6 +347,8 @@ class ColumnVariant final : public COWHelper, Colum void takeDynamicStructureFromColumn(const ColumnPtr & source_column) override; void fixDynamicStructure() override; + void validateState() const; + private: void insertFromImpl(const IColumn & src_, size_t n, const std::vector * global_discriminators_mapping); void insertRangeFromImpl(const IColumn & src_, size_t start, size_t length, const std::vector * global_discriminators_mapping, const Discriminator * skip_discriminator); diff --git a/src/DataTypes/Serializations/SerializationVariant.cpp b/src/DataTypes/Serializations/SerializationVariant.cpp index 8bf1a829abe2..31dec1e5ab09 100644 --- a/src/DataTypes/Serializations/SerializationVariant.cpp +++ b/src/DataTypes/Serializations/SerializationVariant.cpp @@ -257,6 +257,9 @@ void SerializationVariant::serializeBinaryBulkWithMultipleStreamsAndUpdateVarian size_t & total_size_of_variants) const { const ColumnVariant & col = assert_cast(column); + if (offset == 0) + col.validateState(); + if (const size_t size = col.size(); limit == 0 || offset + limit > size) limit = size - offset; @@ -315,9 +318,17 @@ void SerializationVariant::serializeBinaryBulkWithMultipleStreamsAndUpdateVarian addVariantElementToPath(settings.path, i); /// We can use the same offset/limit as for whole Variant column if (i == non_empty_global_discr) - variant_serializations[i]->serializeBinaryBulkWithMultipleStreams(col.getVariantByGlobalDiscriminator(i), offset, limit, settings, variant_state->variant_states[i]); + { + const auto & variant_column = col.getVariantByGlobalDiscriminator(i); + if (variant_column.size() < offset + limit) + throw Exception(ErrorCodes::LOGICAL_ERROR, "Variant {} has less rows ({}) than expected rows to serialize ({})", variant_names[i], variant_column.size(), offset + limit); + + variant_serializations[i]->serializeBinaryBulkWithMultipleStreams(variant_column, offset, limit, settings, variant_state->variant_states[i]); + } else + { variant_serializations[i]->serializeBinaryBulkWithMultipleStreams(col.getVariantByGlobalDiscriminator(i), col.getVariantByGlobalDiscriminator(i).size(), 0, settings, variant_state->variant_states[i]); + } settings.path.pop_back(); } variants_statistics[variant_names[non_empty_global_discr]] += limit; @@ -442,6 +453,10 @@ void SerializationVariant::serializeBinaryBulkWithMultipleStreamsAndUpdateVarian settings.path.push_back(Substream::VariantElements); for (size_t i = 0; i != variant_serializations.size(); ++i) { + const auto & variant_column = col.getVariantByGlobalDiscriminator(i); + if (variant_column.size() < variant_offsets_and_limits[i].first + variant_offsets_and_limits[i].second) + throw Exception(ErrorCodes::LOGICAL_ERROR, "Variant {} has less rows ({}) than expected rows to serialize ({})", variant_names[i], variant_column.size(), variant_offsets_and_limits[i].first + variant_offsets_and_limits[i].second); + addVariantElementToPath(settings.path, i); variant_serializations[i]->serializeBinaryBulkWithMultipleStreams( col.getVariantByGlobalDiscriminator(i), @@ -639,6 +654,9 @@ void SerializationVariant::deserializeBinaryBulkWithMultipleStreams( last_non_empty_discr = i; } + if (col.getVariantByLocalDiscriminator(i).size() < variant_limits[i]) + throw Exception(ErrorCodes::LOGICAL_ERROR, "Size of variant {} is expected to be not less than {} according to discriminators, but it is {}", variant_names[i], variant_limits[i], col.getVariantByLocalDiscriminator(i).size()); + variant_offsets.push_back(col.getVariantByLocalDiscriminator(i).size() - variant_limits[i]); } @@ -676,6 +694,8 @@ void SerializationVariant::deserializeBinaryBulkWithMultipleStreams( addColumnWithNumReadRowsToSubstreamsCache(cache, settings.path, col.getOffsetsPtr(), col.getOffsetsPtr()->size() - prev_size); } settings.path.pop_back(); + + col.validateState(); } std::pair, std::vector> SerializationVariant::deserializeCompactDiscriminators( From 2359ac9ca1f19909a1873ab0e291737baac0e1a7 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Thu, 19 Feb 2026 22:18:05 +0000 Subject: [PATCH 042/141] Backport #97323 to 25.8: Remove TABLE_UUID_MISMATCH check for non-analyzer --- src/Interpreters/DatabaseCatalog.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Interpreters/DatabaseCatalog.cpp b/src/Interpreters/DatabaseCatalog.cpp index e97e62cdd570..b2f334122b65 100644 --- a/src/Interpreters/DatabaseCatalog.cpp +++ b/src/Interpreters/DatabaseCatalog.cpp @@ -89,6 +89,7 @@ namespace ErrorCodes namespace Setting { extern const SettingsBool fsync_metadata; + extern const SettingsBool allow_experimental_analyzer; } namespace MergeTreeSetting @@ -380,6 +381,7 @@ DatabaseAndTable DatabaseCatalog::getTableImpl( return {}; } + bool analyzer = context_->getSettingsRef()[Setting::allow_experimental_analyzer]; if (table_id.hasUUID()) { /// Shortcut for tables which have persistent UUID @@ -398,7 +400,8 @@ DatabaseAndTable DatabaseCatalog::getTableImpl( } return {}; } - else + /// In old analyzer resolving done in multiple places, so we ignore TABLE_UUID_MISMATCH error. + else if (!analyzer) { const auto & table_storage_id = db_and_table.second->getStorageID(); if (db_and_table.first->getDatabaseName() != table_id.database_name || From 7af5b7721df85da2be7d794f57294819cc353cdb Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Fri, 20 Feb 2026 10:23:09 +0000 Subject: [PATCH 043/141] Backport #97281 to 25.8: Fix SEGFAULT in supportsTrivialCountOptimization due to null dereference --- src/Storages/MergeTree/MergeTreeData.cpp | 3 + .../gtest_trivial_count_null_snapshot.cpp | 130 ++++++++++++++++++ 2 files changed, 133 insertions(+) create mode 100644 src/Storages/MergeTree/tests/gtest_trivial_count_null_snapshot.cpp diff --git a/src/Storages/MergeTree/MergeTreeData.cpp b/src/Storages/MergeTree/MergeTreeData.cpp index d1fea772e267..37e9630c4d68 100644 --- a/src/Storages/MergeTree/MergeTreeData.cpp +++ b/src/Storages/MergeTree/MergeTreeData.cpp @@ -9789,6 +9789,9 @@ bool MergeTreeData::supportsTrivialCountOptimization(const StorageSnapshotPtr & const auto & snapshot_data = assert_cast(*storage_snapshot->data); const auto & mutations_snapshot = snapshot_data.mutations_snapshot; + if (!mutations_snapshot) + return !settings[Setting::apply_mutations_on_fly] && !settings[Setting::apply_patch_parts]; + return !mutations_snapshot->hasDataMutations() && !mutations_snapshot->hasPatchParts(); } diff --git a/src/Storages/MergeTree/tests/gtest_trivial_count_null_snapshot.cpp b/src/Storages/MergeTree/tests/gtest_trivial_count_null_snapshot.cpp new file mode 100644 index 000000000000..37b0785a61e0 --- /dev/null +++ b/src/Storages/MergeTree/tests/gtest_trivial_count_null_snapshot.cpp @@ -0,0 +1,130 @@ +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +namespace DB::Setting +{ +extern const SettingsBool apply_mutations_on_fly; +extern const SettingsBool apply_patch_parts; +} + +/// Test that MergeTreeData::supportsTrivialCountOptimization does not crash +/// when the storage snapshot has a SnapshotData with null mutations_snapshot. +/// +/// This is a regression test for a SEGFAULT (Cloud incident #1317) where +/// `createStorageSnapshot(metadata, context, /*without_data=*/true)` produces +/// a SnapshotData with `mutations_snapshot = nullptr`, and a code path in the +/// Planner (subquery building for sets) could pass such a snapshot to +/// `supportsTrivialCountOptimization`, which dereferenced it unconditionally. + +TEST(SupportsTrivialCountOptimization, NullMutationsSnapshot) +{ + using namespace DB; + + MainThreadStatus::getInstance(); + tryRegisterFunctions(); + tryRegisterAggregateFunctions(); + + getActivePartsLoadingThreadPool().initializeWithDefaultSettingsIfNotInitialized(); + getOutdatedPartsLoadingThreadPool().initializeWithDefaultSettingsIfNotInitialized(); + getUnexpectedPartsLoadingThreadPool().initializeWithDefaultSettingsIfNotInitialized(); + getPartsCleaningThreadPool().initializeWithDefaultSettingsIfNotInitialized(); + + const auto & context_holder = getContext(); + auto context = Context::createCopy(context_holder.context); + + /// Build minimal StorageInMemoryMetadata for a MergeTree with one UInt64 column and tuple() ORDER BY. + StorageInMemoryMetadata metadata; + + ColumnsDescription columns; + columns.add(ColumnDescription("a", std::make_shared())); + metadata.setColumns(columns); + + /// ORDER BY tuple() — empty sorting key. + auto order_by_ast = makeASTFunction("tuple"); + metadata.sorting_key = KeyDescription::getSortingKeyFromAST(order_by_ast, metadata.columns, context, {}); + metadata.primary_key = KeyDescription::getKeyFromAST(order_by_ast, metadata.columns, context); + metadata.primary_key.definition_ast = nullptr; + + /// PARTITION BY — empty partition key. + metadata.partition_key = KeyDescription::getKeyFromAST(nullptr, metadata.columns, context); + + auto minmax_columns = metadata.getColumnsRequiredForPartitionKey(); + auto partition_key = metadata.partition_key.expression_list_ast->clone(); + metadata.minmax_count_projection.emplace( + ProjectionDescription::getMinMaxCountProjection(columns, partition_key, minmax_columns, metadata.primary_key, context)); + + auto storage_settings = std::make_unique(context->getMergeTreeSettings()); + + /// Create the StorageMergeTree with ATTACH mode to skip sanity checks. + auto storage = std::make_shared( + StorageID("test_db", "test_table"), + "store/test_trivial_count/", + metadata, + LoadingStrictnessLevel::ATTACH, + context, + /*date_column_name=*/"", + MergeTreeData::MergingParams{}, + std::move(storage_settings)); + + auto metadata_snapshot = storage->getInMemoryMetadataPtr(); + + /// Case 1: Null StorageSnapshot entirely (already handled by existing code before our fix). + { + StorageSnapshotPtr null_snapshot = nullptr; + EXPECT_NO_THROW(storage->supportsTrivialCountOptimization(null_snapshot, context)); + } + + /// Case 2: SnapshotData with null mutations_snapshot — this is the crash scenario. + /// createStorageSnapshot(metadata, context, /*without_data=*/true) produces exactly this. + { + auto snapshot_data = std::make_unique(); + /// mutations_snapshot is default-constructed to nullptr. + ASSERT_EQ(snapshot_data->mutations_snapshot, nullptr); + + auto snapshot = std::make_shared(*storage, metadata_snapshot, std::move(snapshot_data)); + EXPECT_NO_THROW(storage->supportsTrivialCountOptimization(snapshot, context)); + + /// With default settings (apply_mutations_on_fly=false, apply_patch_parts=true), + /// the function should return false because !true == false. + auto snapshot_data2 = std::make_unique(); + auto snapshot2 = std::make_shared(*storage, metadata_snapshot, std::move(snapshot_data2)); + EXPECT_FALSE(storage->supportsTrivialCountOptimization(snapshot2, context)); + } + + /// Case 3: SnapshotData with null mutations_snapshot and apply_patch_parts=false. + { + auto modified_context = Context::createCopy(context); + modified_context->setSetting("apply_patch_parts", Field(false)); + modified_context->setSetting("apply_mutations_on_fly", Field(false)); + + auto snapshot_data = std::make_unique(); + auto snapshot = std::make_shared(*storage, metadata_snapshot, std::move(snapshot_data)); + EXPECT_TRUE(storage->supportsTrivialCountOptimization(snapshot, modified_context)); + } + + /// Case 4: Verify the real getStorageSnapshotWithoutData path produces the same. + { + auto without_data_snapshot = storage->getStorageSnapshotWithoutData(metadata_snapshot, context); + ASSERT_NE(without_data_snapshot, nullptr); + ASSERT_NE(without_data_snapshot->data, nullptr); + + const auto & data = assert_cast(*without_data_snapshot->data); + EXPECT_EQ(data.mutations_snapshot, nullptr); + + EXPECT_NO_THROW(storage->supportsTrivialCountOptimization(without_data_snapshot, context)); + } + + storage->flushAndShutdown(); +} From 80cc6542369df8669415f85be8c40c3d952ec00f Mon Sep 17 00:00:00 2001 From: Pablo Marcos Date: Fri, 20 Feb 2026 17:06:50 +0100 Subject: [PATCH 044/141] Delete src/Storages/MergeTree/tests/gtest_trivial_count_null_snapshot.cpp Remove unit test cause it doesn't work as it is in this branch --- .../gtest_trivial_count_null_snapshot.cpp | 130 ------------------ 1 file changed, 130 deletions(-) delete mode 100644 src/Storages/MergeTree/tests/gtest_trivial_count_null_snapshot.cpp diff --git a/src/Storages/MergeTree/tests/gtest_trivial_count_null_snapshot.cpp b/src/Storages/MergeTree/tests/gtest_trivial_count_null_snapshot.cpp deleted file mode 100644 index 37b0785a61e0..000000000000 --- a/src/Storages/MergeTree/tests/gtest_trivial_count_null_snapshot.cpp +++ /dev/null @@ -1,130 +0,0 @@ -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -namespace DB::Setting -{ -extern const SettingsBool apply_mutations_on_fly; -extern const SettingsBool apply_patch_parts; -} - -/// Test that MergeTreeData::supportsTrivialCountOptimization does not crash -/// when the storage snapshot has a SnapshotData with null mutations_snapshot. -/// -/// This is a regression test for a SEGFAULT (Cloud incident #1317) where -/// `createStorageSnapshot(metadata, context, /*without_data=*/true)` produces -/// a SnapshotData with `mutations_snapshot = nullptr`, and a code path in the -/// Planner (subquery building for sets) could pass such a snapshot to -/// `supportsTrivialCountOptimization`, which dereferenced it unconditionally. - -TEST(SupportsTrivialCountOptimization, NullMutationsSnapshot) -{ - using namespace DB; - - MainThreadStatus::getInstance(); - tryRegisterFunctions(); - tryRegisterAggregateFunctions(); - - getActivePartsLoadingThreadPool().initializeWithDefaultSettingsIfNotInitialized(); - getOutdatedPartsLoadingThreadPool().initializeWithDefaultSettingsIfNotInitialized(); - getUnexpectedPartsLoadingThreadPool().initializeWithDefaultSettingsIfNotInitialized(); - getPartsCleaningThreadPool().initializeWithDefaultSettingsIfNotInitialized(); - - const auto & context_holder = getContext(); - auto context = Context::createCopy(context_holder.context); - - /// Build minimal StorageInMemoryMetadata for a MergeTree with one UInt64 column and tuple() ORDER BY. - StorageInMemoryMetadata metadata; - - ColumnsDescription columns; - columns.add(ColumnDescription("a", std::make_shared())); - metadata.setColumns(columns); - - /// ORDER BY tuple() — empty sorting key. - auto order_by_ast = makeASTFunction("tuple"); - metadata.sorting_key = KeyDescription::getSortingKeyFromAST(order_by_ast, metadata.columns, context, {}); - metadata.primary_key = KeyDescription::getKeyFromAST(order_by_ast, metadata.columns, context); - metadata.primary_key.definition_ast = nullptr; - - /// PARTITION BY — empty partition key. - metadata.partition_key = KeyDescription::getKeyFromAST(nullptr, metadata.columns, context); - - auto minmax_columns = metadata.getColumnsRequiredForPartitionKey(); - auto partition_key = metadata.partition_key.expression_list_ast->clone(); - metadata.minmax_count_projection.emplace( - ProjectionDescription::getMinMaxCountProjection(columns, partition_key, minmax_columns, metadata.primary_key, context)); - - auto storage_settings = std::make_unique(context->getMergeTreeSettings()); - - /// Create the StorageMergeTree with ATTACH mode to skip sanity checks. - auto storage = std::make_shared( - StorageID("test_db", "test_table"), - "store/test_trivial_count/", - metadata, - LoadingStrictnessLevel::ATTACH, - context, - /*date_column_name=*/"", - MergeTreeData::MergingParams{}, - std::move(storage_settings)); - - auto metadata_snapshot = storage->getInMemoryMetadataPtr(); - - /// Case 1: Null StorageSnapshot entirely (already handled by existing code before our fix). - { - StorageSnapshotPtr null_snapshot = nullptr; - EXPECT_NO_THROW(storage->supportsTrivialCountOptimization(null_snapshot, context)); - } - - /// Case 2: SnapshotData with null mutations_snapshot — this is the crash scenario. - /// createStorageSnapshot(metadata, context, /*without_data=*/true) produces exactly this. - { - auto snapshot_data = std::make_unique(); - /// mutations_snapshot is default-constructed to nullptr. - ASSERT_EQ(snapshot_data->mutations_snapshot, nullptr); - - auto snapshot = std::make_shared(*storage, metadata_snapshot, std::move(snapshot_data)); - EXPECT_NO_THROW(storage->supportsTrivialCountOptimization(snapshot, context)); - - /// With default settings (apply_mutations_on_fly=false, apply_patch_parts=true), - /// the function should return false because !true == false. - auto snapshot_data2 = std::make_unique(); - auto snapshot2 = std::make_shared(*storage, metadata_snapshot, std::move(snapshot_data2)); - EXPECT_FALSE(storage->supportsTrivialCountOptimization(snapshot2, context)); - } - - /// Case 3: SnapshotData with null mutations_snapshot and apply_patch_parts=false. - { - auto modified_context = Context::createCopy(context); - modified_context->setSetting("apply_patch_parts", Field(false)); - modified_context->setSetting("apply_mutations_on_fly", Field(false)); - - auto snapshot_data = std::make_unique(); - auto snapshot = std::make_shared(*storage, metadata_snapshot, std::move(snapshot_data)); - EXPECT_TRUE(storage->supportsTrivialCountOptimization(snapshot, modified_context)); - } - - /// Case 4: Verify the real getStorageSnapshotWithoutData path produces the same. - { - auto without_data_snapshot = storage->getStorageSnapshotWithoutData(metadata_snapshot, context); - ASSERT_NE(without_data_snapshot, nullptr); - ASSERT_NE(without_data_snapshot->data, nullptr); - - const auto & data = assert_cast(*without_data_snapshot->data); - EXPECT_EQ(data.mutations_snapshot, nullptr); - - EXPECT_NO_THROW(storage->supportsTrivialCountOptimization(without_data_snapshot, context)); - } - - storage->flushAndShutdown(); -} From fe827143b2272a353a058be5228f2ac31974f20d Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Sun, 22 Feb 2026 13:28:38 +0000 Subject: [PATCH 045/141] Backport #97583 to 25.8: Fix null pointer dereference in applyPatchesToBlockRaw --- .../MergeTree/PatchParts/applyPatches.cpp | 21 ++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/src/Storages/MergeTree/PatchParts/applyPatches.cpp b/src/Storages/MergeTree/PatchParts/applyPatches.cpp index 6b5149b92844..8791db1da731 100644 --- a/src/Storages/MergeTree/PatchParts/applyPatches.cpp +++ b/src/Storages/MergeTree/PatchParts/applyPatches.cpp @@ -230,9 +230,13 @@ IColumn::Patch CombinedPatchBuilder::createPatchForColumn(const String & column_ for (const auto & patch_block : all_patch_blocks) { + const auto & patch_column = patch_block.getByName(column_name).column; + if (!patch_column) + throw Exception(ErrorCodes::LOGICAL_ERROR, "Column {} has null data in patch block", column_name); + IColumn::Patch::Source source = { - .column = *patch_block.getByName(column_name).column, + .column = *patch_column, .versions = getColumnUInt64Data(patch_block, PartDataVersionColumn::name), }; @@ -266,8 +270,8 @@ Block getUpdatedHeader(const PatchesToApply & patches, const NameSet & updated_c for (const auto & column : patch->patch_blocks[0]) { - /// Ignore columns that are not updated. - if (!updated_columns.contains(column.name)) + /// Ignore columns that are not updated or have no data. + if (!updated_columns.contains(column.name) || !column.column) header.erase(column.name); } @@ -293,7 +297,7 @@ bool canApplyPatchesRaw(const PatchesToApply & patches) { for (const auto & column : patch->patch_blocks.front()) { - if (!isPatchPartSystemColumn(column.name) && !canApplyPatchInplace(*column.column)) + if (!isPatchPartSystemColumn(column.name) && column.column && !canApplyPatchInplace(*column.column)) return false; } } @@ -325,9 +329,16 @@ void applyPatchesToBlockRaw( chassert(patch_to_apply->patch_blocks.size() == 1); const auto & patch_block = patch_to_apply->patch_blocks.front(); + if (!patch_block.has(result_column.name)) + continue; + + const auto & patch_column = patch_block.getByName(result_column.name).column; + if (!patch_column) + continue; + IColumn::Patch::Source source = { - .column = *patch_block.getByName(result_column.name).column, + .column = *patch_column, .versions = getColumnUInt64Data(patch_block, PartDataVersionColumn::name), }; From 846e2929bb2212d5eb2705bf603522e6c21166aa Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Sun, 22 Feb 2026 13:31:00 +0000 Subject: [PATCH 046/141] Backport #97520 to 25.8: fix a possible use after free in StorageKafka2::activate() --- src/Storages/Kafka/StorageKafka2.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/Storages/Kafka/StorageKafka2.cpp b/src/Storages/Kafka/StorageKafka2.cpp index c55da9c24790..6a1a1cde5e84 100644 --- a/src/Storages/Kafka/StorageKafka2.cpp +++ b/src/Storages/Kafka/StorageKafka2.cpp @@ -206,6 +206,11 @@ void StorageKafka2::partialShutdown() task->holder->deactivate(); } is_active = false; + /// Reset the active node holder while the old ZooKeeper session is still alive (even if expired). + /// EphemeralNodeHolder stores a raw ZooKeeper reference, so resetting it here prevents a + /// use-after-free: setZooKeeper() called afterwards may free the old session, and the holder's + /// destructor would then access a dangling reference when checking zookeeper.expired(). + replica_is_active_node = nullptr; } bool StorageKafka2::activate() From 027cd72a4d6cc824bcd25fc3bfb2a1add3c0a2df Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Mon, 23 Feb 2026 11:27:12 +0000 Subject: [PATCH 047/141] Backport #97585 to 25.8: Fix crash in BaseSettings::readBinary --- src/Core/BaseSettings.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/Core/BaseSettings.h b/src/Core/BaseSettings.h index 3f9e2ed2c010..39c54ecac96c 100644 --- a/src/Core/BaseSettings.h +++ b/src/Core/BaseSettings.h @@ -532,6 +532,10 @@ void BaseSettings::readBinary(ReadBuffer & in) size_t index = accessor.find(name); std::ignore = BaseSettingsHelpers::readFlags(in); + + if (index == static_cast(-1)) + BaseSettingsHelpers::throwSettingNotFound(name); + accessor.readBinary(*this, index, in); } } From 62830007411c209c3874fd94f4da8a4f400aa466 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Tue, 24 Feb 2026 00:45:00 +0000 Subject: [PATCH 048/141] Backport #92339 to 25.8: Check and mark the interserver IO address active in DDL worker --- src/Interpreters/Context.cpp | 35 ++-- src/Interpreters/DDLWorker.cpp | 160 +++++++++++++----- src/Interpreters/DDLWorker.h | 16 +- .../DistributedQueryStatusSource.cpp | 3 +- .../__init__.py | 0 .../configs/config.d/remote_servers.xml | 4 + .../configs/config.d/settings.xml | 8 + .../configs/users.d/query_log.xml | 9 + .../test.py | 76 +++++++++ 9 files changed, 256 insertions(+), 55 deletions(-) create mode 100644 tests/integration/test_distributed_ddl_on_database_cluster/__init__.py create mode 100644 tests/integration/test_distributed_ddl_on_database_cluster/configs/config.d/remote_servers.xml create mode 100644 tests/integration/test_distributed_ddl_on_database_cluster/configs/config.d/settings.xml create mode 100644 tests/integration/test_distributed_ddl_on_database_cluster/configs/users.d/query_log.xml create mode 100755 tests/integration/test_distributed_ddl_on_database_cluster/test.py diff --git a/src/Interpreters/Context.cpp b/src/Interpreters/Context.cpp index 72b8eb049a15..b554e36fe257 100644 --- a/src/Interpreters/Context.cpp +++ b/src/Interpreters/Context.cpp @@ -4988,25 +4988,32 @@ void Context::startClusterDiscovery() /// On repeating calls updates existing clusters and adds new clusters, doesn't delete old clusters void Context::setClustersConfig(const ConfigurationPtr & config, bool enable_discovery, const String & config_name) { - std::lock_guard lock(shared->clusters_mutex); - if (ConfigHelper::getBool(*config, "allow_experimental_cluster_discovery") && enable_discovery && !shared->cluster_discovery) { - shared->cluster_discovery = std::make_unique(*config, getGlobalContext(), getMacros()); - } + std::lock_guard lock(shared->clusters_mutex); + if (ConfigHelper::getBool(*config, "allow_experimental_cluster_discovery") && enable_discovery && !shared->cluster_discovery) + { + shared->cluster_discovery = std::make_unique(*config, getGlobalContext(), getMacros()); + } - /// Do not update clusters if this part of config wasn't changed. - if (shared->clusters && isSameConfiguration(*config, *shared->clusters_config, config_name)) - return; + /// Do not update clusters if this part of config wasn't changed. + if (shared->clusters && isSameConfiguration(*config, *shared->clusters_config, config_name)) + return; - auto old_clusters_config = shared->clusters_config; - shared->clusters_config = config; + auto old_clusters_config = shared->clusters_config; + shared->clusters_config = config; - if (!shared->clusters) - shared->clusters = std::make_shared(*shared->clusters_config, *settings, getMacros(), config_name); - else - shared->clusters->updateClusters(*shared->clusters_config, *settings, config_name, old_clusters_config); + if (!shared->clusters) + shared->clusters = std::make_shared(*shared->clusters_config, *settings, getMacros(), config_name); + else + shared->clusters->updateClusters(*shared->clusters_config, *settings, config_name, old_clusters_config); - ++shared->clusters_version; + ++shared->clusters_version; + } + { + SharedLockGuard lock(shared->mutex); + if (shared->ddl_worker) + shared->ddl_worker->notifyHostIDsUpdated(); + } } size_t Context::getClustersVersion() const diff --git a/src/Interpreters/DDLWorker.cpp b/src/Interpreters/DDLWorker.cpp index f4b41bc80c58..aa14079f70c8 100644 --- a/src/Interpreters/DDLWorker.cpp +++ b/src/Interpreters/DDLWorker.cpp @@ -2,13 +2,13 @@ #include #include #include +#include #include #include #include #include #include #include -#include #include #include #include @@ -188,6 +188,26 @@ ZooKeeperPtr DDLWorker::getAndSetZooKeeper() return current_zookeeper; } +void DDLWorker::notifyHostIDsUpdated() +{ + LOG_INFO(log, "Host IDs updated"); + host_ids_updated = true; +} + +void DDLWorker::updateHostIDs(const std::vector & hosts) +{ + std::lock_guard lock{checked_host_id_set_mutex}; + for (const auto & host : hosts) + { + if (!checked_host_id_set.contains(host.toString())) + { + LOG_INFO(log, "Found new host ID: {}", host.toString()); + notifyHostIDsUpdated(); + return; + } + } +} + DDLTaskPtr DDLWorker::initAndCheckTask(const String & entry_name, String & out_reason, const ZooKeeperPtr & zookeeper, bool /*dry_run*/) { @@ -223,6 +243,7 @@ DDLTaskPtr DDLWorker::initAndCheckTask(const String & entry_name, String & out_r { /// Stage 1: parse entry task->entry.parse(node_data); + updateHostIDs(task->entry.hosts); } catch (...) { @@ -1139,7 +1160,7 @@ bool DDLWorker::initializeMainThread() auto zookeeper = getAndSetZooKeeper(); zookeeper->createAncestors(fs::path(queue_dir) / ""); initializeReplication(); - markReplicasActive(true); + markReplicasActive(/*reinitialized=*/true); initialized = true; return true; } @@ -1203,14 +1224,18 @@ void DDLWorker::runMainThread() bool reinitialized = !initialized; /// Reinitialize DDLWorker state (including ZooKeeper connection) if required - if (!initialized) + if (reinitialized) { /// Stopped if (!initializeMainThread()) break; + LOG_DEBUG(log, "Initialized DDLWorker thread"); } + if (host_ids_updated.exchange(false)) + markReplicasActive(/*reinitialized=*/false); + cleanup_event->set(); scheduleTasks(reinitialized); subsequent_errors_count = 0; @@ -1269,61 +1294,104 @@ void DDLWorker::runMainThread() void DDLWorker::initializeReplication() { auto zookeeper = getZooKeeper(); - zookeeper->createAncestors(fs::path(replicas_dir) / ""); - - NameSet host_id_set; - for (const auto & it : context->getClusters()) - { - auto cluster = it.second; - for (const auto & host_ids : cluster->getHostIDs()) - for (const auto & host_id : host_ids) - host_id_set.emplace(host_id); - } - - createReplicaDirs(zookeeper, host_id_set); } void DDLWorker::createReplicaDirs(const ZooKeeperPtr & zookeeper, const NameSet & host_ids) { for (const auto & host_id : host_ids) + { + LOG_INFO(log, "Creating replica dir for host id {}", host_id); zookeeper->createAncestors(fs::path(replicas_dir) / host_id / ""); + } } -void DDLWorker::markReplicasActive(bool /*reinitialized*/) +void DDLWorker::markReplicasActive(bool reinitialized) { auto zookeeper = getZooKeeper(); + const auto maybe_secure_port = context->getTCPPortSecure(); + const auto port = context->getTCPPort(); + + auto all_host_ids = getAllHostIDsFromClusters(); - // Reset all active_node_holders - for (auto & it : active_node_holders) + // Add interserver IO host IDs for Replicated DBs + try + { + auto host_port = context->getInterserverIOAddress(); + HostID interserver_io_host_id = {host_port.first, port}; + all_host_ids.emplace(interserver_io_host_id.toString()); + LOG_INFO(log, "Add interserver IO host ID {}", interserver_io_host_id.toString()); + if (maybe_secure_port) + { + HostID interserver_io_secure_host_id = {host_port.first, *maybe_secure_port}; + all_host_ids.emplace(interserver_io_secure_host_id.toString()); + LOG_INFO(log, "Add interserver IO secure host ID {}", interserver_io_secure_host_id.toString()); + } + } + catch (const Exception & e) { - auto & active_node_holder = it.second.second; - if (active_node_holder) - active_node_holder->setAlreadyRemoved(); - active_node_holder.reset(); + LOG_INFO(log, "Unable to get interserver IO address, error {}", e.what()); } - active_node_holders.clear(); + createReplicaDirs(zookeeper, all_host_ids); + + if (reinitialized) + { + // Reset all active_node_holders + for (auto & it : active_node_holders) + { + auto & active_node_holder = it.second.second; + if (active_node_holder) + active_node_holder->setAlreadyRemoved(); + active_node_holder.reset(); + } + active_node_holders.clear(); + } - const auto maybe_secure_port = context->getTCPPortSecure(); - const auto port = context->getTCPPort(); Coordination::Stat replicas_stat; Strings host_ids = zookeeper->getChildren(replicas_dir, &replicas_stat); NameSet local_host_ids; + NameSet checking_host_ids; + checking_host_ids.reserve(host_ids.size()); for (const auto & host_id : host_ids) { + bool is_self_host = false; try { HostID host = HostID::fromString(host_id); - if (DDLTask::isSelfHostID(log, host, maybe_secure_port, port)) - local_host_ids.emplace(host_id); + checking_host_ids.insert(host.toString()); + + is_self_host = DDLTask::isSelfHostID(log, host, maybe_secure_port, port); } catch (const Exception & e) { LOG_WARNING(log, "Unable to check if host {} is a local address, exception: {}", host_id, e.displayText()); continue; } + + LOG_INFO(log, "Self host_id ({}) = {}", host_id, is_self_host); + if (is_self_host) + { + local_host_ids.emplace(host_id); + continue; + } + + if (!reinitialized) + { + /// Remove this host_id from active_node_holders + auto it = active_node_holders.find(host_id); + if (it != active_node_holders.end()) + { + auto & active_node_holder = it->second.second; + if (active_node_holder) + active_node_holder->setAlreadyRemoved(); + active_node_holder.reset(); + + active_node_holders.erase(it); + } + continue; + } } for (const auto & host_id : local_host_ids) @@ -1364,24 +1432,28 @@ void DDLWorker::markReplicasActive(bool /*reinitialized*/) ops.emplace_back(zkutil::makeCreateRequest(active_path, active_id, zkutil::CreateMode::Ephemeral)); /// To bump node mtime ops.emplace_back(zkutil::makeSetRequest(fs::path(replicas_dir) / host_id, "", -1)); - zookeeper->multi(ops); + auto code = zookeeper->tryMulti(ops, res); + + /// We have this tryMulti for a very weird edge case when it's related to localhost. + /// Each replica may have a localhost as hostid and if we configured multiple replicas to add their + /// localhosts to some clusters multiple of them may think that they must mark it as active. + if (code != Coordination::Error::ZOK) + { + LOG_WARNING(log, "Cannot mark a replica active: active_path={}, active_id={}, code={}", active_path, active_id, Coordination::errorMessage(code)); + } + else + { + LOG_INFO(log, "Marked a replica active: active_path={}, active_id={}", active_path, active_id); + } auto active_node_holder_zookeeper = zookeeper; auto active_node_holder = zkutil::EphemeralNodeHolder::existing(active_path, *active_node_holder_zookeeper); active_node_holders[host_id] = {active_node_holder_zookeeper, active_node_holder}; } - if (active_node_holders.empty()) { - for (const auto & it : context->getClusters()) - { - const auto & cluster = it.second; - if (!cluster->getHostIDs().empty()) - { - LOG_WARNING(log, "There are clusters with host ids but no local host found for this replica."); - break; - } - } + std::lock_guard lock{checked_host_id_set_mutex}; + checked_host_id_set = checking_host_ids; } } @@ -1448,4 +1520,16 @@ void DDLWorker::runCleanupThread() } } +NameSet DDLWorker::getAllHostIDsFromClusters() const +{ + NameSet host_id_set; + for (const auto & it : context->getClusters()) + { + auto cluster = it.second; + for (const auto & host_ids : cluster->getHostIDs()) + for (const auto & host_id : host_ids) + host_id_set.emplace(host_id); + } + return host_id_set; +} } diff --git a/src/Interpreters/DDLWorker.h b/src/Interpreters/DDLWorker.h index abf0a9f84098..46289ee92f89 100644 --- a/src/Interpreters/DDLWorker.h +++ b/src/Interpreters/DDLWorker.h @@ -1,15 +1,17 @@ #pragma once +#include +#include +#include #include #include +#include #include #include #include #include #include #include -#include -#include #include #include @@ -94,6 +96,9 @@ class DDLWorker /// Should be called in `initializeMainThread` only, so if it is expired, `runMainThread` will reinitialized the state. ZooKeeperPtr getAndSetZooKeeper(); + void notifyHostIDsUpdated(); + void updateHostIDs(const std::vector & hosts); + protected: class ConcurrentSet @@ -173,6 +178,8 @@ class DDLWorker void runMainThread(); void runCleanupThread(); + NameSet getAllHostIDsFromClusters() const; + ContextMutablePtr context; LoggerPtr log; @@ -209,6 +216,7 @@ class DDLWorker /// Cleaning starts after new node event is received if the last cleaning wasn't made sooner than N seconds ago Int64 cleanup_delay_period = 60; // minute (in seconds) + std::atomic_bool host_ids_updated{false}; /// Delete node if its age is greater than that Int64 task_max_lifetime = 7 * 24 * 60 * 60; // week (in seconds) /// How many tasks could be in the queue @@ -221,6 +229,10 @@ class DDLWorker std::atomic_uint64_t subsequent_errors_count = 0; String last_unexpected_error; + mutable std::mutex checked_host_id_set_mutex; + NameSet checked_host_id_set TSA_GUARDED_BY(checked_host_id_set_mutex); + + const CurrentMetrics::Metric * max_entry_metric; const CurrentMetrics::Metric * max_pushed_entry_metric; diff --git a/src/Interpreters/DistributedQueryStatusSource.cpp b/src/Interpreters/DistributedQueryStatusSource.cpp index 59a82959d0d0..ac1f8fa19604 100644 --- a/src/Interpreters/DistributedQueryStatusSource.cpp +++ b/src/Interpreters/DistributedQueryStatusSource.cpp @@ -102,7 +102,8 @@ NameSet DistributedQueryStatusSource::getOfflineHosts(const NameSet & hosts_to_w if (offline.size() == hosts_to_wait.size()) { /// Avoid reporting that all hosts are offline - LOG_WARNING(log, "Did not find active hosts, will wait for all {} hosts. This should not happen often", offline.size()); + LOG_WARNING( + log, "Did not find active hosts, will wait for all hosts: {}. This should not happen often", fmt::join(hosts_to_wait, ", ")); return {}; } diff --git a/tests/integration/test_distributed_ddl_on_database_cluster/__init__.py b/tests/integration/test_distributed_ddl_on_database_cluster/__init__.py new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/tests/integration/test_distributed_ddl_on_database_cluster/configs/config.d/remote_servers.xml b/tests/integration/test_distributed_ddl_on_database_cluster/configs/config.d/remote_servers.xml new file mode 100644 index 000000000000..d6a932c56c3c --- /dev/null +++ b/tests/integration/test_distributed_ddl_on_database_cluster/configs/config.d/remote_servers.xml @@ -0,0 +1,4 @@ + + + + diff --git a/tests/integration/test_distributed_ddl_on_database_cluster/configs/config.d/settings.xml b/tests/integration/test_distributed_ddl_on_database_cluster/configs/config.d/settings.xml new file mode 100644 index 000000000000..02708c22026a --- /dev/null +++ b/tests/integration/test_distributed_ddl_on_database_cluster/configs/config.d/settings.xml @@ -0,0 +1,8 @@ + + + /clickhouse/task_queue/ddl + 10 + 3600 + 5 + + \ No newline at end of file diff --git a/tests/integration/test_distributed_ddl_on_database_cluster/configs/users.d/query_log.xml b/tests/integration/test_distributed_ddl_on_database_cluster/configs/users.d/query_log.xml new file mode 100644 index 000000000000..ef8abbd91741 --- /dev/null +++ b/tests/integration/test_distributed_ddl_on_database_cluster/configs/users.d/query_log.xml @@ -0,0 +1,9 @@ + + + + + 1 + 1 + + + diff --git a/tests/integration/test_distributed_ddl_on_database_cluster/test.py b/tests/integration/test_distributed_ddl_on_database_cluster/test.py new file mode 100755 index 000000000000..c54170a56e23 --- /dev/null +++ b/tests/integration/test_distributed_ddl_on_database_cluster/test.py @@ -0,0 +1,76 @@ +import os +import sys +import time +import uuid +import pytest + +from helpers.cluster import ClickHouseCluster +from helpers.test_tools import assert_eq_with_retry + +from helpers.test_tools import TSV + +cluster = ClickHouseCluster(__file__) + +node1 = cluster.add_instance( + "node1", + main_configs=["configs/config.d/settings.xml"], + user_configs=["configs/users.d/query_log.xml"], + with_zookeeper=True, + macros={"shard": 1, "replica": 1}, +) +node2 = cluster.add_instance( + "node2", + main_configs=["configs/config.d/settings.xml"], + user_configs=["configs/users.d/query_log.xml"], + with_zookeeper=True, + macros={"shard": 1, "replica": 2}, +) + + +@pytest.fixture(scope="module") +def started_cluster(): + try: + cluster.start() + + yield cluster + + finally: + cluster.shutdown() + + +def test_waiting_replicated_database_hosts(started_cluster): + node1.query("DROP DATABASE IF EXISTS db SYNC") + node2.query("DROP DATABASE IF EXISTS db SYNC") + + node1.query("DROP TABLE IF EXISTS t SYNC") + node2.query("DROP TABLE IF EXISTS t SYNC") + + node1.query( + "CREATE DATABASE db ENGINE=Replicated('/test/db', '{shard}', '{replica}')" + ) + node2.query( + "CREATE DATABASE db ENGINE=Replicated('/test/db', '{shard}', '{replica}')" + ) + + query_id = str(uuid.uuid4()) + node1.query( + "CREATE TABLE t ON CLUSTER 'db' (x INT, y INT) ENGINE=MergeTree ORDER BY x", + settings={"distributed_ddl_output_mode": "throw_only_active"}, + query_id=query_id, + ) + assert ( + node2.query("SELECT count() FROM system.tables WHERE name='t'").strip() == "1" + ) + node1.query("SYSTEM FLUSH LOGS") + assert ( + node1.query( + f"SELECT count() FROM system.text_log WHERE query_id='{query_id}' AND level='Warning' AND message LIKE '%Did not find active hosts%'" + ).strip() + == "0" + ) + + node1.query("DROP DATABASE IF EXISTS db SYNC") + node2.query("DROP DATABASE IF EXISTS db SYNC") + + node1.query("DROP TABLE IF EXISTS t SYNC") + node2.query("DROP TABLE IF EXISTS t SYNC") From 242552746a5e54b4b01344038bce50e0da41c5e4 Mon Sep 17 00:00:00 2001 From: Tuan Pham Anh Date: Tue, 24 Feb 2026 09:09:22 +0800 Subject: [PATCH 049/141] Update DDLWorker.cpp Fix compilation error --- src/Interpreters/DDLWorker.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Interpreters/DDLWorker.cpp b/src/Interpreters/DDLWorker.cpp index aa14079f70c8..4f8d46f16642 100644 --- a/src/Interpreters/DDLWorker.cpp +++ b/src/Interpreters/DDLWorker.cpp @@ -1429,6 +1429,7 @@ void DDLWorker::markReplicasActive(bool reinitialized) zookeeper->deleteEphemeralNodeIfContentMatches(active_path, active_id); } Coordination::Requests ops; + Coordination::Responses res; ops.emplace_back(zkutil::makeCreateRequest(active_path, active_id, zkutil::CreateMode::Ephemeral)); /// To bump node mtime ops.emplace_back(zkutil::makeSetRequest(fs::path(replicas_dir) / host_id, "", -1)); From ffb41dd9222ce46ef97a8c01a3a8578f895e7e68 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Wed, 25 Feb 2026 09:29:40 +0000 Subject: [PATCH 050/141] Backport #97866 to 25.8: Handle unprocessed left blocks in `GraceHashJoin` --- src/Interpreters/GraceHashJoin.cpp | 22 ++++++ src/Interpreters/HashJoin/HashJoinMethods.h | 2 +- .../HashJoin/HashJoinMethodsImpl.h | 4 +- ..._grace_hash_join_leftover_blocks.reference | 6 ++ .../03988_grace_hash_join_leftover_blocks.sql | 79 +++++++++++++++++++ 5 files changed, 110 insertions(+), 3 deletions(-) create mode 100644 tests/queries/0_stateless/03988_grace_hash_join_leftover_blocks.reference create mode 100644 tests/queries/0_stateless/03988_grace_hash_join_leftover_blocks.sql diff --git a/src/Interpreters/GraceHashJoin.cpp b/src/Interpreters/GraceHashJoin.cpp index f957b218c4c9..231c7ec02dd6 100644 --- a/src/Interpreters/GraceHashJoin.cpp +++ b/src/Interpreters/GraceHashJoin.cpp @@ -528,6 +528,17 @@ class GraceHashJoin::DelayedBlocks : public IBlocksStream if (not_processed) { auto res = not_processed->next(); + if (res.is_last && res.next_block) + { + res.next_block->filterBySelector(); + auto next_block = std::move(*res.next_block).getSourceBlock(); + if (next_block.rows() > 0) + { + auto new_res = hash_join->joinBlock(std::move(next_block)); + std::lock_guard lock(extra_block_mutex); + not_processed_results.emplace_back(std::move(new_res)); + } + } if (!res.is_last) { std::lock_guard lock(extra_block_mutex); @@ -602,6 +613,17 @@ class GraceHashJoin::DelayedBlocks : public IBlocksStream auto res = hash_join->joinBlock(block); auto next = res->next(); + if (next.is_last && next.next_block) + { + next.next_block->filterBySelector(); + auto next_block = std::move(*next.next_block).getSourceBlock(); + if (next_block.rows() > 0) + { + auto new_res = hash_join->joinBlock(std::move(next_block)); + std::lock_guard lock(extra_block_mutex); + not_processed_results.emplace_back(std::move(new_res)); + } + } if (!next.is_last) { std::lock_guard lock(extra_block_mutex); diff --git a/src/Interpreters/HashJoin/HashJoinMethods.h b/src/Interpreters/HashJoin/HashJoinMethods.h index 4241c4e129ee..ffec6ef4910d 100644 --- a/src/Interpreters/HashJoin/HashJoinMethods.h +++ b/src/Interpreters/HashJoin/HashJoinMethods.h @@ -193,7 +193,7 @@ class HashJoinMethods /// First to collect all matched rows refs by join keys, then filter out rows which are not true in additional filter expression. template - static size_t joinRightColumnsWithAddtitionalFilter( + static size_t joinRightColumnsWithAdditionalFilter( std::vector && key_getter_vector, const std::vector & mapv, AddedColumns & added_columns, diff --git a/src/Interpreters/HashJoin/HashJoinMethodsImpl.h b/src/Interpreters/HashJoin/HashJoinMethodsImpl.h index ee4e90f8da04..13e7a07aed93 100644 --- a/src/Interpreters/HashJoin/HashJoinMethodsImpl.h +++ b/src/Interpreters/HashJoin/HashJoinMethodsImpl.h @@ -306,7 +306,7 @@ size_t HashJoinMethods::joinRightColumnsSwitchMu if (added_columns.additional_filter_expression) { const bool mark_per_row_used = join_features.right || join_features.full || mapv.size() > 1; - return joinRightColumnsWithAddtitionalFilter( + return joinRightColumnsWithAdditionalFilter( std::forward>(key_getter_vector), mapv, added_columns, @@ -815,7 +815,7 @@ static ColumnPtr buildAdditionalFilter( template template -size_t HashJoinMethods::joinRightColumnsWithAddtitionalFilter( +size_t HashJoinMethods::joinRightColumnsWithAdditionalFilter( std::vector && key_getter_vector, const std::vector & mapv, AddedColumns & added_columns, diff --git a/tests/queries/0_stateless/03988_grace_hash_join_leftover_blocks.reference b/tests/queries/0_stateless/03988_grace_hash_join_leftover_blocks.reference new file mode 100644 index 000000000000..3894b6e08587 --- /dev/null +++ b/tests/queries/0_stateless/03988_grace_hash_join_leftover_blocks.reference @@ -0,0 +1,6 @@ +9 +9 +9 +9 +9 +9 diff --git a/tests/queries/0_stateless/03988_grace_hash_join_leftover_blocks.sql b/tests/queries/0_stateless/03988_grace_hash_join_leftover_blocks.sql new file mode 100644 index 000000000000..521ca6af3cf3 --- /dev/null +++ b/tests/queries/0_stateless/03988_grace_hash_join_leftover_blocks.sql @@ -0,0 +1,79 @@ +DROP TABLE IF EXISTS test; +DROP TABLE IF EXISTS test2; + +SET max_joined_block_size_rows = 5; +SET enable_analyzer = 1; + +CREATE TABLE test +( + c0 Int, + c1 Date +) +ENGINE = MergeTree() +ORDER BY (c1); + +INSERT INTO test (c0, c1) VALUES +(1,'1995-01-28'), +(1,'1995-01-29'), +(1,'1995-01-30'); + +CREATE TABLE test2 +( + c0 Int, + c1 Date +) +ENGINE = MergeTree() +ORDER BY (c0); + +INSERT INTO test2 (c1, c0) VALUES +('1992-12-14',1), +('1992-12-14',1), +('1989-05-06',1); + +SELECT + count() +FROM test +LEFT JOIN test2 + ON test.c0 = test2.c0 + AND test.c1 >= test2.c1 +SETTINGS join_algorithm='parallel_hash'; + +SELECT + count() +FROM test2 +LEFT JOIN test + ON test.c0 = test2.c0 + AND test.c1 >= test2.c1 +SETTINGS join_algorithm='grace_hash', grace_hash_join_initial_buckets = 2; + +SELECT + count() +FROM test +RIGHT JOIN test2 + ON test.c0 = test2.c0 + AND test.c1 >= test2.c1 +SETTINGS join_algorithm='parallel_hash'; + +SELECT + count() +FROM test2 +RIGHT JOIN test + ON test.c0 = test2.c0 + AND test.c1 >= test2.c1 +SETTINGS join_algorithm='grace_hash', grace_hash_join_initial_buckets = 2; + +SELECT + count() +FROM test +FULL JOIN test2 + ON test.c0 = test2.c0 + AND test.c1 >= test2.c1 +SETTINGS join_algorithm='parallel_hash'; + +SELECT + count() +FROM test2 +FULL JOIN test + ON test.c0 = test2.c0 + AND test.c1 >= test2.c1 +SETTINGS join_algorithm='grace_hash', grace_hash_join_initial_buckets = 2; \ No newline at end of file From 90de77f366d5c07ed50dafaa28eacabdfe206b48 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Wed, 25 Feb 2026 13:43:08 +0000 Subject: [PATCH 051/141] Backport #97523 to 25.8: Fix logical error about missing stream during INSERT SELECT with JSON and buckets in shared data --- src/Columns/ColumnDynamic.h | 2 +- src/Columns/ColumnObject.cpp | 2 +- .../Serializations/SerializationObject.cpp | 4 +++- ..._data_buckets_missing_stream_bug.reference | 20 +++++++++++++++++++ ...shared_data_buckets_missing_stream_bug.sql | 11 ++++++++++ 5 files changed, 36 insertions(+), 3 deletions(-) create mode 100644 tests/queries/0_stateless/03925_json_shared_data_buckets_missing_stream_bug.reference create mode 100644 tests/queries/0_stateless/03925_json_shared_data_buckets_missing_stream_bug.sql diff --git a/src/Columns/ColumnDynamic.h b/src/Columns/ColumnDynamic.h index 4e1bbe3232f1..3028ad021d8d 100644 --- a/src/Columns/ColumnDynamic.h +++ b/src/Columns/ColumnDynamic.h @@ -222,7 +222,7 @@ class ColumnDynamic final : public COWHelper, Colum ColumnPtr permute(const Permutation & perm, size_t limit) const override { - return create(variant_column_ptr->permute(perm, limit), variant_info, max_dynamic_types, global_max_dynamic_types); + return create(variant_column_ptr->permute(perm, limit), variant_info, max_dynamic_types, global_max_dynamic_types, statistics); } ColumnPtr index(const IColumn & indexes, size_t limit) const override diff --git a/src/Columns/ColumnObject.cpp b/src/Columns/ColumnObject.cpp index 7ca7701a1e83..965d2c8d21b3 100644 --- a/src/Columns/ColumnObject.cpp +++ b/src/Columns/ColumnObject.cpp @@ -1174,7 +1174,7 @@ ColumnPtr ColumnObject::permute(const Permutation & perm, size_t limit) const permuted_dynamic_paths[path] = column->permute(perm, limit); auto permuted_shared_data = shared_data->permute(perm, limit); - return ColumnObject::create(permuted_typed_paths, permuted_dynamic_paths, permuted_shared_data, max_dynamic_paths, global_max_dynamic_paths, max_dynamic_types); + return ColumnObject::create(permuted_typed_paths, permuted_dynamic_paths, permuted_shared_data, max_dynamic_paths, global_max_dynamic_paths, max_dynamic_types, statistics); } ColumnPtr ColumnObject::index(const IColumn & indexes, size_t limit) const diff --git a/src/DataTypes/Serializations/SerializationObject.cpp b/src/DataTypes/Serializations/SerializationObject.cpp index e164e10d6bd1..b8b7d49bfedb 100644 --- a/src/DataTypes/Serializations/SerializationObject.cpp +++ b/src/DataTypes/Serializations/SerializationObject.cpp @@ -217,8 +217,10 @@ void SerializationObject::enumerateStreams(EnumerateStreamsSettings & settings, { shared_data_serialization_version = SerializationObjectSharedData::SerializationVersion(settings.object_shared_data_serialization_version); /// Avoid creating buckets in shared data for Wide part if shared data is empty. - if (settings.data_part_type != MergeTreeDataPartType::Wide || !column_object->getStatistics() || !column_object->getStatistics()->shared_data_paths_statistics.empty()) + if (settings.data_part_type != MergeTreeDataPartType::Wide || !column_object->getStatistics() + || !column_object->getStatistics()->shared_data_paths_statistics.empty()) num_buckets = settings.object_shared_data_buckets; + } shared_data_serialization = std::make_shared(shared_data_serialization_version, dynamic_type, num_buckets); diff --git a/tests/queries/0_stateless/03925_json_shared_data_buckets_missing_stream_bug.reference b/tests/queries/0_stateless/03925_json_shared_data_buckets_missing_stream_bug.reference new file mode 100644 index 000000000000..e9c6b09c7b3c --- /dev/null +++ b/tests/queries/0_stateless/03925_json_shared_data_buckets_missing_stream_bug.reference @@ -0,0 +1,20 @@ +0 {"a":42} +0 {"a":42} +1 {"a":42} +1 {"a":42} +2 {"a":42} +2 {"a":42} +3 {"a":42} +3 {"a":42} +4 {"a":42} +4 {"a":42} +5 {"a":42} +5 {"a":42} +6 {"a":42} +6 {"a":42} +7 {"a":42} +7 {"a":42} +8 {"a":42} +8 {"a":42} +9 {"a":42} +9 {"a":42} diff --git a/tests/queries/0_stateless/03925_json_shared_data_buckets_missing_stream_bug.sql b/tests/queries/0_stateless/03925_json_shared_data_buckets_missing_stream_bug.sql new file mode 100644 index 000000000000..dafa2b2065fb --- /dev/null +++ b/tests/queries/0_stateless/03925_json_shared_data_buckets_missing_stream_bug.sql @@ -0,0 +1,11 @@ +drop table if exists src; +drop table if exists dst; +create table src (id UInt64, json JSON) engine=MergeTree order by id settings min_bytes_for_wide_part=1, object_serialization_version='v3', object_shared_data_serialization_version_for_zero_level_parts='map_with_buckets'; +create table dst (id UInt64, json JSON) engine=MergeTree order by id settings min_bytes_for_wide_part=1, object_serialization_version='v3', object_shared_data_serialization_version_for_zero_level_parts='map_with_buckets'; +insert into src select number, '{"a" : 42}' from numbers(10); +insert into src select number, '{"a" : 42}' from numbers(10); +insert into dst select * from src order by id desc; +select * from dst order by id; +drop table src; +drop table dst; + From 0a6f4bee9a1be6c2e86201e6cade2bd372f7a2d0 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Thu, 26 Feb 2026 04:46:26 +0000 Subject: [PATCH 052/141] Backport #97826 to 25.8: Fix crash with mapContainsKey/mapContainsKeyLike --- .../MergeTreeIndexBloomFilterText.cpp | 4 +- ...88_map_contains_key_like_tokenbf.reference | 18 +++++ .../03988_map_contains_key_like_tokenbf.sql | 65 +++++++++++++++++++ 3 files changed, 85 insertions(+), 2 deletions(-) create mode 100644 tests/queries/0_stateless/03988_map_contains_key_like_tokenbf.reference create mode 100644 tests/queries/0_stateless/03988_map_contains_key_like_tokenbf.sql diff --git a/src/Storages/MergeTree/MergeTreeIndexBloomFilterText.cpp b/src/Storages/MergeTree/MergeTreeIndexBloomFilterText.cpp index af1ba6953f81..59d6dd6e1192 100644 --- a/src/Storages/MergeTree/MergeTreeIndexBloomFilterText.cpp +++ b/src/Storages/MergeTree/MergeTreeIndexBloomFilterText.cpp @@ -493,7 +493,7 @@ bool MergeTreeConditionBloomFilterText::traverseTreeEquals( { if (function_name == "has" || function_name == "mapContainsKey" || function_name == "mapContains") { - out.key_column = *key_index; + out.key_column = *map_key_index; out.function = RPNElement::FUNCTION_HAS; out.bloom_filter = std::make_unique(params); auto & value = const_value.safeGet(); @@ -502,7 +502,7 @@ bool MergeTreeConditionBloomFilterText::traverseTreeEquals( } if (function_name == "mapContainsKeyLike") { - out.key_column = *key_index; + out.key_column = *map_key_index; out.function = RPNElement::FUNCTION_HAS; out.bloom_filter = std::make_unique(params); auto & value = const_value.safeGet(); diff --git a/tests/queries/0_stateless/03988_map_contains_key_like_tokenbf.reference b/tests/queries/0_stateless/03988_map_contains_key_like_tokenbf.reference new file mode 100644 index 000000000000..599d91218700 --- /dev/null +++ b/tests/queries/0_stateless/03988_map_contains_key_like_tokenbf.reference @@ -0,0 +1,18 @@ +1 +0 +1 +1 +1 +1 +1 +1 +0 +hostname +Verify skip index is used +1 +1 +1 +1 +1 +1 +1 diff --git a/tests/queries/0_stateless/03988_map_contains_key_like_tokenbf.sql b/tests/queries/0_stateless/03988_map_contains_key_like_tokenbf.sql new file mode 100644 index 000000000000..d14c3fc91371 --- /dev/null +++ b/tests/queries/0_stateless/03988_map_contains_key_like_tokenbf.sql @@ -0,0 +1,65 @@ +-- Test for issue https://github.com/ClickHouse/ClickHouse/issues/97792 + +SET parallel_replicas_local_plan = 1; + +DROP TABLE IF EXISTS t_map_tokenbf; + +CREATE TABLE t_map_tokenbf +( + metadata Map(String, String), + created_at DateTime64(3), + INDEX index_metadata_keys mapKeys(metadata) TYPE tokenbf_v1(32768, 3, 0) GRANULARITY 1, + INDEX index_metadata_vals mapValues(metadata) TYPE tokenbf_v1(32768, 3, 0) GRANULARITY 1 +) +ENGINE = MergeTree +ORDER BY created_at; + +INSERT INTO t_map_tokenbf VALUES ({'hostname': 'myhost', 'env': 'prod'}, now()); + +SELECT count() FROM t_map_tokenbf WHERE mapContainsKeyLike(metadata, '%host%'); -- 1 +SELECT count() FROM t_map_tokenbf WHERE mapContainsKeyLike(metadata, '%bad%'); -- 0 +SELECT count() FROM t_map_tokenbf WHERE mapContains(metadata, 'hostname'); -- 1 +SELECT count() FROM t_map_tokenbf WHERE mapContainsKey(metadata, 'env'); -- 1 +SELECT count() FROM t_map_tokenbf WHERE has(mapKeys(metadata), 'env'); -- 1 +SELECT count() FROM t_map_tokenbf WHERE has(metadata, 'hostname'); -- 1 +SELECT count() FROM t_map_tokenbf WHERE mapContainsValue(metadata, 'prod'); -- 1 +SELECT count() FROM t_map_tokenbf WHERE mapContainsValueLike(metadata, '%host%'); -- 1 +SELECT count() FROM t_map_tokenbf WHERE mapContainsValueLike(metadata, '%random%'); -- 0 + +SELECT arrayJoin(mapKeys(mapExtractKeyLike(metadata, '%host%'))) as extracted_metadata +FROM t_map_tokenbf +WHERE mapContainsKeyLike(metadata, '%host%') +GROUP BY extracted_metadata; + +-- Verify that skip index was used - all should return 1 +SELECT 'Verify skip index is used'; + +SELECT COUNT(*) FROM ( + EXPLAIN indexes=1 SELECT count() FROM t_map_tokenbf WHERE mapContainsKeyLike(metadata, '%host%') + ) WHERE explain LIKE '%index_metadata%'; + +SELECT COUNT(*) FROM ( + EXPLAIN indexes=1 SELECT count() FROM t_map_tokenbf WHERE mapContains(metadata, 'hostname') + ) WHERE explain LIKE '%index_metadata%'; + +SELECT COUNT(*) FROM ( + EXPLAIN indexes=1 SELECT count() FROM t_map_tokenbf WHERE mapContainsKey(metadata, 'env') + ) WHERE explain LIKE '%index_metadata%'; + +SELECT COUNT(*) FROM ( + EXPLAIN indexes=1 SELECT count() FROM t_map_tokenbf WHERE has(mapKeys(metadata), 'env') + ) WHERE explain LIKE '%index_metadata%'; + +SELECT COUNT(*) FROM ( + EXPLAIN indexes=1 SELECT count() FROM t_map_tokenbf WHERE has(metadata, 'hostname') + ) WHERE explain LIKE '%index_metadata%'; + +SELECT COUNT(*) FROM ( + EXPLAIN indexes=1 SELECT count() FROM t_map_tokenbf WHERE mapContainsValue(metadata, 'prod') + ) WHERE explain LIKE '%index_metadata%'; + +SELECT COUNT(*) FROM ( + EXPLAIN indexes=1 SELECT count() FROM t_map_tokenbf WHERE mapContainsValueLike(metadata, '%random%') + ) WHERE explain LIKE '%index_metadata%'; + +DROP TABLE t_map_tokenbf; From 094885ee95336b4e42069f6cda3e9d064deb1bf7 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Thu, 26 Feb 2026 06:36:25 +0000 Subject: [PATCH 053/141] Backport #97546 to 25.8: Remove incorrect replaceRegexpOne to extract rewrite; fix exception with group_by_use_nulls --- .../Passes/RegexpFunctionRewritePass.cpp | 78 +------------------ ...regexp_rewrite_nullable_group_by.reference | 4 + ...03389_regexp_rewrite_nullable_group_by.sql | 4 + ...ptimize_rewrite_regexp_functions.reference | 71 ++--------------- ...3538_optimize_rewrite_regexp_functions.sql | 55 +------------ 5 files changed, 20 insertions(+), 192 deletions(-) create mode 100644 tests/queries/0_stateless/03389_regexp_rewrite_nullable_group_by.reference create mode 100644 tests/queries/0_stateless/03389_regexp_rewrite_nullable_group_by.sql diff --git a/src/Analyzer/Passes/RegexpFunctionRewritePass.cpp b/src/Analyzer/Passes/RegexpFunctionRewritePass.cpp index 860c3fb71d29..e898105c69f3 100644 --- a/src/Analyzer/Passes/RegexpFunctionRewritePass.cpp +++ b/src/Analyzer/Passes/RegexpFunctionRewritePass.cpp @@ -1,13 +1,12 @@ #include -#include -#include #include #include #include #include #include #include +#include #include #include #include @@ -35,28 +34,13 @@ class RegexpFunctionRewriteVisitor : public InDepthQueryTreeVisitorWithContextas(); - if (!function_node || !function_node->isOrdinaryFunction() || !isString(function_node->getResultType())) + if (!function_node || !function_node->isOrdinaryFunction() || !isString(removeNullable(function_node->getResultType()))) return; /// If a regular expression without alternatives starts with ^ or ends with an unescaped $, rewrite /// replaceRegexpAll with replaceRegexpOne. if (function_node->getFunctionName() == "replaceRegexpAll" || Poco::toLower(function_node->getFunctionName()) == "regexp_replace") - { - if (!handleReplaceRegexpAll(*function_node)) - return; - - /// After optimization, function_node might now be "replaceRegexpOne", so continue processing - } - - /// If a replaceRegexpOne function has a regexp that matches entire haystack, and a replacement of nothing other - /// than \1 and some subpatterns in the regexp, or \0 and no subpatterns in the regexp, rewrite it with extract. - if (function_node->getFunctionName() == "replaceRegexpOne") - { - if (!handleReplaceRegexpOne(*function_node)) - return; - - /// After optimization, function_node might now be "extract", so continue processing - } + handleReplaceRegexpAll(*function_node); /// If an extract function has a regexp with some subpatterns and the regexp starts with ^.* or ending with an /// unescaped .*$, remove this prefix and/or suffix. @@ -114,62 +98,6 @@ class RegexpFunctionRewriteVisitor : public InDepthQueryTreeVisitorWithContextas(); - if (!constant_node) - return false; - - if (auto constant_type = constant_node->getResultType(); !isString(constant_type)) - return false; - - String replacement = constant_node->getValue().safeGet(); - bool replacement_zero = replacement == "\\0"; - bool replacement_one = replacement == "\\1"; - if (!replacement_zero && !replacement_one) - return false; - - const auto * regexp_node = function_node_arguments_nodes[1]->as(); - if (!regexp_node) - return false; - - if (auto regexp_type = regexp_node->getResultType(); !isString(regexp_type)) - return false; - - String regexp = regexp_node->getValue().safeGet(); - - /// Currently only look for ^...$ patterns without alternatives. - bool starts_with_caret = regexp.front() == '^'; - if (!starts_with_caret) - return false; - - bool ends_with_unescaped_dollar = false; - if (!regexp.empty() && regexp.back() == '$') - ends_with_unescaped_dollar = isUnescaped(regexp, regexp.size() - 1); - - if (!ends_with_unescaped_dollar) - return false; - - /// Analyze the regular expression to detect presence of alternatives (e.g., 'a|b'). If any alternatives are - /// found, return false to indicate the regexp is not suitable for optimization. - RegexpAnalysisResult result = OptimizedRegularExpression::analyze(regexp); - if (!result.alternatives.empty()) - return false; - - if ((replacement_one && result.has_capture) || (replacement_zero && !result.has_capture)) - { - function_node_arguments_nodes.resize(2); - resolveOrdinaryFunctionNodeByName(function_node, "extract", getContext()); - return true; - } - - return false; - } - void handleExtract(FunctionNode & function_node) { auto & function_node_arguments_nodes = function_node.getArguments().getNodes(); diff --git a/tests/queries/0_stateless/03389_regexp_rewrite_nullable_group_by.reference b/tests/queries/0_stateless/03389_regexp_rewrite_nullable_group_by.reference new file mode 100644 index 000000000000..d099bc72639f --- /dev/null +++ b/tests/queries/0_stateless/03389_regexp_rewrite_nullable_group_by.reference @@ -0,0 +1,4 @@ +abc123 +abc123 +\N +\N diff --git a/tests/queries/0_stateless/03389_regexp_rewrite_nullable_group_by.sql b/tests/queries/0_stateless/03389_regexp_rewrite_nullable_group_by.sql new file mode 100644 index 000000000000..47b44703fbff --- /dev/null +++ b/tests/queries/0_stateless/03389_regexp_rewrite_nullable_group_by.sql @@ -0,0 +1,4 @@ +-- https://github.com/ClickHouse/ClickHouse/issues/88218 +-- RegexpFunctionRewritePass must handle Nullable result types from group_by_use_nulls +SET enable_analyzer = 1; +SELECT replaceRegexpOne(identity('abc123'), '^(abc)$', '\\1') GROUP BY 1, toLowCardinality(9), 1 WITH CUBE SETTINGS group_by_use_nulls=1; diff --git a/tests/queries/0_stateless/03538_optimize_rewrite_regexp_functions.reference b/tests/queries/0_stateless/03538_optimize_rewrite_regexp_functions.reference index 54c9b5d8fda7..12102a657fa5 100644 --- a/tests/queries/0_stateless/03538_optimize_rewrite_regexp_functions.reference +++ b/tests/queries/0_stateless/03538_optimize_rewrite_regexp_functions.reference @@ -38,62 +38,9 @@ FROM system.one AS __table1 EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpAll(identity('abc123'), '^123|456$', ''); SELECT replaceRegexpAll(identity(\'abc123\'), \'^123|456$\', \'\') AS `replaceRegexpAll(identity(\'abc123\'), \'^123|456$\', \'\')` FROM system.one AS __table1 --- Rule 2: If a replaceRegexpOne function has a replacement of nothing other than \1 and some subpatterns in the regexp, or \0 and no subpatterns in the regexp, rewrite it with extract. +-- Rule 2 (replaceRegexpOne -> extract) was removed because extract returns empty string on non-match, +-- while replaceRegexpOne returns the original string, making them semantically different. --- NOTE: \0 is specially treated as NUL instead of capture group reference. Need to use \\0 instead. - --- Only \0, no capture group (should rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^abc123$', '\\0'); -SELECT extract(identity(\'abc123\'), \'^abc123$\') AS `replaceRegexpOne(identity(\'abc123\'), \'^abc123$\', \'\\\\\\\\0\')` -FROM system.one AS __table1 --- Only \1, with one capture group (should rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^(abc)$', '\1'); -SELECT extract(identity(\'abc123\'), \'^(abc)$\') AS `replaceRegexpOne(identity(\'abc123\'), \'^(abc)$\', \'\\\\\\\\1\')` -FROM system.one AS __table1 --- Only \1, no capture group (should NOT rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^abc$', '\1'); -SELECT replaceRegexpOne(identity(\'abc123\'), \'^abc$\', \'\\\\1\') AS `replaceRegexpOne(identity(\'abc123\'), \'^abc$\', \'\\\\\\\\1\')` -FROM system.one AS __table1 --- Pattern not full (should NOT rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^abc', '\\0'); -SELECT replaceRegexpOne(identity(\'abc123\'), \'^abc\', \'\\\\0\') AS `replaceRegexpOne(identity(\'abc123\'), \'^abc\', \'\\\\\\\\0\')` -FROM system.one AS __table1 --- Pattern not full (should NOT rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), 'abc$', '\\0'); -SELECT replaceRegexpOne(identity(\'abc123\'), \'abc$\', \'\\\\0\') AS `replaceRegexpOne(identity(\'abc123\'), \'abc$\', \'\\\\\\\\0\')` -FROM system.one AS __table1 --- Pattern not full (should NOT rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), 'abc', '\\0'); -SELECT replaceRegexpOne(identity(\'abc123\'), \'abc\', \'\\\\0\') AS `replaceRegexpOne(identity(\'abc123\'), \'abc\', \'\\\\\\\\0\')` -FROM system.one AS __table1 --- Pattern not full (should NOT rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^abc\\$', '\\0'); -SELECT replaceRegexpOne(identity(\'abc123\'), \'^abc\\\\$\', \'\\\\0\') AS `replaceRegexpOne(identity(\'abc123\'), \'^abc\\\\\\\\$\', \'\\\\\\\\0\')` -FROM system.one AS __table1 --- Pattern not full (should NOT rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^ab|c$', '\\0'); -SELECT replaceRegexpOne(identity(\'abc123\'), \'^ab|c$\', \'\\\\0\') AS `replaceRegexpOne(identity(\'abc123\'), \'^ab|c$\', \'\\\\\\\\0\')` -FROM system.one AS __table1 --- \0 with extra characters (should NOT rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^abc123$', 'pre\\0post'); -SELECT replaceRegexpOne(identity(\'abc123\'), \'^abc123$\', \'pre\\\\0post\') AS `replaceRegexpOne(identity(\'abc123\'), \'^abc123$\', \'pre\\\\\\\\0post\')` -FROM system.one AS __table1 --- \1 with two capture groups (should rewrite — only \1 used) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^(a)(b)$', '\1'); -SELECT extract(identity(\'abc123\'), \'^(a)(b)$\') AS `replaceRegexpOne(identity(\'abc123\'), \'^(a)(b)$\', \'\\\\\\\\1\')` -FROM system.one AS __table1 --- \2 used (should NOT rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^(a)(b)$', '\2'); -SELECT replaceRegexpOne(identity(\'abc123\'), \'^(a)(b)$\', \'\\\\2\') AS `replaceRegexpOne(identity(\'abc123\'), \'^(a)(b)$\', \'\\\\\\\\2\')` -FROM system.one AS __table1 --- Mixed content in replacement (should NOT rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^(abc)$', 'X\1Y'); -SELECT replaceRegexpOne(identity(\'abc123\'), \'^(abc)$\', \'X\\\\1Y\') AS `replaceRegexpOne(identity(\'abc123\'), \'^(abc)$\', \'X\\\\\\\\1Y\')` -FROM system.one AS __table1 --- Escaped backslash in replacement (should NOT rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^(abc)$', '\\\\1'); -SELECT replaceRegexpOne(identity(\'abc123\'), \'^(abc)$\', \'\\\\\\\\1\') AS `replaceRegexpOne(identity(\'abc123\'), \'^(abc)$\', \'\\\\\\\\\\\\\\\\1\')` -FROM system.one AS __table1 -- Rule 3: If an extract function has a regexp with some subpatterns and the regexp starts with ^.* or ending with an unescaped .*$, remove this prefix and/or suffix. -- Starts with ^.* (should strip prefix) @@ -134,19 +81,11 @@ SELECT extract(identity(\'abc123\'), \'(abc).*\') AS `extract(identity(\'abc123\ FROM system.one AS __table1 -- Cascade tests --- Rule 1 + Rule 2: replaceRegexpAll to replaceRegexpOne to extract +-- Rule 1 only: replaceRegexpAll to replaceRegexpOne (Rule 2 removed) EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpAll(identity('abc'), '^(abc)', '\1'); SELECT replaceRegexpOne(identity(\'abc\'), \'^(abc)\', \'\\\\1\') AS `replaceRegexpAll(identity(\'abc\'), \'^(abc)\', \'\\\\\\\\1\')` FROM system.one AS __table1 --- Rule 2 + 3: replaceRegexpOne -> extract -> simplified extract -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc'), '^.*(abc).*$','\1'); -SELECT extract(identity(\'abc\'), \'(abc)\') AS `replaceRegexpOne(identity(\'abc\'), \'^.*(abc).*$\', \'\\\\\\\\1\')` -FROM system.one AS __table1 --- Rule 1 + 2 + 3: replaceRegexpAll -> replaceRegexpOne -> extract -> simplified extract -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpAll(identity('abc'), '^.*(abc).*$','\1'); -SELECT extract(identity(\'abc\'), \'(abc)\') AS `replaceRegexpAll(identity(\'abc\'), \'^.*(abc).*$\', \'\\\\\\\\1\')` -FROM system.one AS __table1 --- ClickBench Q28 +-- ClickBench Q28: Rule 1 only: regexp_replace to replaceRegexpOne EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT REGEXP_REPLACE(identity('some referer'), '^https?://(?:www\.)?([^/]+)/.*$', '\1'); -SELECT extract(identity(\'some referer\'), \'^https?://(?:www\\\\.)?([^/]+)/\') AS `REGEXP_REPLACE(identity(\'some referer\'), \'^https?://(?:www\\\\\\\\.)?([^/]+)/.*$\', \'\\\\\\\\1\')` +SELECT replaceRegexpOne(identity(\'some referer\'), \'^https?://(?:www\\\\.)?([^/]+)/.*$\', \'\\\\1\') AS `REGEXP_REPLACE(identity(\'some referer\'), \'^https?://(?:www\\\\\\\\.)?([^/]+)/.*$\', \'\\\\\\\\1\')` FROM system.one AS __table1 diff --git a/tests/queries/0_stateless/03538_optimize_rewrite_regexp_functions.sql b/tests/queries/0_stateless/03538_optimize_rewrite_regexp_functions.sql index e5f37eb54c9e..3e0e3194442d 100644 --- a/tests/queries/0_stateless/03538_optimize_rewrite_regexp_functions.sql +++ b/tests/queries/0_stateless/03538_optimize_rewrite_regexp_functions.sql @@ -28,49 +28,8 @@ EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpAll(identity( -- Pattern with alternatives (should NOT rewrite) EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpAll(identity('abc123'), '^123|456$', ''); --- Rule 2: If a replaceRegexpOne function has a replacement of nothing other than \1 and some subpatterns in the regexp, or \0 and no subpatterns in the regexp, rewrite it with extract. - --- NOTE: \0 is specially treated as NUL instead of capture group reference. Need to use \\0 instead. - --- Only \0, no capture group (should rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^abc123$', '\\0'); - --- Only \1, with one capture group (should rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^(abc)$', '\1'); - --- Only \1, no capture group (should NOT rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^abc$', '\1'); - --- Pattern not full (should NOT rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^abc', '\\0'); - --- Pattern not full (should NOT rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), 'abc$', '\\0'); - --- Pattern not full (should NOT rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), 'abc', '\\0'); - --- Pattern not full (should NOT rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^abc\\$', '\\0'); - --- Pattern not full (should NOT rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^ab|c$', '\\0'); - --- \0 with extra characters (should NOT rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^abc123$', 'pre\\0post'); - --- \1 with two capture groups (should rewrite — only \1 used) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^(a)(b)$', '\1'); - --- \2 used (should NOT rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^(a)(b)$', '\2'); - --- Mixed content in replacement (should NOT rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^(abc)$', 'X\1Y'); - --- Escaped backslash in replacement (should NOT rewrite) -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc123'), '^(abc)$', '\\\\1'); - +-- Rule 2 (replaceRegexpOne -> extract) was removed because extract returns empty string on non-match, +-- while replaceRegexpOne returns the original string, making them semantically different. -- Rule 3: If an extract function has a regexp with some subpatterns and the regexp starts with ^.* or ending with an unescaped .*$, remove this prefix and/or suffix. @@ -104,14 +63,8 @@ EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT extract(identity('abc123') -- Cascade tests --- Rule 1 + Rule 2: replaceRegexpAll to replaceRegexpOne to extract +-- Rule 1 only: replaceRegexpAll to replaceRegexpOne (Rule 2 removed) EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpAll(identity('abc'), '^(abc)', '\1'); --- Rule 2 + 3: replaceRegexpOne -> extract -> simplified extract -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpOne(identity('abc'), '^.*(abc).*$','\1'); - --- Rule 1 + 2 + 3: replaceRegexpAll -> replaceRegexpOne -> extract -> simplified extract -EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT replaceRegexpAll(identity('abc'), '^.*(abc).*$','\1'); - --- ClickBench Q28 +-- ClickBench Q28: Rule 1 only: regexp_replace to replaceRegexpOne EXPLAIN QUERY TREE dump_tree = 0, dump_ast = 1 SELECT REGEXP_REPLACE(identity('some referer'), '^https?://(?:www\.)?([^/]+)/.*$', '\1'); From e1830b4cbc57686175b2e889e0b9b1a5b872d7ae Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Thu, 26 Feb 2026 12:27:49 +0000 Subject: [PATCH 054/141] Backport #97887 to 25.8: Fix data race in ZooKeeper client between sendThread and receiveThread --- src/Common/ZooKeeper/ZooKeeperImpl.cpp | 17 ++++---- ...3988_zookeeper_send_receive_race.reference | 1 + .../03988_zookeeper_send_receive_race.sh | 42 +++++++++++++++++++ 3 files changed, 52 insertions(+), 8 deletions(-) create mode 100644 tests/queries/0_stateless/03988_zookeeper_send_receive_race.reference create mode 100755 tests/queries/0_stateless/03988_zookeeper_send_receive_race.sh diff --git a/src/Common/ZooKeeper/ZooKeeperImpl.cpp b/src/Common/ZooKeeper/ZooKeeperImpl.cpp index 55501ea1d568..20db52cca1f2 100644 --- a/src/Common/ZooKeeper/ZooKeeperImpl.cpp +++ b/src/Common/ZooKeeper/ZooKeeperImpl.cpp @@ -789,6 +789,15 @@ void ZooKeeper::sendThread() /// After we popped element from the queue, we must register callbacks (even in the case when expired == true right now), /// because they must not be lost (callbacks must be called because the user will wait for them). + if (info.watch) + info.request->has_watch = true; + + if (info.request->add_root_path) + info.request->addRootPath(args.chroot); + + /// Insert into operations AFTER mutating the request (has_watch, addRootPath) + /// to avoid a data race: receiveThread reads from operations concurrently, + /// and the request object is shared via shared_ptr. if (info.request->xid != close_xid) { CurrentMetrics::add(CurrentMetrics::ZooKeeperRequest); @@ -796,19 +805,11 @@ void ZooKeeper::sendThread() operations[info.request->xid] = info; } - if (info.watch) - { - info.request->has_watch = true; - } - if (requests_queue.isFinished()) { break; } - if (info.request->add_root_path) - info.request->addRootPath(args.chroot); - info.request->probably_sent = true; info.request->write(getWriteBuffer(), use_xid_64); flushWriteBuffer(); diff --git a/tests/queries/0_stateless/03988_zookeeper_send_receive_race.reference b/tests/queries/0_stateless/03988_zookeeper_send_receive_race.reference new file mode 100644 index 000000000000..d86bac9de59a --- /dev/null +++ b/tests/queries/0_stateless/03988_zookeeper_send_receive_race.reference @@ -0,0 +1 @@ +OK diff --git a/tests/queries/0_stateless/03988_zookeeper_send_receive_race.sh b/tests/queries/0_stateless/03988_zookeeper_send_receive_race.sh new file mode 100755 index 000000000000..8b4a8a3d92f4 --- /dev/null +++ b/tests/queries/0_stateless/03988_zookeeper_send_receive_race.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env bash +# Tags: zookeeper, no-fasttest + +# Regression test for a data race in ZooKeeper client between sendThread and receiveThread. +# +# sendThread used to mutate the request (addRootPath, has_watch) AFTER copying it +# into the operations map, while receiveThread could concurrently read from the +# same shared request object via the operations map. This caused a data race on +# the request's path string (std::string reallocation during addRootPath vs +# concurrent getPath() read), leading to SIGBUS/use-after-free crashes. +# +# Under TSAN this test reliably detects the race before the fix. +# The key is to generate many concurrent ZooKeeper requests through the server's +# shared ZK session so sendThread and receiveThread are both actively working on +# the operations map at the same time. + +CUR_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +# shellcheck source=../shell_config.sh +. "$CUR_DIR"/../shell_config.sh + +$CLICKHOUSE_CLIENT -q " + DROP TABLE IF EXISTS t_zk_race; + CREATE TABLE t_zk_race (key UInt64) + ENGINE = ReplicatedMergeTree('/clickhouse/tables/$CLICKHOUSE_TEST_ZOOKEEPER_PREFIX/t_zk_race', 'r1') + ORDER BY key; +" + +ZK_PATH="/clickhouse/tables/$CLICKHOUSE_TEST_ZOOKEEPER_PREFIX/t_zk_race" + +# Flood the server's shared ZK connection with concurrent reads from +# system.zookeeper. Each SELECT issues ZK list/get requests that go through +# sendThread (addRootPath + operations map insert) and receiveThread +# (operations map read for timeout + response handling) on the same session. +# +# Use clickhouse-benchmark for maximum ZK operations/sec on a single session. +# --timelimit ensures the test runs long enough for TSAN to catch the race. +echo "SELECT count() FROM system.zookeeper WHERE path = '$ZK_PATH' FORMAT Null" | \ + ${CLICKHOUSE_BENCHMARK} --concurrency 30 --iterations 100000 --timelimit 10 2>&1 | grep -q "Executed" || true + +echo "OK" + +$CLICKHOUSE_CLIENT -q "DROP TABLE IF EXISTS t_zk_race" From 459f02f84b8dee129cfafc12a9f4b31f3317d1fd Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Fri, 27 Feb 2026 11:22:26 +0000 Subject: [PATCH 055/141] Backport #98147 to 25.8: Fix segfault in outer-to-inner join optimization with arrayJoin in filter --- src/Interpreters/ActionsDAG.cpp | 3 +++ ...in_in_filter_outer_to_inner_join.reference | 0 ...ray_join_in_filter_outer_to_inner_join.sql | 19 +++++++++++++++++++ 3 files changed, 22 insertions(+) create mode 100644 tests/queries/0_stateless/04003_array_join_in_filter_outer_to_inner_join.reference create mode 100644 tests/queries/0_stateless/04003_array_join_in_filter_outer_to_inner_join.sql diff --git a/src/Interpreters/ActionsDAG.cpp b/src/Interpreters/ActionsDAG.cpp index 300a43f3d779..32971bad2ef2 100644 --- a/src/Interpreters/ActionsDAG.cpp +++ b/src/Interpreters/ActionsDAG.cpp @@ -842,6 +842,9 @@ static ColumnWithTypeAndName executeActionForPartialResult(const ActionsDAG::Nod case ActionsDAG::ActionType::ARRAY_JOIN: { auto key = arguments.at(0); + if (!key.column) + break; + key.column = key.column->convertToFullColumnIfConst(); const auto * array = getArrayJoinColumnRawPtr(key.column); diff --git a/tests/queries/0_stateless/04003_array_join_in_filter_outer_to_inner_join.reference b/tests/queries/0_stateless/04003_array_join_in_filter_outer_to_inner_join.reference new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/tests/queries/0_stateless/04003_array_join_in_filter_outer_to_inner_join.sql b/tests/queries/0_stateless/04003_array_join_in_filter_outer_to_inner_join.sql new file mode 100644 index 000000000000..3d63ae1a423d --- /dev/null +++ b/tests/queries/0_stateless/04003_array_join_in_filter_outer_to_inner_join.sql @@ -0,0 +1,19 @@ +-- Regression: segfault in executeActionForPartialResult when filter expression contains arrayJoin +-- and the convertOuterJoinToInnerJoin optimization tries to evaluate the filter with partial (null) arguments. + +SET enable_analyzer = 1; +SELECT DISTINCT + 2, + 1048575 +FROM numbers(1) AS l, + numbers(2, isZeroOrNull(assumeNotNull(1))) AS r +ANY INNER JOIN r AS alias37 ON equals(alias37.number, r.number) +RIGHT JOIN l AS alias44 ON equals(alias44.number, alias37.number) +ANY INNER JOIN alias44 AS alias48 ON equals(alias48.number, r.number) +ANY RIGHT JOIN r AS alias52 ON equals(alias52.number, alias37.number) +WHERE equals(isNull(toLowCardinality(toUInt128(2))), arrayJoin([*, 13, 13, 13, toNullable(13), 13])) +GROUP BY + materialize(1), + isNull(toUInt128(2)), + and(and(1048575, isZeroOrNull(1), isNullable(isNull(1))), materialize(13), isNull(toUInt256(materialize(2))), *, and(*, and(1, nan, isNull(isNull(1)), isZeroOrNull(1), 1048575), 13)) +WITH CUBE; From 73400b8da0b11eccdf473b18801d1707bad37eb1 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Fri, 27 Feb 2026 13:38:47 +0000 Subject: [PATCH 056/141] Backport #97778 to 25.8: Fix reading empty granules in advanced shared data in JSON --- .../SerializationObjectSharedData.cpp | 9 ++---- ...28_json_advanced_shared_data_bug.reference | 30 +++++++++++++++++++ .../03928_json_advanced_shared_data_bug.sql | 16 ++++++++++ 3 files changed, 48 insertions(+), 7 deletions(-) create mode 100644 tests/queries/0_stateless/03928_json_advanced_shared_data_bug.reference create mode 100644 tests/queries/0_stateless/03928_json_advanced_shared_data_bug.sql diff --git a/src/DataTypes/Serializations/SerializationObjectSharedData.cpp b/src/DataTypes/Serializations/SerializationObjectSharedData.cpp index 52676c4c09d2..78aa333eef86 100644 --- a/src/DataTypes/Serializations/SerializationObjectSharedData.cpp +++ b/src/DataTypes/Serializations/SerializationObjectSharedData.cpp @@ -682,10 +682,10 @@ std::shared_ptr SerializationO structure_state.last_granule_structure.clear(); size_t rows_to_read = limit + rows_offset; - StructureGranule current_granule; - std::swap(structure_state.last_granule_structure, current_granule); while (rows_to_read != 0) { + auto & current_granule = structure_state.last_granule_structure; + /// Calculate remaining rows in current granule that can be read. size_t remaining_rows_in_granule = current_granule.num_rows - current_granule.limit - current_granule.offset; @@ -736,12 +736,7 @@ std::shared_ptr SerializationO } result->push_back(current_granule); - current_granule.clear(); } - - /// Remember the state of the last read granule because it can be partially read. - if (!result->empty()) - structure_state.last_granule_structure = result->back(); } /// Add deserialized data into cache. diff --git a/tests/queries/0_stateless/03928_json_advanced_shared_data_bug.reference b/tests/queries/0_stateless/03928_json_advanced_shared_data_bug.reference new file mode 100644 index 000000000000..c0d2ee3f3b2a --- /dev/null +++ b/tests/queries/0_stateless/03928_json_advanced_shared_data_bug.reference @@ -0,0 +1,30 @@ +{"a":[{"b":42}]} +{"a":[{"b":42}]} +{"a":[{"b":42}]} +{"a":[{"b":42}]} +{"a":[{"b":42}]} +{"a":[{"b":42}]} +{"a":[{"b":42}]} +{"a":[{"b":42}]} +{"a":[{"b":42}]} +{"a":[{"b":42}]} +{} +{} +{} +{} +{} +{} +{} +{} +{} +{} +{"a":[{"b":42}]} +{"a":[{"b":42}]} +{"a":[{"b":42}]} +{"a":[{"b":42}]} +{"a":[{"b":42}]} +{"a":[{"b":42}]} +{"a":[{"b":42}]} +{"a":[{"b":42}]} +{"a":[{"b":42}]} +{"a":[{"b":42}]} diff --git a/tests/queries/0_stateless/03928_json_advanced_shared_data_bug.sql b/tests/queries/0_stateless/03928_json_advanced_shared_data_bug.sql new file mode 100644 index 000000000000..c54c8378ae3c --- /dev/null +++ b/tests/queries/0_stateless/03928_json_advanced_shared_data_bug.sql @@ -0,0 +1,16 @@ +DROP TABLE IF EXISTS test; + +CREATE TABLE test +( + `json` JSON(max_dynamic_paths = 1) +) +ENGINE = MergeTree +ORDER BY tuple() +SETTINGS min_bytes_for_wide_part = 1, min_rows_for_wide_part = 1, write_marks_for_substreams_in_compact_parts = 1, object_serialization_version = 'v3', object_shared_data_serialization_version = 'advanced', object_shared_data_serialization_version_for_zero_level_parts = 'advanced', object_shared_data_buckets_for_wide_part = 1, index_granularity = 100; + +INSERT INTO test SELECT multiIf(number < 10, '{"a" : [{"b" : 42}]}', number < 20, '{}', '{"a" : [{"b" : 42}]}') from numbers(30); + +SELECT * FROM test SETTINGS max_block_size=10; + +DROP TABLE test; + From 5dfbd35a363e6788fe3e99f44360be6f14a8fc52 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Sun, 1 Mar 2026 03:15:20 +0000 Subject: [PATCH 057/141] Backport #98276 to 25.8: Fix off-by-one in ToDateMonotonicity boundary check --- src/Functions/FunctionsConversion.h | 6 +++--- ...3835_todate_monotonicity_boundary.reference | 1 + .../03835_todate_monotonicity_boundary.sql | 18 ++++++++++++++++++ 3 files changed, 22 insertions(+), 3 deletions(-) create mode 100644 tests/queries/0_stateless/03835_todate_monotonicity_boundary.reference create mode 100644 tests/queries/0_stateless/03835_todate_monotonicity_boundary.sql diff --git a/src/Functions/FunctionsConversion.h b/src/Functions/FunctionsConversion.h index ec7e23d9f587..ba33c9e5abe2 100644 --- a/src/Functions/FunctionsConversion.h +++ b/src/Functions/FunctionsConversion.h @@ -3588,13 +3588,13 @@ struct ToDateMonotonicity } else if ( ((left.getType() == Field::Types::UInt64 || left.isNull()) && (right.getType() == Field::Types::UInt64 || right.isNull()) - && ((left.isNull() || left.safeGet() < 0xFFFF) && (right.isNull() || right.safeGet() >= 0xFFFF))) + && ((left.isNull() || left.safeGet() <= DATE_LUT_MAX_DAY_NUM) && (right.isNull() || right.safeGet() > DATE_LUT_MAX_DAY_NUM))) || ((left.getType() == Field::Types::Int64 || left.isNull()) && (right.getType() == Field::Types::Int64 || right.isNull()) - && ((left.isNull() || left.safeGet() < 0xFFFF) && (right.isNull() || right.safeGet() >= 0xFFFF))) + && ((left.isNull() || left.safeGet() <= DATE_LUT_MAX_DAY_NUM) && (right.isNull() || right.safeGet() > DATE_LUT_MAX_DAY_NUM))) || (( (left.getType() == Field::Types::Float64 || left.isNull()) && (right.getType() == Field::Types::Float64 || right.isNull()) - && ((left.isNull() || left.safeGet() < 0xFFFF) && (right.isNull() || right.safeGet() >= 0xFFFF)))) + && ((left.isNull() || left.safeGet() <= DATE_LUT_MAX_DAY_NUM) && (right.isNull() || right.safeGet() > DATE_LUT_MAX_DAY_NUM)))) || !isNativeNumber(type)) { return {}; diff --git a/tests/queries/0_stateless/03835_todate_monotonicity_boundary.reference b/tests/queries/0_stateless/03835_todate_monotonicity_boundary.reference new file mode 100644 index 000000000000..d00491fd7e5b --- /dev/null +++ b/tests/queries/0_stateless/03835_todate_monotonicity_boundary.reference @@ -0,0 +1 @@ +1 diff --git a/tests/queries/0_stateless/03835_todate_monotonicity_boundary.sql b/tests/queries/0_stateless/03835_todate_monotonicity_boundary.sql new file mode 100644 index 000000000000..4460c5da7b68 --- /dev/null +++ b/tests/queries/0_stateless/03835_todate_monotonicity_boundary.sql @@ -0,0 +1,18 @@ +-- Regression test for off-by-one in ToDateMonotonicity boundary check. +-- The toDate function treats values <= DATE_LUT_MAX_DAY_NUM (65535) as day numbers +-- and values > 65535 as unix timestamps. The monotonicity check must correctly +-- identify ranges crossing this boundary as non-monotonic. +-- Previously caused LOGICAL_ERROR "Invalid binary search result in MergeTreeSetIndex" in debug builds. +-- https://github.com/ClickHouse/ClickHouse/issues/90461 + +DROP TABLE IF EXISTS t_todate_mono; + +CREATE TABLE t_todate_mono (x UInt64) ENGINE = MergeTree ORDER BY x SETTINGS index_granularity = 1; +INSERT INTO t_todate_mono SELECT number FROM numbers(100000); + +-- With index_granularity=1, mark 65535 covers the range [65535, 65536], +-- which crosses the DATE_LUT_MAX_DAY_NUM boundary. +-- The toDate conversion in the key condition chain must report this range as non-monotonic. +SELECT count() > 0 FROM t_todate_mono WHERE toDate(x) IN (toDate(12345), toDate(67890)); + +DROP TABLE t_todate_mono; From 557fdf60f81c4370867dff464de7f4b1064d39a7 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Sun, 1 Mar 2026 12:25:52 +0000 Subject: [PATCH 058/141] Update autogenerated version to 25.8.17.37 and contributors --- cmake/autogenerated_versions.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cmake/autogenerated_versions.txt b/cmake/autogenerated_versions.txt index 0e35a4848a1b..90b06879c921 100644 --- a/cmake/autogenerated_versions.txt +++ b/cmake/autogenerated_versions.txt @@ -2,11 +2,11 @@ # NOTE: VERSION_REVISION has nothing common with DBMS_TCP_PROTOCOL_VERSION, # only DBMS_TCP_PROTOCOL_VERSION should be incremented on protocol changes. -SET(VERSION_REVISION 54517) +SET(VERSION_REVISION 54518) SET(VERSION_MAJOR 25) SET(VERSION_MINOR 8) -SET(VERSION_PATCH 17) -SET(VERSION_GITHASH 7938087aa80508fb6d40b8bf024d025809a8880c) -SET(VERSION_DESCRIBE v25.8.17.1-lts) -SET(VERSION_STRING 25.8.17.1) +SET(VERSION_PATCH 18) +SET(VERSION_GITHASH b4cc081ff0a5c18914b1e8beb9070695498f3d8b) +SET(VERSION_DESCRIBE v25.8.18.1-lts) +SET(VERSION_STRING 25.8.18.1) # end of autochange From cd9f540d90459ff286e71675dcbee052f9fdca28 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Mon, 2 Mar 2026 11:58:13 +0000 Subject: [PATCH 059/141] Update autogenerated version to 25.8.18.1 and contributors --- cmake/autogenerated_versions.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cmake/autogenerated_versions.txt b/cmake/autogenerated_versions.txt index 90b06879c921..ef5c744ca19d 100644 --- a/cmake/autogenerated_versions.txt +++ b/cmake/autogenerated_versions.txt @@ -2,11 +2,11 @@ # NOTE: VERSION_REVISION has nothing common with DBMS_TCP_PROTOCOL_VERSION, # only DBMS_TCP_PROTOCOL_VERSION should be incremented on protocol changes. -SET(VERSION_REVISION 54518) +SET(VERSION_REVISION 54519) SET(VERSION_MAJOR 25) SET(VERSION_MINOR 8) -SET(VERSION_PATCH 18) -SET(VERSION_GITHASH b4cc081ff0a5c18914b1e8beb9070695498f3d8b) -SET(VERSION_DESCRIBE v25.8.18.1-lts) -SET(VERSION_STRING 25.8.18.1) +SET(VERSION_PATCH 19) +SET(VERSION_GITHASH 557fdf60f81c4370867dff464de7f4b1064d39a7) +SET(VERSION_DESCRIBE v25.8.19.1-lts) +SET(VERSION_STRING 25.8.19.1) # end of autochange From d1797dae41df4aa371f98826296c6dc4ee4347c3 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Tue, 3 Mar 2026 11:22:01 +0000 Subject: [PATCH 060/141] Backport #98306 to 25.8: Use `postgres` REL_18_3 --- contrib/postgres | 2 +- contrib/postgres-cmake/pg_config.h | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/contrib/postgres b/contrib/postgres index 5ad0c31d0c3a..c37596dd61c5 160000 --- a/contrib/postgres +++ b/contrib/postgres @@ -1 +1 @@ -Subproject commit 5ad0c31d0c3a76ed64655f4d397934b5ecc9696f +Subproject commit c37596dd61c5f2b8b7521fdbcdabc651bd9412c4 diff --git a/contrib/postgres-cmake/pg_config.h b/contrib/postgres-cmake/pg_config.h index 169b0af039ea..12767588b94d 100644 --- a/contrib/postgres-cmake/pg_config.h +++ b/contrib/postgres-cmake/pg_config.h @@ -593,7 +593,7 @@ #define PACKAGE_NAME "PostgreSQL" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "PostgreSQL 18.0" +#define PACKAGE_STRING "PostgreSQL 18.3" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "postgresql" @@ -602,7 +602,7 @@ #define PACKAGE_URL "https://www.postgresql.org/" /* Define to the version of this package. */ -#define PACKAGE_VERSION "18.0" +#define PACKAGE_VERSION "18.3" /* Define to the name of a signed 128-bit integer type. */ #define PG_INT128_TYPE __int128 @@ -618,19 +618,19 @@ #define PG_MAJORVERSION_NUM 18 /* PostgreSQL minor version number */ -#define PG_MINORVERSION_NUM 0 +#define PG_MINORVERSION_NUM 3 /* Define to best printf format archetype, usually gnu_printf if available. */ #define PG_PRINTF_ATTRIBUTE gnu_printf /* PostgreSQL version as a string */ -#define PG_VERSION "18.0" +#define PG_VERSION "18.3" /* PostgreSQL version as a number */ -#define PG_VERSION_NUM 180000 +#define PG_VERSION_NUM 180003 /* A string containing the version number, platform, and C compiler */ -#define PG_VERSION_STR "PostgreSQL 18.0 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 15.2.1 20250813, 64-bit" +#define PG_VERSION_STR "PostgreSQL 18.3 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 15.2.1 20250813, 64-bit" /* Define to 1 to allow profiling output to be saved separately for each process. */ From 57693c480f9d399bb0be6b64f15c562999f6b4c0 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Tue, 3 Mar 2026 18:27:31 +0000 Subject: [PATCH 061/141] Backport #98551 to 25.8: Fix column rollback in StorageBuffer::appendBlock --- src/Storages/StorageBuffer.cpp | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/src/Storages/StorageBuffer.cpp b/src/Storages/StorageBuffer.cpp index 21a5e11f52df..7e7e43db21c7 100644 --- a/src/Storages/StorageBuffer.cpp +++ b/src/Storages/StorageBuffer.cpp @@ -38,6 +38,7 @@ #include #include #include +#include #include #include #include @@ -553,7 +554,6 @@ void StorageBuffer::read( static void appendBlock(LoggerPtr log, const Block & from, Block & to) { size_t rows = from.rows(); - size_t old_rows = to.rows(); size_t old_bytes = to.bytes(); if (to.empty()) @@ -564,7 +564,15 @@ static void appendBlock(LoggerPtr log, const Block & from, Block & to) from.checkNumberOfRows(); to.checkNumberOfRows(); + /// Take checkpoints of all destination columns before any modifications + /// to be able to rollback in case of an exception in the middle of insertion. + ColumnCheckpoints checkpoints; + checkpoints.reserve(to.columns()); + for (size_t column_no = 0; column_no < to.columns(); ++column_no) + checkpoints.push_back(to.getByPosition(column_no).column->getCheckpoint()); + MutableColumnPtr last_col; + size_t mutated_columns = 0; try { MemoryTrackerBlockerInThread temporarily_disable_memory_tracker; @@ -590,6 +598,7 @@ static void appendBlock(LoggerPtr log, const Block & from, Block & to) LockMemoryExceptionInThread temporarily_ignore_any_memory_limits(VariableContext::Global); last_col = IColumn::mutate(std::move(to.getByPosition(column_no).column)); } + ++mutated_columns; /// In case of ColumnAggregateFunction aggregate states will /// be allocated from the query context but can be destroyed from the @@ -622,10 +631,11 @@ static void appendBlock(LoggerPtr log, const Block & from, Block & to) try { - for (size_t column_no = 0, columns = to.columns(); column_no < columns; ++column_no) + for (size_t column_no = 0; column_no < mutated_columns; ++column_no) { ColumnPtr & col_to = to.getByPosition(column_no).column; - /// If there is no column, then the exception was thrown in the middle of append, in the insertRangeFrom() + /// If there is no column, the exception was thrown in the middle of append, + /// during insertRangeFrom() — move last_col back so we can roll it back. if (!col_to) { col_to = std::move(last_col); @@ -635,8 +645,11 @@ static void appendBlock(LoggerPtr log, const Block & from, Block & to) /// But if there is still nothing, abort if (!col_to) throw Exception(ErrorCodes::LOGICAL_ERROR, "No column to rollback"); - if (col_to->size() != old_rows) - col_to = col_to->cut(0, old_rows); + + /// Rollback to the state before the exception. + auto mutable_col = IColumn::mutate(std::move(col_to)); + mutable_col->rollback(*checkpoints[column_no]); + col_to = std::move(mutable_col); } } catch (...) From 7366afca339c8f4f58902b62a9e1c78a7c462fe2 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Wed, 4 Mar 2026 10:21:48 +0000 Subject: [PATCH 062/141] Backport #98115 to 25.8: Enforce READ ON FILE checks for scalar file() and DESCRIBE TABLE file(). --- src/Functions/FunctionFile.cpp | 10 +++++++- src/TableFunctions/TableFunctionFile.cpp | 3 +++ ...file_function_read_on_file_grant.reference | 4 ++++ .../03822_file_function_read_on_file_grant.sh | 24 +++++++++++++++++++ 4 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 tests/queries/0_stateless/03822_file_function_read_on_file_grant.reference create mode 100755 tests/queries/0_stateless/03822_file_function_read_on_file_grant.sh diff --git a/src/Functions/FunctionFile.cpp b/src/Functions/FunctionFile.cpp index 1b3fc680171d..ead07a6c25d8 100644 --- a/src/Functions/FunctionFile.cpp +++ b/src/Functions/FunctionFile.cpp @@ -3,6 +3,7 @@ #include #include #include +#include #include #include #include @@ -31,7 +32,14 @@ class FunctionFile : public IFunction, WithContext { public: static constexpr auto name = "file"; - static FunctionPtr create(ContextPtr context_) { return std::make_shared(context_); } + + static FunctionPtr create(ContextPtr context_) + { + if (context && context->getApplicationType() != Context::ApplicationType::LOCAL) + context->checkAccess(AccessType::READ, toStringSource(AccessTypeObjects::Source::FILE)); + + return std::make_shared(context_); + } explicit FunctionFile(ContextPtr context_) : WithContext(context_) {} bool isVariadic() const override { return true; } diff --git a/src/TableFunctions/TableFunctionFile.cpp b/src/TableFunctions/TableFunctionFile.cpp index 0d6a6ab176a2..728167de8807 100644 --- a/src/TableFunctions/TableFunctionFile.cpp +++ b/src/TableFunctions/TableFunctionFile.cpp @@ -107,6 +107,9 @@ ColumnsDescription TableFunctionFile::getActualTableStructure(ContextPtr context throw Exception(ErrorCodes::BAD_ARGUMENTS, "Schema inference is not supported for table function '{}' with file descriptor", getName()); size_t total_bytes_to_read = 0; + if (context->getApplicationType() != Context::ApplicationType::LOCAL) + context->checkAccess(AccessType::READ, toStringSource(AccessTypeObjects::Source::FILE)); + Strings paths; std::optional archive_info; if (path_to_archive.empty()) diff --git a/tests/queries/0_stateless/03822_file_function_read_on_file_grant.reference b/tests/queries/0_stateless/03822_file_function_read_on_file_grant.reference new file mode 100644 index 000000000000..865d4ff5230b --- /dev/null +++ b/tests/queries/0_stateless/03822_file_function_read_on_file_grant.reference @@ -0,0 +1,4 @@ +ACCESS_DENIED +ACCESS_DENIED +FILE_DOESNT_EXIST +CANNOT_STAT diff --git a/tests/queries/0_stateless/03822_file_function_read_on_file_grant.sh b/tests/queries/0_stateless/03822_file_function_read_on_file_grant.sh new file mode 100755 index 000000000000..6db574849a79 --- /dev/null +++ b/tests/queries/0_stateless/03822_file_function_read_on_file_grant.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +CUR_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +# shellcheck source=../shell_config.sh +. "$CUR_DIR"/../shell_config.sh + +user="user_03822_${CLICKHOUSE_DATABASE}_$RANDOM" +missing_txt="missing_03822_${CLICKHOUSE_DATABASE}_$RANDOM.txt" +missing_csv="missing_03822_${CLICKHOUSE_DATABASE}_$RANDOM.csv" + +${CLICKHOUSE_CLIENT} <&1 | grep -c "ACCESS_DENIED") >= 1 )) && echo "ACCESS_DENIED" || echo "UNEXPECTED"; +(( $(${CLICKHOUSE_CLIENT} --user $user --query "DESCRIBE TABLE file('$missing_csv', 'CSV')" 2>&1 | grep -c "ACCESS_DENIED") >= 1 )) && echo "ACCESS_DENIED" || echo "UNEXPECTED"; + +${CLICKHOUSE_CLIENT} --query "GRANT READ ON FILE TO $user"; + +(( $(${CLICKHOUSE_CLIENT} --user $user --query "SELECT file('$missing_txt')" 2>&1 | grep -c "FILE_DOESNT_EXIST") >= 1 )) && echo "FILE_DOESNT_EXIST" || echo "UNEXPECTED"; +(( $(${CLICKHOUSE_CLIENT} --user $user --query "DESCRIBE TABLE file('$missing_csv', 'CSV')" 2>&1 | grep -c "CANNOT_STAT") >= 1 )) && echo "CANNOT_STAT" || echo "UNEXPECTED"; + +${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS $user"; From c88135e8f4c6f31daf92e1bacb5a81ecdd52b201 Mon Sep 17 00:00:00 2001 From: Nikolay Degterinsky <43110995+evillique@users.noreply.github.com> Date: Wed, 4 Mar 2026 11:23:41 +0100 Subject: [PATCH 063/141] Update FunctionFile.cpp --- src/Functions/FunctionFile.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Functions/FunctionFile.cpp b/src/Functions/FunctionFile.cpp index ead07a6c25d8..648b8b97d124 100644 --- a/src/Functions/FunctionFile.cpp +++ b/src/Functions/FunctionFile.cpp @@ -35,8 +35,8 @@ class FunctionFile : public IFunction, WithContext static FunctionPtr create(ContextPtr context_) { - if (context && context->getApplicationType() != Context::ApplicationType::LOCAL) - context->checkAccess(AccessType::READ, toStringSource(AccessTypeObjects::Source::FILE)); + if (context_ && context_->getApplicationType() != Context::ApplicationType::LOCAL) + context_->checkAccess(AccessType::READ, toStringSource(AccessTypeObjects::Source::FILE)); return std::make_shared(context_); } From 40a13905507bc09260a9b70d923542466e640791 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Wed, 4 Mar 2026 15:25:44 +0000 Subject: [PATCH 064/141] Backport #98304 to 25.8: Use `mongo-c-driver` 2.2.2 --- contrib/mongo-c-driver | 2 +- contrib/mongo-c-driver-cmake/CMakeLists.txt | 30 ++-- contrib/mongo-cxx-driver-cmake/CMakeLists.txt | 147 ++++++++++++++---- 3 files changed, 132 insertions(+), 47 deletions(-) diff --git a/contrib/mongo-c-driver b/contrib/mongo-c-driver index 4ee76b070b26..ba0d1dbf2b74 160000 --- a/contrib/mongo-c-driver +++ b/contrib/mongo-c-driver @@ -1 +1 @@ -Subproject commit 4ee76b070b260de5da1e8c8144c028dfc37efbaf +Subproject commit ba0d1dbf2b743a5a96609e7fe6b642876f0900ed diff --git a/contrib/mongo-c-driver-cmake/CMakeLists.txt b/contrib/mongo-c-driver-cmake/CMakeLists.txt index 0139a052aef0..0b608517607c 100644 --- a/contrib/mongo-c-driver-cmake/CMakeLists.txt +++ b/contrib/mongo-c-driver-cmake/CMakeLists.txt @@ -4,14 +4,14 @@ if(NOT USE_MONGODB) return() endif() -set(libbson_VERSION_MAJOR 1) -set(libbson_VERSION_MINOR 27) -set(libbson_VERSION_PATCH 0) -set(libbson_VERSION 1.27.0) -set(libmongoc_VERSION_MAJOR 1) -set(libmongoc_VERSION_MINOR 27) -set(libmongoc_VERSION_PATCH 0) -set(libmongoc_VERSION 1.27.0) +set(libbson_VERSION_MAJOR 2) +set(libbson_VERSION_MINOR 2) +set(libbson_VERSION_PATCH 2) +set(libbson_VERSION 2.2.2) +set(libmongoc_VERSION_MAJOR 2) +set(libmongoc_VERSION_MINOR 2) +set(libmongoc_VERSION_PATCH 2) +set(libmongoc_VERSION 2.2.2) set(LIBBSON_SOURCES_ROOT "${ClickHouse_SOURCE_DIR}/contrib/mongo-c-driver/src") set(LIBBSON_SOURCE_DIR "${LIBBSON_SOURCES_ROOT}/libbson/src") @@ -102,12 +102,12 @@ set(MONGOC_HAVE_SCHED_GETCPU 0) set(MONGOC_HAVE_SS_FAMILY 0) configure_file( - ${LIBBSON_SOURCE_DIR}/bson/bson-config.h.in - ${LIBBSON_BINARY_DIR}/bson/bson-config.h + ${LIBBSON_SOURCE_DIR}/bson/config.h.in + ${LIBBSON_BINARY_DIR}/bson/config.h ) configure_file( - ${LIBBSON_SOURCE_DIR}/bson/bson-version.h.in - ${LIBBSON_BINARY_DIR}/bson/bson-version.h + ${LIBBSON_SOURCE_DIR}/bson/version.h.in + ${LIBBSON_BINARY_DIR}/bson/version.h ) set(COMMON_SOURCE_DIR "${LIBBSON_SOURCES_ROOT}/common/src") @@ -136,6 +136,8 @@ set(UTF8PROC_SOURCE_DIR "${LIBBSON_SOURCES_ROOT}/utf8proc-2.8.0") set(UTF8PROC_SOURCES "${UTF8PROC_SOURCE_DIR}/utf8proc.c") set(UTHASH_SOURCE_DIR "${LIBBSON_SOURCES_ROOT}/uthash") +set(MONGOC_CXX_COMPILER_ID "${CMAKE_CXX_COMPILER_ID}") +set(MONGOC_CXX_COMPILER_VERSION "${CMAKE_CXX_COMPILER_VERSION}") configure_file( ${LIBMONGOC_SOURCE_DIR}/mongoc/mongoc-config.h.in ${LIBMONGOC_BINARY_DIR}/mongoc/mongoc-config.h @@ -144,6 +146,10 @@ configure_file( ${LIBMONGOC_SOURCE_DIR}/mongoc/mongoc-version.h.in ${LIBMONGOC_BINARY_DIR}/mongoc/mongoc-version.h ) +configure_file( + ${LIBMONGOC_SOURCE_DIR}/mongoc/mongoc-config-private.h.in + ${LIBMONGOC_BINARY_DIR}/mongoc/mongoc-config-private.h +) add_library(_libmongoc ${LIBMONGOC_SOURCES} ${COMMON_SOURCES} ${UTF8PROC_SOURCES}) add_library(ch_contrib::libmongoc ALIAS _libmongoc) target_include_directories(_libmongoc SYSTEM PUBLIC ${LIBMONGOC_SOURCE_DIR} ${LIBMONGOC_BINARY_DIR} ${LIBMONGOC_SOURCE_DIR}/mongoc ${LIBMONGOC_BINARY_DIR}/mongoc ${COMMON_SOURCE_DIR} ${UTF8PROC_SOURCE_DIR} ${UTHASH_SOURCE_DIR} ) diff --git a/contrib/mongo-cxx-driver-cmake/CMakeLists.txt b/contrib/mongo-cxx-driver-cmake/CMakeLists.txt index 212e099d378c..8c750e1082a4 100644 --- a/contrib/mongo-cxx-driver-cmake/CMakeLists.txt +++ b/contrib/mongo-cxx-driver-cmake/CMakeLists.txt @@ -8,66 +8,115 @@ endif() set(BSONCXX_SOURCES_DIR "${ClickHouse_SOURCE_DIR}/contrib/mongo-cxx-driver/src/bsoncxx") set(BSONCXX_BINARY_DIR "${ClickHouse_BINARY_DIR}/contrib/mongo-cxx-driver/src/bsoncxx") +include(GenerateExportHeader) + set(BSONCXX_SOURCES + ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/private/itoa.cpp + ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/private/version.cpp + ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v1/config/config.cpp + ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v1/config/export.cpp + ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v1/config/version.cpp + ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v1/detail/postlude.cpp + ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v1/detail/prelude.cpp ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/array/element.cpp ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/array/value.cpp ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/array/view.cpp ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/builder/core.cpp + ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/config/config.cpp + ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/config/export.cpp + ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/config/version.cpp ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/decimal128.cpp ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/document/element.cpp ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/document/value.cpp ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/document/view.cpp ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/exception/error_code.cpp + ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/exception/exception.cpp ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/json.cpp ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/oid.cpp - ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/private/itoa.cpp ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/string/view_or_value.cpp ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/types.cpp ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/types/bson_value/value.cpp ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/types/bson_value/view.cpp ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/validate.cpp + ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/vector.cpp ) + set(BSONCXX_POLY_USE_IMPLS ON) configure_file( - ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/config/config.hpp.in - ${BSONCXX_BINARY_DIR}/lib/bsoncxx/v_noabi/bsoncxx/config/config.hpp + ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v1/config/config.hpp.in + ${BSONCXX_BINARY_DIR}/lib/bsoncxx/v1/config/config.hpp ) configure_file( - ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/config/version.hpp.in - ${BSONCXX_BINARY_DIR}/lib/bsoncxx/v_noabi/bsoncxx/config/version.hpp + ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v1/config/version.hpp.in + ${BSONCXX_BINARY_DIR}/lib/bsoncxx/v1/config/version.hpp ) configure_file( - ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi/bsoncxx/config/private/config.hh.in - ${BSONCXX_BINARY_DIR}/lib/bsoncxx/v_noabi/bsoncxx/config/private/config.hh + ${BSONCXX_SOURCES_DIR}/lib/bsoncxx/private/config/config.hh.in + ${BSONCXX_BINARY_DIR}/lib/bsoncxx/private/config/config.hh ) add_library(_bsoncxx ${BSONCXX_SOURCES}) add_library(ch_contrib::bsoncxx ALIAS _bsoncxx) -target_include_directories(_bsoncxx SYSTEM PUBLIC "${BSONCXX_SOURCES_DIR}/include/bsoncxx/v_noabi" "${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi" "${BSONCXX_BINARY_DIR}/lib/bsoncxx/v_noabi") -target_compile_definitions(_bsoncxx PUBLIC BSONCXX_STATIC) +target_include_directories(_bsoncxx SYSTEM PUBLIC + "${BSONCXX_SOURCES_DIR}/include" + "${BSONCXX_SOURCES_DIR}/include/bsoncxx/v_noabi" + "${BSONCXX_SOURCES_DIR}/lib" + "${BSONCXX_SOURCES_DIR}/lib/bsoncxx/v_noabi" + + "${BSONCXX_BINARY_DIR}/lib" + "${BSONCXX_BINARY_DIR}/lib/bsoncxx/v_noabi" +) target_link_libraries(_bsoncxx ch_contrib::libbson) -include(GenerateExportHeader) +# Taken from mongo-cxx-driver/src/bsoncxx/CMakeLists.txt +set(bsoncxx_export_header_custom_content "") +string(APPEND bsoncxx_export_header_custom_content [[ + +#undef BSONCXX_DEPRECATED_EXPORT +#undef BSONCXX_DEPRECATED_NO_EXPORT + +#if defined(_MSC_VER) +#define BSONCXX_ABI_CDECL __cdecl +#else +#define BSONCXX_ABI_CDECL +#endif + +#define BSONCXX_ABI_EXPORT_CDECL(...) BSONCXX_ABI_EXPORT __VA_ARGS__ BSONCXX_ABI_CDECL + +]] +) generate_export_header(_bsoncxx - BASE_NAME BSONCXX - EXPORT_MACRO_NAME BSONCXX_API - NO_EXPORT_MACRO_NAME BSONCXX_PRIVATE - EXPORT_FILE_NAME ${BSONCXX_BINARY_DIR}/lib/bsoncxx/v_noabi/bsoncxx/config/export.hpp + BASE_NAME BSONCXX_ABI + EXPORT_MACRO_NAME BSONCXX_ABI_EXPORT + DEPRECATED_MACRO_NAME BSONCXX_DEPRECATED + EXPORT_FILE_NAME ${BSONCXX_BINARY_DIR}/lib/bsoncxx/v_noabi/bsoncxx/v1/config/export.hpp STATIC_DEFINE BSONCXX_STATIC + CUSTOM_CONTENT_FROM_VARIABLE bsoncxx_export_header_custom_content ) - set(MONGOCXX_SOURCES_DIR "${ClickHouse_SOURCE_DIR}/contrib/mongo-cxx-driver/src/mongocxx") set(MONGOCXX_BINARY_DIR "${ClickHouse_BINARY_DIR}/contrib/mongo-cxx-driver/src/mongocxx") set(MONGOCXX_SOURCES + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/private/bson.cpp + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/private/conversions.cpp + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/private/mongoc.cpp + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/private/numeric_casting.cpp + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v1/config/config.cpp + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v1/config/export.cpp + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v1/config/version.cpp + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v1/detail/postlude.cpp + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v1/detail/prelude.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/bulk_write.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/change_stream.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/client.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/client_encryption.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/client_session.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/collection.cpp + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/config/config.cpp + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/config/export.cpp + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/config/version.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/cursor.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/database.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/events/command_failed_event.cpp @@ -84,9 +133,16 @@ set(MONGOCXX_SOURCES ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/events/topology_closed_event.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/events/topology_description.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/events/topology_opening_event.cpp + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/exception/authentication_exception.cpp + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/exception/bulk_write_exception.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/exception/error_code.cpp + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/exception/exception.cpp + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/exception/gridfs_exception.cpp + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/exception/logic_error.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/exception/operation_exception.cpp + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/exception/query_exception.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/exception/server_error_code.cpp + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/exception/write_exception.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/gridfs/bucket.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/gridfs/downloader.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/gridfs/uploader.cpp @@ -111,7 +167,6 @@ set(MONGOCXX_SOURCES ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/options/client_encryption.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/options/client_session.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/options/count.cpp - ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/options/create_collection.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/options/data_key.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/options/delete.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/options/distinct.cpp @@ -136,10 +191,6 @@ set(MONGOCXX_SOURCES ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/options/update.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/pipeline.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/pool.cpp - ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/private/conversions.cpp - ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/private/libbson.cpp - ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/private/libmongoc.cpp - ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/private/numeric_casting.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/read_concern.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/read_preference.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/result/bulk_write.cpp @@ -156,37 +207,65 @@ set(MONGOCXX_SOURCES ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/validation_criteria.cpp ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/write_concern.cpp ) + set(MONGOCXX_COMPILER_VERSION "${CMAKE_CXX_COMPILER_VERSION}") set(MONGOCXX_COMPILER_ID "${CMAKE_CXX_COMPILER_ID}") -set(MONGOCXX_LINK_WITH_STATIC_MONGOC 1) -set(MONGOCXX_BUILD_STATIC 1) + if(ENABLE_SSL) set(MONGOCXX_ENABLE_SSL 1) endif() +set(BSONCXX_STATIC 1) +set(MONGOCXX_STATIC 1) + configure_file( - ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/config/config.hpp.in - ${MONGOCXX_BINARY_DIR}/lib/mongocxx/v_noabi/mongocxx/config/config.hpp + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v1/config/config.hpp.in + ${MONGOCXX_BINARY_DIR}/lib/mongocxx/v1/config/config.hpp ) configure_file( - ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/config/version.hpp.in - ${MONGOCXX_BINARY_DIR}/lib/mongocxx/v_noabi/mongocxx/config/version.hpp + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v1/config/version.hpp.in + ${MONGOCXX_BINARY_DIR}/lib/mongocxx/v1/config/version.hpp ) configure_file( - ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi/mongocxx/config/private/config.hh.in - ${MONGOCXX_BINARY_DIR}/lib/mongocxx/v_noabi/mongocxx/config/private/config.hh + ${MONGOCXX_SOURCES_DIR}/lib/mongocxx/private/config/config.hh.in + ${MONGOCXX_BINARY_DIR}/lib/mongocxx/private/config/config.hh ) add_library(_mongocxx ${MONGOCXX_SOURCES}) add_library(ch_contrib::mongocxx ALIAS _mongocxx) -target_include_directories(_mongocxx SYSTEM PUBLIC "${MONGOCXX_SOURCES_DIR}/include/mongocxx/v_noabi" "${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi" "${MONGOCXX_BINARY_DIR}/lib/mongocxx/v_noabi") -target_compile_definitions(_mongocxx PUBLIC MONGOCXX_STATIC) +target_include_directories(_mongocxx SYSTEM PUBLIC + "${MONGOCXX_SOURCES_DIR}/include" + "${MONGOCXX_SOURCES_DIR}/include/mongocxx/v_noabi" + "${MONGOCXX_SOURCES_DIR}/lib" + "${MONGOCXX_SOURCES_DIR}/lib/mongocxx/v_noabi" + + "${MONGOCXX_BINARY_DIR}/lib" + "${MONGOCXX_BINARY_DIR}/lib/mongocxx/v_noabi" +) target_link_libraries(_mongocxx ch_contrib::bsoncxx ch_contrib::libmongoc) +# Taken from mongo-cxx-driver/src/mongocxx/CMakeLists.txt +set(mongocxx_export_header_custom_content "") +string(APPEND mongocxx_export_header_custom_content [[ + +#undef MONGOCXX_DEPRECATED_EXPORT +#undef MONGOCXX_DEPRECATED_NO_EXPORT + +#if defined(_MSC_VER) +#define MONGOCXX_ABI_CDECL __cdecl +#else +#define MONGOCXX_ABI_CDECL +#endif + +#define MONGOCXX_ABI_EXPORT_CDECL(...) MONGOCXX_ABI_EXPORT __VA_ARGS__ MONGOCXX_ABI_CDECL + +]] +) generate_export_header(_mongocxx - BASE_NAME MONGOCXX - EXPORT_MACRO_NAME MONGOCXX_API - NO_EXPORT_MACRO_NAME MONGOCXX_PRIVATE - EXPORT_FILE_NAME ${MONGOCXX_BINARY_DIR}/lib/mongocxx/v_noabi/mongocxx/config/export.hpp + BASE_NAME MONGOCXX_ABI + EXPORT_MACRO_NAME MONGOCXX_ABI_EXPORT + DEPRECATED_MACRO_NAME MONGOCXX_DEPRECATED + EXPORT_FILE_NAME ${MONGOCXX_BINARY_DIR}/lib/mongocxx/v_noabi/mongocxx/v1/config/export.hpp STATIC_DEFINE MONGOCXX_STATIC + CUSTOM_CONTENT_FROM_VARIABLE mongocxx_export_header_custom_content ) From f89110eef28bcfc519d4b3499b15de7848aa7efb Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Wed, 4 Mar 2026 16:23:33 +0000 Subject: [PATCH 065/141] Backport #98740 to 25.8: CI: skip all jobs for release PRs in filter_job hook --- ci/jobs/scripts/workflow_hooks/filter_job.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ci/jobs/scripts/workflow_hooks/filter_job.py b/ci/jobs/scripts/workflow_hooks/filter_job.py index 1f35939f6189..ae882dc63068 100644 --- a/ci/jobs/scripts/workflow_hooks/filter_job.py +++ b/ci/jobs/scripts/workflow_hooks/filter_job.py @@ -54,6 +54,15 @@ def should_skip_job(job_name): if _info_cache is None: _info_cache = Info() + # There is no way to prevent GitHub Actions from running the PR workflow on + # release branches, so we skip all jobs here. The ReleaseCI workflow is used + # for testing on release branches instead. + if ( + Labels.RELEASE in _info_cache.pr_labels + or Labels.RELEASE_LTS in _info_cache.pr_labels + ): + return True, "Skipped for release PR" + changed_files = _info_cache.get_kv_data("changed_files") if not changed_files: print("WARNING: no changed files found for PR - do not filter jobs") From 3bdeb67f2fb21b5dd13de6576e1251dd36323521 Mon Sep 17 00:00:00 2001 From: Konstantin Bogdanov Date: Wed, 4 Mar 2026 18:39:29 +0100 Subject: [PATCH 066/141] Update mongo-cxx-driver submodule to match master The cxx-driver cmake from master references v1/config/, private/config/, and other paths that only exist in the newer cxx-driver version (4f52739). Update the submodule to match. --- contrib/mongo-cxx-driver | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/mongo-cxx-driver b/contrib/mongo-cxx-driver index 3166bdb49b71..4f5273939b5c 160000 --- a/contrib/mongo-cxx-driver +++ b/contrib/mongo-cxx-driver @@ -1 +1 @@ -Subproject commit 3166bdb49b717ce1bc30f46cc2b274ab1de7005b +Subproject commit 4f5273939b5cde587b34719f7c26364e502c00f4 From e5e2fc4bc8901ed0a236ca96fab33e7f77f78039 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Fri, 6 Mar 2026 13:35:13 +0000 Subject: [PATCH 067/141] Backport #98514 to 25.8: Fix unexpected result with read_in_order_use_virtual_row --- .../Optimizations/optimizeReadInOrder.cpp | 2 +- ...ow_conversions_join_column_names.reference | 16 +++++++++++ ...tual_row_conversions_join_column_names.sql | 27 +++++++++++++++++++ 3 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 tests/queries/0_stateless/04001_virtual_row_conversions_join_column_names.reference create mode 100644 tests/queries/0_stateless/04001_virtual_row_conversions_join_column_names.sql diff --git a/src/Processors/QueryPlan/Optimizations/optimizeReadInOrder.cpp b/src/Processors/QueryPlan/Optimizations/optimizeReadInOrder.cpp index 938f25b89fa8..c0e92c2989aa 100644 --- a/src/Processors/QueryPlan/Optimizations/optimizeReadInOrder.cpp +++ b/src/Processors/QueryPlan/Optimizations/optimizeReadInOrder.cpp @@ -344,7 +344,7 @@ const ActionsDAG::Node * addMonotonicChain(ActionsDAG & dag, const ActionsDAG::N args.push_back(&dag.addColumn({child->column, child->result_type, child->result_name})); } - return &dag.addFunction(node->function_base, std::move(args), {}); + return &dag.addFunction(node->function_base, std::move(args), node->result_name); } struct SortingInputOrder diff --git a/tests/queries/0_stateless/04001_virtual_row_conversions_join_column_names.reference b/tests/queries/0_stateless/04001_virtual_row_conversions_join_column_names.reference new file mode 100644 index 000000000000..3d454cd4efb8 --- /dev/null +++ b/tests/queries/0_stateless/04001_virtual_row_conversions_join_column_names.reference @@ -0,0 +1,16 @@ +-10 +-1 +0 +0 +1 +10 +- +0 1 +0 1 +0 2 +0 2 +- +0 1 +0 1 +0 2 +0 2 diff --git a/tests/queries/0_stateless/04001_virtual_row_conversions_join_column_names.sql b/tests/queries/0_stateless/04001_virtual_row_conversions_join_column_names.sql new file mode 100644 index 000000000000..30e1af99e362 --- /dev/null +++ b/tests/queries/0_stateless/04001_virtual_row_conversions_join_column_names.sql @@ -0,0 +1,27 @@ +DROP TABLE IF EXISTS t0; +DROP TABLE IF EXISTS t1; + +SET allow_suspicious_low_cardinality_types = 1; +SET enable_analyzer = 1; +CREATE TABLE t0 (c0 LowCardinality(Int)) ENGINE = MergeTree() ORDER BY (c0); +CREATE TABLE t1 (c0 Nullable(Int)) ENGINE = MergeTree() ORDER BY tuple(); + +INSERT INTO TABLE t0 (c0) VALUES (0), (1); +INSERT INTO TABLE t0 (c0) VALUES (-10), (10); +INSERT INTO TABLE t0 (c0) VALUES (0), (-1); +INSERT INTO TABLE t1 (c0) VALUES (1), (2); + +SET read_in_order_use_virtual_row = 1; + + +SELECT CAST(c0, 'Int32') a FROM t0 ORDER BY a; + +SELECT '-'; +SELECT * FROM t0 JOIN t1 ON t1.c0.null = t0.c0 +ORDER BY t0.c0, t1.c0; + +SELECT '-'; + +SELECT * FROM t0 JOIN t1 ON t1.c0.null = t0.c0 +ORDER BY t0.c0, t1.c0 +SETTINGS join_algorithm = 'full_sorting_merge'; From 321cfb4b961c409702e0cdc32a263c6c4e3371cf Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Fri, 13 Mar 2026 15:29:07 +0000 Subject: [PATCH 068/141] Backport #98770 to 25.8: Fix reverseUTF8 exception on invalid UTF-8 input --- src/Functions/reverseUTF8.cpp | 29 +++++++++++-------- .../04027_reverseUTF8_invalid_utf8.reference | 3 ++ .../04027_reverseUTF8_invalid_utf8.sql | 15 ++++++++++ 3 files changed, 35 insertions(+), 12 deletions(-) create mode 100644 tests/queries/0_stateless/04027_reverseUTF8_invalid_utf8.reference create mode 100644 tests/queries/0_stateless/04027_reverseUTF8_invalid_utf8.sql diff --git a/src/Functions/reverseUTF8.cpp b/src/Functions/reverseUTF8.cpp index 15deed86c256..00d400b11f0a 100644 --- a/src/Functions/reverseUTF8.cpp +++ b/src/Functions/reverseUTF8.cpp @@ -46,26 +46,31 @@ struct ReverseUTF8Impl ColumnString::Offset j = prev_offset; while (j < offsets[i]) { + size_t remaining = offsets[i] - j; + + unsigned int char_len; if (data[j] < 0xC0) - { - res_data[offsets[i] + prev_offset - 1 - j] = data[j]; - j += 1; - } + char_len = 1; else if (data[j] < 0xE0) - { - memcpy(&res_data[offsets[i] + prev_offset - 1 - j - 1], &data[j], 2); - j += 2; - } + char_len = 2; else if (data[j] < 0xF0) + char_len = 3; + else + char_len = 4; + + /// If not enough bytes remaining, treat as single byte (invalid UTF-8). + if (char_len > remaining) + char_len = 1; + + if (char_len == 1) { - memcpy(&res_data[offsets[i] + prev_offset - 1 - j - 2], &data[j], 3); - j += 3; + res_data[offsets[i] + prev_offset - 1 - j] = data[j]; } else { - memcpy(&res_data[offsets[i] + prev_offset - 1 - j - 3], &data[j], 4); - j += 4; + memcpy(&res_data[offsets[i] + prev_offset - j - char_len], &data[j], char_len); } + j += char_len; } prev_offset = offsets[i]; diff --git a/tests/queries/0_stateless/04027_reverseUTF8_invalid_utf8.reference b/tests/queries/0_stateless/04027_reverseUTF8_invalid_utf8.reference new file mode 100644 index 000000000000..1f0eb51aa4f8 --- /dev/null +++ b/tests/queries/0_stateless/04027_reverseUTF8_invalid_utf8.reference @@ -0,0 +1,3 @@ +esuoHkcilC +тевирП +はちにんこ diff --git a/tests/queries/0_stateless/04027_reverseUTF8_invalid_utf8.sql b/tests/queries/0_stateless/04027_reverseUTF8_invalid_utf8.sql new file mode 100644 index 000000000000..0267c46640d4 --- /dev/null +++ b/tests/queries/0_stateless/04027_reverseUTF8_invalid_utf8.sql @@ -0,0 +1,15 @@ +-- Test that reverseUTF8 does not crash on invalid UTF-8 (truncated multi-byte sequences) +SELECT reverseUTF8(unhex('C0')) FORMAT Null; +SELECT reverseUTF8(unhex('E0')) FORMAT Null; +SELECT reverseUTF8(unhex('F0')) FORMAT Null; +SELECT reverseUTF8(unhex('E0A0')) FORMAT Null; +SELECT reverseUTF8(unhex('F09F')) FORMAT Null; +SELECT reverseUTF8(unhex('F09F98')) FORMAT Null; + +-- The original crash query from the AST fuzzer +SELECT DISTINCT reverseUTF8(maxMergeDistinct(x) IGNORE NULLS), toNullable(1) FROM (SELECT DISTINCT dictHas(tuple(toUInt16(NULL)), 13, toUInt32(6), NULL), CAST(concat(unhex('00001000'), randomString(intDiv(1048576, toNullable(1))), toLowCardinality(toFixedString('\0', 1))), 'AggregateFunction(max, String)') AS x) WITH TOTALS FORMAT Null; + +-- Verify correct behavior on valid UTF-8 +SELECT reverseUTF8('ClickHouse'); +SELECT reverseUTF8('Привет'); +SELECT reverseUTF8('こんにちは'); From 8cac6ab5d151697c4a051d0aa80ca258712a1c28 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Fri, 13 Mar 2026 16:23:31 +0000 Subject: [PATCH 069/141] Backport #99081 to 25.8: Fix segfault in recursive CTE with `remote()` + `view()` --- src/Analyzer/Utils.cpp | 2 +- ...028_recursive_cte_remote_view_segfault.reference | 2 ++ .../04028_recursive_cte_remote_view_segfault.sql | 13 +++++++++++++ 3 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 tests/queries/0_stateless/04028_recursive_cte_remote_view_segfault.reference create mode 100644 tests/queries/0_stateless/04028_recursive_cte_remote_view_segfault.sql diff --git a/src/Analyzer/Utils.cpp b/src/Analyzer/Utils.cpp index 2d866e47d85b..7c2142c90f4c 100644 --- a/src/Analyzer/Utils.cpp +++ b/src/Analyzer/Utils.cpp @@ -104,7 +104,7 @@ bool isStorageUsedInTree(const StoragePtr & storage, const IQueryTreeNode * root if (table_node || table_function_node) { const auto & table_storage = table_node ? table_node->getStorage() : table_function_node->getStorage(); - if (table_storage->getStorageID() == storage->getStorageID()) + if (table_storage && table_storage->getStorageID() == storage->getStorageID()) return true; } diff --git a/tests/queries/0_stateless/04028_recursive_cte_remote_view_segfault.reference b/tests/queries/0_stateless/04028_recursive_cte_remote_view_segfault.reference new file mode 100644 index 000000000000..6ed281c757a9 --- /dev/null +++ b/tests/queries/0_stateless/04028_recursive_cte_remote_view_segfault.reference @@ -0,0 +1,2 @@ +1 +1 diff --git a/tests/queries/0_stateless/04028_recursive_cte_remote_view_segfault.sql b/tests/queries/0_stateless/04028_recursive_cte_remote_view_segfault.sql new file mode 100644 index 000000000000..f397bff986a7 --- /dev/null +++ b/tests/queries/0_stateless/04028_recursive_cte_remote_view_segfault.sql @@ -0,0 +1,13 @@ +-- Tags: no-fasttest +-- Regression test: recursive CTE with remote() + view() used to segfault +-- because isStorageUsedInTree tried to call getStorageID() on an unresolved +-- view() TableFunctionNode whose storage was null. + +SET enable_analyzer=1; + +WITH RECURSIVE x AS ( + (SELECT 1 FROM remote('127.0.0.1', view(SELECT 1))) + UNION ALL + (SELECT 1) +) +SELECT 1 FROM x; From b0277b9123f991ab1f23b72f07615c97954ca372 Mon Sep 17 00:00:00 2001 From: Alexey Milovidov Date: Mon, 16 Mar 2026 09:31:16 +0100 Subject: [PATCH 070/141] Accept `COMMENT` before `AS SELECT` in view parser for forward compatibility Newer ClickHouse versions (26.2+) may format views as: CREATE VIEW ... COMMENT 'text' AS SELECT ... This makes the parser accept `COMMENT` both before and after `AS SELECT`, so views created on newer versions can be loaded by this release. Ref #97843 Co-Authored-By: Claude Opus 4.6 (1M context) --- src/Parsers/ParserCreateQuery.cpp | 7 ++++++- .../04004_view_comment_before_as_select.reference | 2 ++ .../0_stateless/04004_view_comment_before_as_select.sql | 3 +++ 3 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 tests/queries/0_stateless/04004_view_comment_before_as_select.reference create mode 100644 tests/queries/0_stateless/04004_view_comment_before_as_select.sql diff --git a/src/Parsers/ParserCreateQuery.cpp b/src/Parsers/ParserCreateQuery.cpp index 38d0b4c19efd..243fe3fcba0b 100644 --- a/src/Parsers/ParserCreateQuery.cpp +++ b/src/Parsers/ParserCreateQuery.cpp @@ -1706,6 +1706,10 @@ bool ParserCreateViewQuery::parseImpl(Pos & pos, ASTPtr & node, Expected & expec if (!sql_security) sql_security_p.parse(pos, sql_security, expected); + /// Accept COMMENT before AS SELECT for forward compatibility with newer versions + /// that may format views as: CREATE VIEW ... COMMENT 'text' AS SELECT ... + auto comment = parseComment(pos, expected); + /// AS SELECT ... if (!s_as.ignore(pos, expected)) return false; @@ -1713,7 +1717,8 @@ bool ParserCreateViewQuery::parseImpl(Pos & pos, ASTPtr & node, Expected & expec if (!select_p.parse(pos, select, expected)) return false; - auto comment = parseComment(pos, expected); + if (!comment) + comment = parseComment(pos, expected); auto query = std::make_shared(); node = query; diff --git a/tests/queries/0_stateless/04004_view_comment_before_as_select.reference b/tests/queries/0_stateless/04004_view_comment_before_as_select.reference new file mode 100644 index 000000000000..6353405096a4 --- /dev/null +++ b/tests/queries/0_stateless/04004_view_comment_before_as_select.reference @@ -0,0 +1,2 @@ +CREATE VIEW v\nAS (SELECT 1)\nCOMMENT \'test\' +CREATE MATERIALIZED VIEW v\nENGINE = MergeTree\nORDER BY c\nAS (SELECT 1 AS c)\nCOMMENT \'test\' diff --git a/tests/queries/0_stateless/04004_view_comment_before_as_select.sql b/tests/queries/0_stateless/04004_view_comment_before_as_select.sql new file mode 100644 index 000000000000..91b761945067 --- /dev/null +++ b/tests/queries/0_stateless/04004_view_comment_before_as_select.sql @@ -0,0 +1,3 @@ +-- Forward compatibility: accept COMMENT before AS SELECT (syntax produced by 26.2+). +SELECT formatQuery('CREATE VIEW v COMMENT \'test\' AS SELECT 1'); +SELECT formatQuery('CREATE MATERIALIZED VIEW v ENGINE = MergeTree ORDER BY c COMMENT \'test\' AS SELECT 1 AS c'); From 2139879640db404b114f26c0161a84a2a588c374 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Mon, 16 Mar 2026 21:25:34 +0000 Subject: [PATCH 071/141] Backport #99471 to 25.8: Fix heap-use-after-free in IntersectOrExceptTransform with duplicate column names --- .../Transforms/IntersectOrExceptTransform.cpp | 10 +++------- ...ct_except_duplicate_column_names.reference | 4 ++++ ...ntersect_except_duplicate_column_names.sql | 20 +++++++++++++++++++ 3 files changed, 27 insertions(+), 7 deletions(-) create mode 100644 tests/queries/0_stateless/04039_intersect_except_duplicate_column_names.reference create mode 100644 tests/queries/0_stateless/04039_intersect_except_duplicate_column_names.sql diff --git a/src/Processors/Transforms/IntersectOrExceptTransform.cpp b/src/Processors/Transforms/IntersectOrExceptTransform.cpp index 180b0c11a3cc..412cd6c425d6 100644 --- a/src/Processors/Transforms/IntersectOrExceptTransform.cpp +++ b/src/Processors/Transforms/IntersectOrExceptTransform.cpp @@ -9,15 +9,11 @@ IntersectOrExceptTransform::IntersectOrExceptTransform(SharedHeader header_, Ope : IProcessor(InputPorts(2, header_), {header_}) , current_operator(operator_) { - const Names & columns = header_->getNames(); - size_t num_columns = columns.empty() ? header_->columns() : columns.size(); + size_t num_columns = header_->columns(); - key_columns_pos.reserve(columns.size()); + key_columns_pos.reserve(num_columns); for (size_t i = 0; i < num_columns; ++i) - { - auto pos = columns.empty() ? i : header_->getPositionByName(columns[i]); - key_columns_pos.emplace_back(pos); - } + key_columns_pos.emplace_back(i); } diff --git a/tests/queries/0_stateless/04039_intersect_except_duplicate_column_names.reference b/tests/queries/0_stateless/04039_intersect_except_duplicate_column_names.reference new file mode 100644 index 000000000000..9ac08789a5c9 --- /dev/null +++ b/tests/queries/0_stateless/04039_intersect_except_duplicate_column_names.reference @@ -0,0 +1,4 @@ +1 1 hello world world +2 2 foo bar bar +1 1 hello world world +2 2 foo bar bar diff --git a/tests/queries/0_stateless/04039_intersect_except_duplicate_column_names.sql b/tests/queries/0_stateless/04039_intersect_except_duplicate_column_names.sql new file mode 100644 index 000000000000..66d1f76d3dcc --- /dev/null +++ b/tests/queries/0_stateless/04039_intersect_except_duplicate_column_names.sql @@ -0,0 +1,20 @@ +-- Reproducer for heap-use-after-free in IntersectOrExceptTransform +-- when the header has duplicate column names (e.g., from SELECT col, *, col). +-- The bug was that getPositionByName returned the same position for duplicate names, +-- creating duplicate entries in key_columns_pos. Then convertToFullColumnIfConst +-- on the same position freed the column a raw pointer still referenced. + +DROP TABLE IF EXISTS t_intersect_except; +CREATE TABLE t_intersect_except (id UInt32, a String, b String) ENGINE = Memory; +INSERT INTO t_intersect_except VALUES (1, 'hello', 'world'), (2, 'foo', 'bar'); + +-- SELECT id, *, b produces duplicate column names: id appears twice, b appears twice. +(SELECT id, *, b FROM t_intersect_except ORDER BY id LIMIT 10) EXCEPT DISTINCT (SELECT id, *, b FROM t_intersect_except ORDER BY id LIMIT 10); + +(SELECT id, *, b FROM t_intersect_except ORDER BY id LIMIT 10) INTERSECT DISTINCT (SELECT id, *, b FROM t_intersect_except ORDER BY id LIMIT 10); + +(SELECT id, *, b FROM t_intersect_except ORDER BY id LIMIT 10) EXCEPT ALL (SELECT id, *, b FROM t_intersect_except ORDER BY id LIMIT 10); + +(SELECT id, *, b FROM t_intersect_except ORDER BY id LIMIT 10) INTERSECT ALL (SELECT id, *, b FROM t_intersect_except ORDER BY id LIMIT 10); + +DROP TABLE t_intersect_except; From 3d716973b2bd5c990fa1e7d7dfd54fac95e6ddb2 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Tue, 17 Mar 2026 11:28:53 +0000 Subject: [PATCH 072/141] Backport #99351 to 25.8: Fix CHECK TABLE with sparse serialization inside Tuple with Dynamic --- src/DataTypes/Serializations/SerializationSparse.cpp | 7 +++++-- .../04038_check_table_sparse_tuple_dynamic.reference | 1 + .../04038_check_table_sparse_tuple_dynamic.sql | 12 ++++++++++++ 3 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 tests/queries/0_stateless/04038_check_table_sparse_tuple_dynamic.reference create mode 100644 tests/queries/0_stateless/04038_check_table_sparse_tuple_dynamic.sql diff --git a/src/DataTypes/Serializations/SerializationSparse.cpp b/src/DataTypes/Serializations/SerializationSparse.cpp index 5e6638a7df4b..2e8e8559e005 100644 --- a/src/DataTypes/Serializations/SerializationSparse.cpp +++ b/src/DataTypes/Serializations/SerializationSparse.cpp @@ -68,7 +68,10 @@ size_t deserializeOffsets(IColumn::Offsets & offsets, skipped_values_rows = 0; size_t max_rows_to_read = offset + limit; - if (max_rows_to_read && state.num_trailing_defaults >= max_rows_to_read) + if (max_rows_to_read == 0) + return 0; + + if (state.num_trailing_defaults >= max_rows_to_read) { state.num_trailing_defaults -= max_rows_to_read; return limit; @@ -111,7 +114,7 @@ size_t deserializeOffsets(IColumn::Offsets & offsets, size_t next_total_rows = total_rows + group_size; group_size += state.num_trailing_defaults; - if (max_rows_to_read && next_total_rows >= max_rows_to_read) + if (next_total_rows >= max_rows_to_read) { /// If it was not last group in granule, /// we have to add current non-default value at further reads. diff --git a/tests/queries/0_stateless/04038_check_table_sparse_tuple_dynamic.reference b/tests/queries/0_stateless/04038_check_table_sparse_tuple_dynamic.reference new file mode 100644 index 000000000000..2027ea099a8b --- /dev/null +++ b/tests/queries/0_stateless/04038_check_table_sparse_tuple_dynamic.reference @@ -0,0 +1 @@ +all_1_1_0 1 diff --git a/tests/queries/0_stateless/04038_check_table_sparse_tuple_dynamic.sql b/tests/queries/0_stateless/04038_check_table_sparse_tuple_dynamic.sql new file mode 100644 index 000000000000..c406eda00b2e --- /dev/null +++ b/tests/queries/0_stateless/04038_check_table_sparse_tuple_dynamic.sql @@ -0,0 +1,12 @@ +-- https://github.com/ClickHouse/ClickHouse/issues/96588 +-- CHECK TABLE on a Tuple with a Dynamic element and a sparse-serialized element +-- used to fail with "Unexpected size of tuple element" because deserializeOffsets +-- in SerializationSparse treated limit=0 as "read everything" instead of "read nothing". + +DROP TABLE IF EXISTS t0; + +CREATE TABLE t0 (c0 Tuple(c1 Dynamic, c2 Tuple(c3 Int))) ENGINE = MergeTree() ORDER BY tuple() SETTINGS min_bytes_for_wide_part = 1, ratio_of_defaults_for_sparse_serialization = 0.9; +INSERT INTO TABLE t0 (c0) SELECT (1, (number, ), ) FROM numbers(1); +CHECK TABLE t0; + +DROP TABLE t0; From c21005c7e4c172dc9e60a9610a7a69ace9dd9c0f Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Tue, 17 Mar 2026 15:38:32 +0000 Subject: [PATCH 073/141] Backport #99036 to 25.8: Fix server crash when dropping a patch part after schema change --- .../MergeTree/PatchParts/PatchPartsUtils.cpp | 8 +++ ...4023_issue_98484_drop_patch_part.reference | 1 + .../04023_issue_98484_drop_patch_part.sh | 65 +++++++++++++++++++ 3 files changed, 74 insertions(+) create mode 100644 tests/queries/0_stateless/04023_issue_98484_drop_patch_part.reference create mode 100755 tests/queries/0_stateless/04023_issue_98484_drop_patch_part.sh diff --git a/src/Storages/MergeTree/PatchParts/PatchPartsUtils.cpp b/src/Storages/MergeTree/PatchParts/PatchPartsUtils.cpp index 15bda514a3d0..e00bd7be6e51 100644 --- a/src/Storages/MergeTree/PatchParts/PatchPartsUtils.cpp +++ b/src/Storages/MergeTree/PatchParts/PatchPartsUtils.cpp @@ -68,6 +68,14 @@ StorageMetadataPtr getPatchPartMetadata(ColumnsDescription patch_part_desc, Cont { StorageInMemoryMetadata part_metadata; + /// Ensure patch part system columns are present. + /// They may be missing when creating empty coverage parts + /// (e.g. DROP PART for a patch part), because createEmptyPart + /// only includes data columns from table metadata. + for (const auto & col : getPatchPartSystemColumns()) + if (!patch_part_desc.has(col.name)) + patch_part_desc.add(ColumnDescription(col.name, col.type)); + /// Use hash of column names to put patch parts with different structure to different partitions. auto part_identifier = std::make_shared("_part"); auto columns_hash = getColumnsHash(patch_part_desc.getNamesOfPhysical()); diff --git a/tests/queries/0_stateless/04023_issue_98484_drop_patch_part.reference b/tests/queries/0_stateless/04023_issue_98484_drop_patch_part.reference new file mode 100644 index 000000000000..d86bac9de59a --- /dev/null +++ b/tests/queries/0_stateless/04023_issue_98484_drop_patch_part.reference @@ -0,0 +1 @@ +OK diff --git a/tests/queries/0_stateless/04023_issue_98484_drop_patch_part.sh b/tests/queries/0_stateless/04023_issue_98484_drop_patch_part.sh new file mode 100755 index 000000000000..c416c1405b33 --- /dev/null +++ b/tests/queries/0_stateless/04023_issue_98484_drop_patch_part.sh @@ -0,0 +1,65 @@ +#!/usr/bin/env bash +# Tags: no-fasttest, no-replicated-database +# Tag no-fasttest: requires lightweight_delete_mode setting + +CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +# shellcheck source=../shell_config.sh +. "$CURDIR"/../shell_config.sh + +# Test for issue #98484: DROP PART on patch part should not crash server. +# The bug was that getPatchPartMetadata() built a partition key expression +# referencing _part column, but the ColumnsDescription passed from +# createEmptyPart() only contained data columns, causing UNKNOWN_IDENTIFIER +# inside a NOEXCEPT_SCOPE which triggered std::terminate(). + +${CLICKHOUSE_CLIENT} --query " + CREATE TABLE t_98484 (c0 Int32, c1 String, c2 Int8) + ENGINE = MergeTree() ORDER BY tuple() + SETTINGS enable_block_offset_column = 1, enable_block_number_column = 1 +" + +${CLICKHOUSE_CLIENT} --query "INSERT INTO t_98484 VALUES (1, 'hello', 10)" +${CLICKHOUSE_CLIENT} --query "INSERT INTO t_98484 VALUES (2, 'world', 20)" +${CLICKHOUSE_CLIENT} --query "INSERT INTO t_98484 VALUES (3, 'test', 30)" + +# Create patch parts via lightweight delete +${CLICKHOUSE_CLIENT} --query "SET lightweight_delete_mode = 'lightweight_update_force'; DELETE FROM t_98484 WHERE c0 = 1" + +# Wait for mutations to complete +for _ in $(seq 1 30); do + result=$(${CLICKHOUSE_CLIENT} --query "SELECT count() FROM system.parts WHERE database = currentDatabase() AND table = 't_98484' AND name LIKE 'patch-%' AND active = 1") + if [ "$result" -ge 1 ]; then + break + fi + sleep 0.5 +done + +# Add column to change columns description (original trigger condition) +${CLICKHOUSE_CLIENT} --query "ALTER TABLE t_98484 ADD COLUMN c9 Nullable(Bool)" + +# Get the first active patch part name +PATCH_PART=$(${CLICKHOUSE_CLIENT} --query " + SELECT name FROM system.parts + WHERE database = currentDatabase() AND table = 't_98484' + AND name LIKE 'patch-%' AND active = 1 + ORDER BY name LIMIT 1 +") + +if [ -z "$PATCH_PART" ]; then + echo "FAIL: No patch parts found" + exit 1 +fi + +# DROP PART on the patch part - this should not crash the server +${CLICKHOUSE_CLIENT} --query "ALTER TABLE t_98484 DROP PART '$PATCH_PART'" 2>&1 + +# Verify server is still alive +${CLICKHOUSE_CLIENT} --query "SELECT 1" > /dev/null 2>&1 +if [ $? -ne 0 ]; then + echo "FAIL: Server crashed" + exit 1 +fi + +echo "OK" + +${CLICKHOUSE_CLIENT} --query "DROP TABLE t_98484" From 3c25b7f64554646911644d01baa42212d15929ae Mon Sep 17 00:00:00 2001 From: Pavel Kruglov <48961922+Avogar@users.noreply.github.com> Date: Wed, 18 Mar 2026 14:17:56 +0100 Subject: [PATCH 074/141] Update 04038_check_table_sparse_tuple_dynamic.reference --- .../04038_check_table_sparse_tuple_dynamic.reference | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/queries/0_stateless/04038_check_table_sparse_tuple_dynamic.reference b/tests/queries/0_stateless/04038_check_table_sparse_tuple_dynamic.reference index 2027ea099a8b..970376aa3410 100644 --- a/tests/queries/0_stateless/04038_check_table_sparse_tuple_dynamic.reference +++ b/tests/queries/0_stateless/04038_check_table_sparse_tuple_dynamic.reference @@ -1 +1 @@ -all_1_1_0 1 +1 From cedb4935c28957326597a88d179a76053cdc9587 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Wed, 18 Mar 2026 13:46:11 +0000 Subject: [PATCH 075/141] Backport #99739 to 25.8: Fix logical error with datalakes tables iteration --- src/Databases/DataLake/DatabaseDataLake.cpp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/Databases/DataLake/DatabaseDataLake.cpp b/src/Databases/DataLake/DatabaseDataLake.cpp index 15ca4b9dd3e7..6dc569d63db5 100644 --- a/src/Databases/DataLake/DatabaseDataLake.cpp +++ b/src/Databases/DataLake/DatabaseDataLake.cpp @@ -522,8 +522,12 @@ DatabaseTablesIteratorPtr DatabaseDataLake::getTablesIterator( if (filter_by_table_name && !filter_by_table_name(table_name)) continue; - [[maybe_unused]] bool inserted = tables.emplace(table_name, futures[future_index].get()).second; - chassert(inserted); + auto table_ptr = futures[future_index].get(); + if (table_ptr) + { + [[maybe_unused]] bool inserted = tables.emplace(table_name, table_ptr).second; + chassert(inserted); + } future_index++; } return std::make_unique(tables, getDatabaseName()); From 30bab730a702633ef8e797906e1939e567b2d6f9 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Wed, 18 Mar 2026 17:35:29 +0000 Subject: [PATCH 076/141] Backport #99678 to 25.8: Fix incorrect seek in AsynchronousReadBufferFromFileDescriptor with O_DIRECT --- ...ynchronousReadBufferFromFileDescriptor.cpp | 9 +++-- ...AsynchronousReadBufferFromFileDescriptor.h | 2 +- ...4041_variant_read_with_direct_io.reference | 3 ++ .../04041_variant_read_with_direct_io.sh | 37 +++++++++++++++++++ 4 files changed, 47 insertions(+), 4 deletions(-) create mode 100644 tests/queries/0_stateless/04041_variant_read_with_direct_io.reference create mode 100755 tests/queries/0_stateless/04041_variant_read_with_direct_io.sh diff --git a/src/IO/AsynchronousReadBufferFromFileDescriptor.cpp b/src/IO/AsynchronousReadBufferFromFileDescriptor.cpp index c3ffa173cac3..ce8d3aa7091a 100644 --- a/src/IO/AsynchronousReadBufferFromFileDescriptor.cpp +++ b/src/IO/AsynchronousReadBufferFromFileDescriptor.cpp @@ -209,7 +209,7 @@ off_t AsynchronousReadBufferFromFileDescriptor::seek(off_t offset, int whence) } else if (whence == SEEK_CUR) { - new_pos = file_offset_of_buffer_end - (working_buffer.end() - pos) + offset; + new_pos = static_cast(getPosition()) + offset; } else { @@ -217,13 +217,15 @@ off_t AsynchronousReadBufferFromFileDescriptor::seek(off_t offset, int whence) } /// Position is unchanged. - if (new_pos + (working_buffer.end() - pos) == file_offset_of_buffer_end) + if (new_pos == static_cast(getPosition())) return new_pos; bool read_from_prefetch = false; while (true) { - if (file_offset_of_buffer_end - working_buffer.size() <= new_pos && new_pos <= file_offset_of_buffer_end) + if (bytes_to_ignore == 0 + && file_offset_of_buffer_end - working_buffer.size() <= new_pos + && new_pos <= file_offset_of_buffer_end) { /// Position is still inside the buffer. /// Probably it is at the end of the buffer - then we will load data on the following 'next' call. @@ -289,6 +291,7 @@ void AsynchronousReadBufferFromFileDescriptor::rewind() working_buffer.resize(0); pos = working_buffer.begin(); file_offset_of_buffer_end = 0; + bytes_to_ignore = 0; } std::optional AsynchronousReadBufferFromFileDescriptor::tryGetFileSize() diff --git a/src/IO/AsynchronousReadBufferFromFileDescriptor.h b/src/IO/AsynchronousReadBufferFromFileDescriptor.h index e15a41474256..fe4fa55d886f 100644 --- a/src/IO/AsynchronousReadBufferFromFileDescriptor.h +++ b/src/IO/AsynchronousReadBufferFromFileDescriptor.h @@ -62,7 +62,7 @@ class AsynchronousReadBufferFromFileDescriptor : public ReadBufferFromFileBase off_t getPosition() override { - return file_offset_of_buffer_end - (working_buffer.end() - pos); + return file_offset_of_buffer_end - (working_buffer.end() - pos) + bytes_to_ignore; } /// If 'offset' is small enough to stay in buffer after seek, then true seek in file does not happen. diff --git a/tests/queries/0_stateless/04041_variant_read_with_direct_io.reference b/tests/queries/0_stateless/04041_variant_read_with_direct_io.reference new file mode 100644 index 000000000000..3cd40e317c88 --- /dev/null +++ b/tests/queries/0_stateless/04041_variant_read_with_direct_io.reference @@ -0,0 +1,3 @@ +500000 +100000 +100000 diff --git a/tests/queries/0_stateless/04041_variant_read_with_direct_io.sh b/tests/queries/0_stateless/04041_variant_read_with_direct_io.sh new file mode 100755 index 000000000000..d50fa6d943b2 --- /dev/null +++ b/tests/queries/0_stateless/04041_variant_read_with_direct_io.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash +# Tags: long + +# Regression test for incorrect seek in AsynchronousReadBufferFromFileDescriptor +# with O_DIRECT (min_bytes_to_use_direct_io=1). The bug was that getPosition() +# and seek NOOP/in-buffer checks did not account for bytes_to_ignore set by +# O_DIRECT alignment, causing corrupted reads of Variant subcolumns. + +CUR_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +# shellcheck source=../shell_config.sh +. "$CUR_DIR"/../shell_config.sh + +CH_CLIENT="$CLICKHOUSE_CLIENT --allow_suspicious_variant_types=1 --max_threads 2 --min_bytes_to_use_direct_io 1" + +$CH_CLIENT -q "drop table if exists test_variant_direct_io;" + +$CH_CLIENT -q "create table test_variant_direct_io (id UInt64, v Variant(String, UInt64, LowCardinality(String), Tuple(a UInt32, b UInt32), Array(UInt64))) engine=MergeTree order by id settings min_rows_for_wide_part=1, min_bytes_for_wide_part=1, index_granularity_bytes=10485760, index_granularity=8192;" + +$CH_CLIENT -mq "insert into test_variant_direct_io select number, NULL from numbers(100000); +insert into test_variant_direct_io select number + 100000, number from numbers(100000); +insert into test_variant_direct_io select number + 200000, ('str_' || toString(number))::Variant(String) from numbers(100000); +insert into test_variant_direct_io select number + 300000, ('lc_str_' || toString(number))::LowCardinality(String) from numbers(100000); +insert into test_variant_direct_io select number + 400000, tuple(number, number + 1)::Tuple(a UInt32, b UInt32) from numbers(100000); +insert into test_variant_direct_io select number + 500000, range(number % 20 + 1)::Array(UInt64) from numbers(100000);" + +$CH_CLIENT -q "optimize table test_variant_direct_io final settings mutations_sync=1;" + +# Without the fix, reading v.String here would fail with: +# "Size of deserialized variant column less than the limit" +$CH_CLIENT -q "select v.String from test_variant_direct_io format Null;" + +# Also check that subcolumn reads return the correct count +$CH_CLIENT -q "select count() from test_variant_direct_io where v is not null;" +$CH_CLIENT -q "select count() from test_variant_direct_io where v.String is not null;" +$CH_CLIENT -q "select count() from test_variant_direct_io where v.UInt64 is not null;" + +$CH_CLIENT -q "drop table test_variant_direct_io;" From 009f461597f973a0e0a0d43c0455e752e53eb719 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Wed, 18 Mar 2026 18:33:41 +0000 Subject: [PATCH 077/141] Backport #99587 to 25.8: Prune unused columns from ARRAY JOIN --- .../Passes/PruneArrayJoinColumnsPass.cpp | 441 ++++++++++++++++++ .../Passes/PruneArrayJoinColumnsPass.h | 34 ++ src/Analyzer/QueryTreePassManager.cpp | 2 + ...03285_analyzer_array_join_nested.reference | 26 +- .../04039_prune_array_join_columns.reference | 242 ++++++++++ .../04039_prune_array_join_columns.sql | 52 +++ 6 files changed, 783 insertions(+), 14 deletions(-) create mode 100644 src/Analyzer/Passes/PruneArrayJoinColumnsPass.cpp create mode 100644 src/Analyzer/Passes/PruneArrayJoinColumnsPass.h create mode 100644 tests/queries/0_stateless/04039_prune_array_join_columns.reference create mode 100644 tests/queries/0_stateless/04039_prune_array_join_columns.sql diff --git a/src/Analyzer/Passes/PruneArrayJoinColumnsPass.cpp b/src/Analyzer/Passes/PruneArrayJoinColumnsPass.cpp new file mode 100644 index 000000000000..610384caa5b2 --- /dev/null +++ b/src/Analyzer/Passes/PruneArrayJoinColumnsPass.cpp @@ -0,0 +1,441 @@ +#include + +#include +#include +#include +#include +#include +#include +#include + +#include + +#include +#include + +#include + +#include + +namespace DB +{ + +namespace Setting +{ + +extern const SettingsBool enable_unaligned_array_join; + +} + +namespace +{ + +/// Per-expression usage state inside a single ARRAY JOIN node. +struct ExpressionUsage +{ + /// True when the expression is referenced directly (not via tupleElement), + /// meaning all subcolumns are needed, or it has no nested() inner function. + bool fully_used = false; + + /// Used subcolumn names (only meaningful for nested() expressions). + std::unordered_set used_subcolumns; + + /// Subcolumn names from the nested() first argument. Empty if not a nested() expression. + std::vector nested_subcolumn_names; + + bool hasNested() const { return !nested_subcolumn_names.empty(); } + + bool isUsed() const { return fully_used || !used_subcolumns.empty(); } +}; + +/// Key: (ArrayJoinNode raw ptr, column name) → ExpressionUsage. +using ArrayJoinUsageMap = std::unordered_map>; + +/// Set of ArrayJoinNode raw pointers that we are tracking. +using ArrayJoinNodeSet = std::unordered_set; + +/// Map: (ArrayJoinNode raw ptr, column name) → post-pruning column DataType. +using UpdatedTypeMap = std::unordered_map>; + +/// Visitor that marks which ARRAY JOIN expressions and nested subcolumns are used. +class MarkUsedArrayJoinColumnsVisitor : public InDepthQueryTreeVisitorWithContext +{ +public: + using Base = InDepthQueryTreeVisitorWithContext; + + MarkUsedArrayJoinColumnsVisitor(ContextPtr context_, ArrayJoinUsageMap & usage_map_, const ArrayJoinNodeSet & tracked_nodes_) + : Base(std::move(context_)) + , usage_map(usage_map_) + , tracked_nodes(tracked_nodes_) + { + } + + bool needChildVisit(QueryTreeNodePtr & parent, QueryTreeNodePtr & child) + { + /// Skip visiting the join expressions list of a tracked ARRAY JOIN node — + /// those are the expression definitions, not references. + if (tracked_nodes.contains(parent.get())) + { + auto * array_join_node = parent->as(); + if (array_join_node && child.get() == array_join_node->getJoinExpressionsNode().get()) + return false; + } + + /// If the parent is tupleElement whose first argument is a column from a tracked + /// ARRAY JOIN, skip visiting children — enterImpl already handles the tupleElement + /// by marking only the specific subcolumn. + auto * function_node = parent->as(); + if (function_node && function_node->getFunctionName() == "tupleElement") + { + const auto & arguments = function_node->getArguments().getNodes(); + if (arguments.size() >= 2) + { + if (auto * column_node = arguments[0]->as()) + { + auto source = column_node->getColumnSourceOrNull(); + if (source && tracked_nodes.contains(source.get())) + return false; + } + } + } + + return true; + } + + void enterImpl(const QueryTreeNodePtr & node) + { + /// Case 1: tupleElement(array_join_col, 'subcolumn_name') — mark specific subcolumn. + if (auto * function_node = node->as()) + { + if (function_node->getFunctionName() != "tupleElement") + return; + + const auto & arguments = function_node->getArguments().getNodes(); + if (arguments.size() < 2) + return; + + auto * column_node = arguments[0]->as(); + auto * constant_node = arguments[1]->as(); + if (!column_node || !constant_node) + return; + + auto source = column_node->getColumnSourceOrNull(); + if (!source || !tracked_nodes.contains(source.get())) + return; + + auto map_it = usage_map.find(source.get()); + if (map_it == usage_map.end()) + return; + + auto expr_it = map_it->second.find(column_node->getColumnName()); + if (expr_it == map_it->second.end() || expr_it->second.fully_used) + return; + + if (expr_it->second.hasNested()) + { + const auto & value = constant_node->getValue(); + if (value.getType() == Field::Types::String) + { + expr_it->second.used_subcolumns.insert(value.safeGet()); + } + else if (value.getType() == Field::Types::UInt64) + { + /// tupleElement uses 1-based indexing. + UInt64 index = value.safeGet(); + if (index >= 1 && index <= expr_it->second.nested_subcolumn_names.size()) + expr_it->second.used_subcolumns.insert(expr_it->second.nested_subcolumn_names[index - 1]); + else + expr_it->second.fully_used = true; + } + else + { + expr_it->second.fully_used = true; + } + } + else + expr_it->second.fully_used = true; + + return; + } + + /// Case 2: direct reference to an ARRAY JOIN column — mark fully used. + auto * column_node = node->as(); + if (!column_node) + return; + + auto source = column_node->getColumnSourceOrNull(); + if (!source || !tracked_nodes.contains(source.get())) + return; + + auto map_it = usage_map.find(source.get()); + if (map_it == usage_map.end()) + return; + + auto expr_it = map_it->second.find(column_node->getColumnName()); + if (expr_it != map_it->second.end()) + expr_it->second.fully_used = true; + } + +private: + ArrayJoinUsageMap & usage_map; + const ArrayJoinNodeSet & tracked_nodes; +}; + +void pruneNestedFunctionArguments( + ColumnNode & column_node, + FunctionNode & function_node, + const ExpressionUsage & expr_usage, + const ContextPtr & context) +{ + auto & nested_args = function_node.getArguments().getNodes(); + const auto & subcolumn_names = expr_usage.nested_subcolumn_names; + size_t num_subcolumns = subcolumn_names.size(); + + /// Find which indices to keep. + std::vector indices_to_keep; + for (size_t i = 0; i < num_subcolumns; ++i) + { + if (expr_usage.used_subcolumns.contains(subcolumn_names[i])) + indices_to_keep.push_back(i); + } + + /// Nothing to prune. + if (indices_to_keep.size() == num_subcolumns) + return; + + /// Keep at least one subcolumn so the expression remains valid. + if (indices_to_keep.empty()) + indices_to_keep.push_back(0); + + /// Build pruned names array and arguments. + Array pruned_names_array; + QueryTreeNodes pruned_args; + pruned_names_array.reserve(indices_to_keep.size()); + pruned_args.reserve(indices_to_keep.size() + 1); + + for (size_t idx : indices_to_keep) + pruned_names_array.push_back(subcolumn_names[idx]); + + auto pruned_names_type = std::make_shared(std::make_shared()); + pruned_args.push_back(std::make_shared(std::move(pruned_names_array), std::move(pruned_names_type))); + + for (size_t idx : indices_to_keep) + pruned_args.push_back(nested_args[idx + 1]); /// +1: first arg is the names array. + + nested_args = std::move(pruned_args); + + /// Re-resolve the function to update its return type. + auto nested_function = FunctionFactory::instance().get("nested", context); + function_node.resolveAsFunction(nested_function->build(function_node.getArgumentColumns())); + + /// Update the ARRAY JOIN column node's type to match the new result. + auto new_result_type = function_node.getResultType(); + auto new_column_type = assert_cast(*new_result_type).getNestedType(); + column_node.setColumnType(std::move(new_column_type)); +} + +/// Visitor that updates reference ColumnNode types and re-resolves tupleElement functions +/// after nested() arguments have been pruned. +class UpdateArrayJoinReferenceTypesVisitor : public InDepthQueryTreeVisitorWithContext +{ +public: + using Base = InDepthQueryTreeVisitorWithContext; + + UpdateArrayJoinReferenceTypesVisitor( + ContextPtr context_, + const UpdatedTypeMap & updated_types_, + const ArrayJoinNodeSet & tracked_nodes_) + : Base(std::move(context_)) + , updated_types(updated_types_) + , tracked_nodes(tracked_nodes_) + { + } + + void enterImpl(const QueryTreeNodePtr & node) + { + auto * function_node = node->as(); + if (!function_node || function_node->getFunctionName() != "tupleElement") + return; + + const auto & arguments = function_node->getArguments().getNodes(); + if (arguments.size() < 2) + return; + + auto * column_node = arguments[0]->as(); + if (!column_node) + return; + + auto source = column_node->getColumnSourceOrNull(); + if (!source || !tracked_nodes.contains(source.get())) + return; + + auto node_it = updated_types.find(source.get()); + if (node_it == updated_types.end()) + return; + + auto type_it = node_it->second.find(column_node->getColumnName()); + if (type_it == node_it->second.end()) + return; + + const auto & new_type = type_it->second; + if (column_node->getColumnType()->equals(*new_type)) + return; + + column_node->setColumnType(new_type); + + auto tuple_element_function = FunctionFactory::instance().get("tupleElement", getContext()); + function_node->resolveAsFunction(tuple_element_function->build(function_node->getArgumentColumns())); + } + +private: + const UpdatedTypeMap & updated_types; + const ArrayJoinNodeSet & tracked_nodes; +}; + +} + +void PruneArrayJoinColumnsPass::run(QueryTreeNodePtr & query_tree_node, ContextPtr context) +{ + auto * top_query_node = query_tree_node->as(); + if (!top_query_node) + return; + + const auto & settings = context->getSettingsRef(); + if (settings[Setting::enable_unaligned_array_join]) + return; + + /// Step 1: Find all ARRAY JOIN nodes and build the usage map. + ArrayJoinUsageMap usage_map; + ArrayJoinNodeSet tracked_nodes; + + auto table_expressions = extractTableExpressions(top_query_node->getJoinTree(), /*add_array_join=*/ true); + for (const auto & table_expr : table_expressions) + { + auto * array_join_node = table_expr->as(); + if (!array_join_node) + continue; + + auto & expressions_usage = usage_map[table_expr.get()]; + + for (const auto & join_expr : array_join_node->getJoinExpressions().getNodes()) + { + auto * column_node = join_expr->as(); + if (!column_node || !column_node->hasExpression()) + continue; + + ExpressionUsage expr_usage; + + auto * function_node = column_node->getExpression()->as(); + if (function_node && function_node->getFunctionName() == "nested") + { + const auto & args = function_node->getArguments().getNodes(); + if (args.size() >= 2) + { + if (auto * names_constant = args[0]->as()) + { + const auto & names_array = names_constant->getValue().safeGet(); + for (const auto & name : names_array) + expr_usage.nested_subcolumn_names.push_back(name.safeGet()); + } + } + } + + expressions_usage[column_node->getColumnName()] = std::move(expr_usage); + } + + if (!expressions_usage.empty()) + tracked_nodes.insert(table_expr.get()); + } + + if (tracked_nodes.empty()) + return; + + /// Step 2: Mark used expressions and subcolumns. + MarkUsedArrayJoinColumnsVisitor visitor(context, usage_map, tracked_nodes); + visitor.visit(query_tree_node); + + /// Step 3: Prune. + UpdatedTypeMap updated_types; + + for (auto & [node_ptr, expressions_usage] : usage_map) + { + /// Find the ArrayJoinNode among our table_expressions. + ArrayJoinNode * array_join_node = nullptr; + for (const auto & te : table_expressions) + { + if (te.get() == node_ptr) + { + array_join_node = te->as(); + break; + } + } + if (!array_join_node) + continue; + + auto & join_expressions = array_join_node->getJoinExpressions().getNodes(); + + /// 3a: Remove entire unused ARRAY JOIN expressions. + { + QueryTreeNodes kept; + kept.reserve(join_expressions.size()); + + for (auto & join_expr : join_expressions) + { + auto * column_node = join_expr->as(); + if (!column_node) + { + kept.push_back(std::move(join_expr)); + continue; + } + + auto expr_it = expressions_usage.find(column_node->getColumnName()); + if (expr_it == expressions_usage.end() || expr_it->second.isUsed()) + kept.push_back(std::move(join_expr)); + } + + /// Keep at least one expression to preserve row multiplication. + if (kept.empty() && !join_expressions.empty()) + kept.push_back(std::move(join_expressions[0])); + + join_expressions = std::move(kept); + } + + /// 3b: Prune unused nested() subcolumn arguments. + for (auto & join_expr : join_expressions) + { + auto * column_node = join_expr->as(); + if (!column_node || !column_node->hasExpression()) + continue; + + auto expr_it = expressions_usage.find(column_node->getColumnName()); + if (expr_it == expressions_usage.end()) + continue; + + auto & expr_usage = expr_it->second; + if (expr_usage.fully_used || !expr_usage.hasNested()) + continue; + + auto * function_node = column_node->getExpression()->as(); + if (!function_node) + continue; + + pruneNestedFunctionArguments(*column_node, *function_node, expr_usage, context); + } + + /// Collect post-pruning types for step 3c. + auto & type_map = updated_types[node_ptr]; + for (const auto & join_expr : join_expressions) + { + auto * col_node = join_expr->as(); + if (!col_node) + continue; + type_map[col_node->getColumnName()] = col_node->getColumnType(); + } + } + + /// 3c: Update types of reference ColumnNodes and re-resolve tupleElement functions. + UpdateArrayJoinReferenceTypesVisitor type_updater(context, updated_types, tracked_nodes); + type_updater.visit(query_tree_node); +} + +} diff --git a/src/Analyzer/Passes/PruneArrayJoinColumnsPass.h b/src/Analyzer/Passes/PruneArrayJoinColumnsPass.h new file mode 100644 index 000000000000..f265f2743346 --- /dev/null +++ b/src/Analyzer/Passes/PruneArrayJoinColumnsPass.h @@ -0,0 +1,34 @@ +#pragma once + +#include + +namespace DB +{ + +/** Prune unused ARRAY JOIN expressions and unused subcolumns from `nested()` functions. + * + * 1. If ARRAY JOIN has multiple expressions and some are not referenced + * anywhere in the query, remove the unused expressions. + * + * 2. When a Nested column is used in ARRAY JOIN, the analyzer creates a `nested()` + * function with ALL subcolumns as arguments. This pass removes arguments that + * are not referenced, so that only the needed subcolumns are read from storage. + * + * Example 1: SELECT b FROM t ARRAY JOIN a, b => ARRAY JOIN b + * + * Example 2: Table has n.a, n.b, n.c. + * SELECT n.a FROM t ARRAY JOIN n + * Before: ARRAY JOIN nested(['a','b','c'], n.a, n.b, n.c) AS n + * After: ARRAY JOIN nested(['a'], n.a) AS n + */ +class PruneArrayJoinColumnsPass final : public IQueryTreePass +{ +public: + String getName() override { return "PruneArrayJoinColumns"; } + + String getDescription() override { return "Prune unused ARRAY JOIN expressions and nested() subcolumns"; } + + void run(QueryTreeNodePtr & query_tree_node, ContextPtr context) override; +}; + +} diff --git a/src/Analyzer/QueryTreePassManager.cpp b/src/Analyzer/QueryTreePassManager.cpp index a818ad348020..c510d1e84270 100644 --- a/src/Analyzer/QueryTreePassManager.cpp +++ b/src/Analyzer/QueryTreePassManager.cpp @@ -39,6 +39,7 @@ #include #include #include +#include #include #include #include @@ -260,6 +261,7 @@ void addQueryTreePasses(QueryTreePassManager & manager, bool only_analyze) /// This pass should be run for the secondary queries /// to ensure that the only required columns are read from VIEWs on the shards. manager.addPass(std::make_unique()); + manager.addPass(std::make_unique()); manager.addPass(std::make_unique()); diff --git a/tests/queries/0_stateless/03285_analyzer_array_join_nested.reference b/tests/queries/0_stateless/03285_analyzer_array_join_nested.reference index bd66e2daf4d5..787a1d8c2fa2 100644 --- a/tests/queries/0_stateless/03285_analyzer_array_join_nested.reference +++ b/tests/queries/0_stateless/03285_analyzer_array_join_nested.reference @@ -12,7 +12,7 @@ QUERY id: 0 FUNCTION id: 2, function_name: tupleElement, function_type: ordinary, result_type: String ARGUMENTS LIST id: 3, nodes: 2 - COLUMN id: 4, column_name: __array_join_exp_1, result_type: Tuple(names String, values Int64), source_id: 5 + COLUMN id: 4, column_name: __array_join_exp_1, result_type: Tuple(names String), source_id: 5 CONSTANT id: 6, constant_value: \'names\', constant_value_type: String JOIN TREE ARRAY_JOIN id: 5, is_left: 0 @@ -20,18 +20,17 @@ QUERY id: 0 TABLE id: 7, alias: __table2, table_name: default.hourly JOIN EXPRESSIONS LIST id: 8, nodes: 1 - COLUMN id: 9, alias: __array_join_exp_1, column_name: __array_join_exp_1, result_type: Tuple(names String, values Int64), source_id: 5 + COLUMN id: 9, alias: __array_join_exp_1, column_name: __array_join_exp_1, result_type: Tuple(names String), source_id: 5 EXPRESSION - FUNCTION id: 10, function_name: nested, function_type: ordinary, result_type: Array(Tuple(names String, values Int64)) + FUNCTION id: 10, function_name: nested, function_type: ordinary, result_type: Array(Tuple(names String)) ARGUMENTS - LIST id: 11, nodes: 3 - CONSTANT id: 12, constant_value: Array_[\'names\', \'values\'], constant_value_type: Array(String) + LIST id: 11, nodes: 2 + CONSTANT id: 12, constant_value: Array_[\'names\'], constant_value_type: Array(String) COLUMN id: 13, column_name: metric.names, result_type: Array(String), source_id: 7 - COLUMN id: 14, column_name: metric.values, result_type: Array(Int64), source_id: 7 SELECT tupleElement(__array_join_exp_1, \'names\') AS `metric.names` FROM default.hourly AS __table2 -ARRAY JOIN nested(_CAST([\'names\', \'values\'], \'Array(String)\'), __table2.`metric.names`, __table2.`metric.values`) AS __array_join_exp_1 +ARRAY JOIN nested(_CAST([\'names\'], \'Array(String)\'), __table2.`metric.names`) AS __array_join_exp_1 explain query tree dump_ast = 1 SELECT metric.names @@ -44,7 +43,7 @@ QUERY id: 0 FUNCTION id: 2, function_name: tupleElement, function_type: ordinary, result_type: String ARGUMENTS LIST id: 3, nodes: 2 - COLUMN id: 4, column_name: __array_join_exp_1, result_type: Tuple(names String, values Int64), source_id: 5 + COLUMN id: 4, column_name: __array_join_exp_1, result_type: Tuple(names String), source_id: 5 CONSTANT id: 6, constant_value: \'names\', constant_value_type: String JOIN TREE ARRAY_JOIN id: 5, is_left: 0 @@ -52,18 +51,17 @@ QUERY id: 0 TABLE id: 7, alias: __table2, table_name: default.hourly JOIN EXPRESSIONS LIST id: 8, nodes: 1 - COLUMN id: 9, alias: __array_join_exp_1, column_name: __array_join_exp_1, result_type: Tuple(names String, values Int64), source_id: 5 + COLUMN id: 9, alias: __array_join_exp_1, column_name: __array_join_exp_1, result_type: Tuple(names String), source_id: 5 EXPRESSION - FUNCTION id: 10, function_name: nested, function_type: ordinary, result_type: Array(Tuple(names String, values Int64)) + FUNCTION id: 10, function_name: nested, function_type: ordinary, result_type: Array(Tuple(names String)) ARGUMENTS - LIST id: 11, nodes: 3 - CONSTANT id: 12, constant_value: Array_[\'names\', \'values\'], constant_value_type: Array(String) + LIST id: 11, nodes: 2 + CONSTANT id: 12, constant_value: Array_[\'names\'], constant_value_type: Array(String) COLUMN id: 13, column_name: metric.names, result_type: Array(String), source_id: 7 - COLUMN id: 14, column_name: metric.values, result_type: Array(Int64), source_id: 7 SELECT tupleElement(__array_join_exp_1, \'names\') AS `metric.names` FROM default.hourly AS __table2 -ARRAY JOIN nested(_CAST([\'names\', \'values\'], \'Array(String)\'), __table2.`metric.names`, __table2.`metric.values`) AS __array_join_exp_1 +ARRAY JOIN nested(_CAST([\'names\'], \'Array(String)\'), __table2.`metric.names`) AS __array_join_exp_1 -- { echoOn } SELECT nested(['click', 'house'], x.b.first, x.b.second) AS n, toTypeName(n) FROM tab; diff --git a/tests/queries/0_stateless/04039_prune_array_join_columns.reference b/tests/queries/0_stateless/04039_prune_array_join_columns.reference new file mode 100644 index 000000000000..66b8a189b808 --- /dev/null +++ b/tests/queries/0_stateless/04039_prune_array_join_columns.reference @@ -0,0 +1,242 @@ +1 +2 +QUERY id: 0 + PROJECTION COLUMNS + n.a Int64 + PROJECTION + LIST id: 1, nodes: 1 + FUNCTION id: 2, function_name: tupleElement, function_type: ordinary, result_type: Int64 + ARGUMENTS + LIST id: 3, nodes: 2 + COLUMN id: 4, column_name: __array_join_exp_1, result_type: Tuple(a Int64), source_id: 5 + CONSTANT id: 6, constant_value: \'a\', constant_value_type: String + JOIN TREE + ARRAY_JOIN id: 5, is_left: 0 + TABLE EXPRESSION + TABLE id: 7, alias: __table2, table_name: default.t_nested + JOIN EXPRESSIONS + LIST id: 8, nodes: 1 + COLUMN id: 9, alias: __array_join_exp_1, column_name: __array_join_exp_1, result_type: Tuple(a Int64), source_id: 5 + EXPRESSION + FUNCTION id: 10, function_name: nested, function_type: ordinary, result_type: Array(Tuple(a Int64)) + ARGUMENTS + LIST id: 11, nodes: 2 + CONSTANT id: 12, constant_value: Array_[\'a\'], constant_value_type: Array(String) + COLUMN id: 13, column_name: n.a, result_type: Array(Int64), source_id: 7 + ORDER BY + LIST id: 14, nodes: 1 + SORT id: 15, sort_direction: ASCENDING, with_fill: 0 + EXPRESSION n.a + FUNCTION id: 16, function_name: tupleElement, function_type: ordinary, result_type: Int64 + ARGUMENTS + LIST id: 17, nodes: 2 + COLUMN id: 18, column_name: __array_join_exp_1, result_type: Tuple(a Int64), source_id: 5 + CONSTANT id: 19, constant_value: \'a\', constant_value_type: String +Expression (Project names) +Header: n.a Int64 + Sorting (Sorting for ORDER BY) + Header: tupleElement(__array_join_exp_1, \'a\'_String) Int64 + Expression ((Before ORDER BY + Projection)) + Header: tupleElement(__array_join_exp_1, \'a\'_String) Int64 + ArrayJoin (ARRAY JOIN) + Header: __array_join_exp_1 Tuple(a Int64) + Expression ((DROP unused columns before ARRAY JOIN + (ARRAY JOIN actions + Change column names to column identifiers))) + Header: __array_join_exp_1 Array(Tuple(a Int64)) + ReadFromMergeTree (default.t_nested) + Header: n.a Array(Int64) +1 3 +2 4 +QUERY id: 0 + PROJECTION COLUMNS + n.a Int64 + n.b Int64 + PROJECTION + LIST id: 1, nodes: 2 + FUNCTION id: 2, function_name: tupleElement, function_type: ordinary, result_type: Int64 + ARGUMENTS + LIST id: 3, nodes: 2 + COLUMN id: 4, column_name: __array_join_exp_1, result_type: Tuple(a Int64, b Int64), source_id: 5 + CONSTANT id: 6, constant_value: \'a\', constant_value_type: String + FUNCTION id: 7, function_name: tupleElement, function_type: ordinary, result_type: Int64 + ARGUMENTS + LIST id: 8, nodes: 2 + COLUMN id: 9, column_name: __array_join_exp_1, result_type: Tuple(a Int64, b Int64), source_id: 5 + CONSTANT id: 10, constant_value: \'b\', constant_value_type: String + JOIN TREE + ARRAY_JOIN id: 5, is_left: 0 + TABLE EXPRESSION + TABLE id: 11, alias: __table2, table_name: default.t_nested + JOIN EXPRESSIONS + LIST id: 12, nodes: 1 + COLUMN id: 13, alias: __array_join_exp_1, column_name: __array_join_exp_1, result_type: Tuple(a Int64, b Int64), source_id: 5 + EXPRESSION + FUNCTION id: 14, function_name: nested, function_type: ordinary, result_type: Array(Tuple(a Int64, b Int64)) + ARGUMENTS + LIST id: 15, nodes: 3 + CONSTANT id: 16, constant_value: Array_[\'a\', \'b\'], constant_value_type: Array(String) + COLUMN id: 17, column_name: n.a, result_type: Array(Int64), source_id: 11 + COLUMN id: 18, column_name: n.b, result_type: Array(Int64), source_id: 11 + ORDER BY + LIST id: 19, nodes: 1 + SORT id: 20, sort_direction: ASCENDING, with_fill: 0 + EXPRESSION n.a + FUNCTION id: 21, function_name: tupleElement, function_type: ordinary, result_type: Int64 + ARGUMENTS + LIST id: 22, nodes: 2 + COLUMN id: 23, column_name: __array_join_exp_1, result_type: Tuple(a Int64, b Int64), source_id: 5 + CONSTANT id: 24, constant_value: \'a\', constant_value_type: String +Expression ((Project names + (Before ORDER BY + Projection) [lifted up part])) +Header: n.a Int64 + n.b Int64 + Sorting (Sorting for ORDER BY) + Header: __array_join_exp_1 Tuple(a Int64, b Int64) + tupleElement(__array_join_exp_1, \'a\'_String) Int64 + Expression ((Before ORDER BY + Projection)) + Header: __array_join_exp_1 Tuple(a Int64, b Int64) + tupleElement(__array_join_exp_1, \'a\'_String) Int64 + ArrayJoin (ARRAY JOIN) + Header: __array_join_exp_1 Tuple(a Int64, b Int64) + Expression ((DROP unused columns before ARRAY JOIN + (ARRAY JOIN actions + Change column names to column identifiers))) + Header: __array_join_exp_1 Array(Tuple(a Int64, b Int64)) + ReadFromMergeTree (default.t_nested) + Header: n.a Array(Int64) + n.b Array(Int64) +(1,3,5) +(2,4,6) +QUERY id: 0 + PROJECTION COLUMNS + n Tuple(a Int64, b Int64, c Int64) + PROJECTION + LIST id: 1, nodes: 1 + COLUMN id: 2, column_name: __array_join_exp_1, result_type: Tuple(a Int64, b Int64, c Int64), source_id: 3 + JOIN TREE + ARRAY_JOIN id: 3, is_left: 0 + TABLE EXPRESSION + TABLE id: 4, alias: __table2, table_name: default.t_nested + JOIN EXPRESSIONS + LIST id: 5, nodes: 1 + COLUMN id: 6, alias: __array_join_exp_1, column_name: __array_join_exp_1, result_type: Tuple(a Int64, b Int64, c Int64), source_id: 3 + EXPRESSION + FUNCTION id: 7, function_name: nested, function_type: ordinary, result_type: Array(Tuple(a Int64, b Int64, c Int64)) + ARGUMENTS + LIST id: 8, nodes: 4 + CONSTANT id: 9, constant_value: Array_[\'a\', \'b\', \'c\'], constant_value_type: Array(String) + COLUMN id: 10, column_name: n.a, result_type: Array(Int64), source_id: 4 + COLUMN id: 11, column_name: n.b, result_type: Array(Int64), source_id: 4 + COLUMN id: 12, column_name: n.c, result_type: Array(Int64), source_id: 4 + ORDER BY + LIST id: 13, nodes: 1 + SORT id: 14, sort_direction: ASCENDING, with_fill: 0 + EXPRESSION n.a + FUNCTION id: 15, function_name: tupleElement, function_type: ordinary, result_type: Int64 + ARGUMENTS + LIST id: 16, nodes: 2 + COLUMN id: 17, column_name: __array_join_exp_1, result_type: Tuple(a Int64, b Int64, c Int64), source_id: 3 + CONSTANT id: 18, constant_value: \'a\', constant_value_type: String +Expression (Project names) +Header: n Tuple(a Int64, b Int64, c Int64) + Sorting (Sorting for ORDER BY) + Header: tupleElement(__array_join_exp_1, \'a\'_String) Int64 + __array_join_exp_1 Tuple(a Int64, b Int64, c Int64) + Expression ((Before ORDER BY + Projection)) + Header: tupleElement(__array_join_exp_1, \'a\'_String) Int64 + __array_join_exp_1 Tuple(a Int64, b Int64, c Int64) + ArrayJoin (ARRAY JOIN) + Header: __array_join_exp_1 Tuple(a Int64, b Int64, c Int64) + Expression ((DROP unused columns before ARRAY JOIN + (ARRAY JOIN actions + Change column names to column identifiers))) + Header: __array_join_exp_1 Array(Tuple(a Int64, b Int64, c Int64)) + ReadFromMergeTree (default.t_nested) + Header: n.a Array(Int64) + n.b Array(Int64) + n.c Array(Int64) +1 +1 +QUERY id: 0 + PROJECTION COLUMNS + 1 UInt8 + PROJECTION + LIST id: 1, nodes: 1 + CONSTANT id: 2, constant_value: UInt64_1, constant_value_type: UInt8 + JOIN TREE + ARRAY_JOIN id: 3, is_left: 0 + TABLE EXPRESSION + TABLE id: 4, alias: __table2, table_name: default.t_nested + JOIN EXPRESSIONS + LIST id: 5, nodes: 1 + COLUMN id: 6, alias: __array_join_exp_1, column_name: __array_join_exp_1, result_type: Tuple(a Int64), source_id: 3 + EXPRESSION + FUNCTION id: 7, function_name: nested, function_type: ordinary, result_type: Array(Tuple(a Int64)) + ARGUMENTS + LIST id: 8, nodes: 2 + CONSTANT id: 9, constant_value: Array_[\'a\'], constant_value_type: Array(String) + COLUMN id: 10, column_name: n.a, result_type: Array(Int64), source_id: 4 + WHERE + FUNCTION id: 11, function_name: greater, function_type: ordinary, result_type: UInt8 + ARGUMENTS + LIST id: 12, nodes: 2 + FUNCTION id: 13, function_name: tupleElement, function_type: ordinary, result_type: Int64 + ARGUMENTS + LIST id: 14, nodes: 2 + COLUMN id: 15, column_name: __array_join_exp_1, result_type: Tuple(a Int64), source_id: 3 + CONSTANT id: 16, constant_value: \'a\', constant_value_type: String + CONSTANT id: 17, constant_value: UInt64_0, constant_value_type: UInt8 +Expression ((Project names + Projection)) +Header: 1 UInt8 + Filter (WHERE) + Header: + ArrayJoin (ARRAY JOIN) + Header: __array_join_exp_1 Tuple(a Int64) + Expression ((DROP unused columns before ARRAY JOIN + (ARRAY JOIN actions + Change column names to column identifiers))) + Header: __array_join_exp_1 Array(Tuple(a Int64)) + ReadFromMergeTree (default.t_nested) + Header: n.a Array(Int64) +1 +2 +Expression ((Project names + (Before ORDER BY + Projection) [lifted up part])) +Header: tupleElement(n, 1) Int64 + Sorting (Sorting for ORDER BY) + Header: __array_join_exp_1 Tuple(a Int64) + tupleElement(__array_join_exp_1, \'a\'_String) Int64 + Expression ((Before ORDER BY + Projection)) + Header: __array_join_exp_1 Tuple(a Int64) + tupleElement(__array_join_exp_1, \'a\'_String) Int64 + ArrayJoin (ARRAY JOIN) + Header: __array_join_exp_1 Tuple(a Int64) + Expression ((DROP unused columns before ARRAY JOIN + (ARRAY JOIN actions + Change column names to column identifiers))) + Header: __array_join_exp_1 Array(Tuple(a Int64)) + ReadFromMergeTree (default.t_nested) + Header: n.a Array(Int64) +3 +4 +QUERY id: 0 + PROJECTION COLUMNS + b Int64 + PROJECTION + LIST id: 1, nodes: 1 + COLUMN id: 2, column_name: __array_join_exp_2, result_type: Int64, source_id: 3 + JOIN TREE + ARRAY_JOIN id: 3, is_left: 0 + TABLE EXPRESSION + TABLE id: 4, alias: __table2, table_name: default.t_two_arrays + JOIN EXPRESSIONS + LIST id: 5, nodes: 1 + COLUMN id: 6, alias: __array_join_exp_2, column_name: __array_join_exp_2, result_type: Int64, source_id: 3 + EXPRESSION + COLUMN id: 7, column_name: b, result_type: Array(Int64), source_id: 4 + ORDER BY + LIST id: 8, nodes: 1 + SORT id: 9, sort_direction: ASCENDING, with_fill: 0 + EXPRESSION b + COLUMN id: 10, column_name: __array_join_exp_2, result_type: Int64, source_id: 3 +Expression (Project names) +Header: b Int64 + Sorting (Sorting for ORDER BY) + Header: __array_join_exp_2 Int64 + Expression ((Before ORDER BY + Projection)) + Header: __array_join_exp_2 Int64 + ArrayJoin (ARRAY JOIN) + Header: __array_join_exp_2 Int64 + Expression ((DROP unused columns before ARRAY JOIN + (ARRAY JOIN actions + Change column names to column identifiers))) + Header: __array_join_exp_2 Array(Int64) + ReadFromMergeTree (default.t_two_arrays) + Header: b Array(Int64) diff --git a/tests/queries/0_stateless/04039_prune_array_join_columns.sql b/tests/queries/0_stateless/04039_prune_array_join_columns.sql new file mode 100644 index 000000000000..399479d6f41b --- /dev/null +++ b/tests/queries/0_stateless/04039_prune_array_join_columns.sql @@ -0,0 +1,52 @@ +SET enable_analyzer = 1; +SET enable_parallel_replicas = 0; + +DROP TABLE IF EXISTS t_nested; +CREATE TABLE t_nested (`n.a` Array(Int64), `n.b` Array(Int64), `n.c` Array(Int64)) ENGINE = MergeTree ORDER BY tuple(); +INSERT INTO t_nested VALUES ([1, 2], [3, 4], [5, 6]); + +-- Only n.a is used — n.b and n.c should not be read. +SELECT n.a FROM t_nested ARRAY JOIN n ORDER BY n.a; + +-- Verify nested() is pruned to only a. +EXPLAIN QUERY TREE SELECT n.a FROM t_nested ARRAY JOIN n ORDER BY n.a; +EXPLAIN header = 1 SELECT n.a FROM t_nested ARRAY JOIN n ORDER BY n.a; + +-- Both n.a and n.b used — n.c should not be read. +SELECT n.a, n.b FROM t_nested ARRAY JOIN n ORDER BY n.a; + +EXPLAIN QUERY TREE SELECT n.a, n.b FROM t_nested ARRAY JOIN n ORDER BY n.a; +EXPLAIN header = 1 SELECT n.a, n.b FROM t_nested ARRAY JOIN n ORDER BY n.a; + +-- Direct reference to n — all subcolumns needed. +SELECT n FROM t_nested ARRAY JOIN n ORDER BY n.a; + +EXPLAIN QUERY TREE SELECT n FROM t_nested ARRAY JOIN n ORDER BY n.a; +EXPLAIN header = 1 SELECT n FROM t_nested ARRAY JOIN n ORDER BY n.a; + +-- n used only in WHERE — should still be pruned to only n.a. +SELECT 1 FROM t_nested ARRAY JOIN n WHERE n.a > 0; + +EXPLAIN QUERY TREE SELECT 1 FROM t_nested ARRAY JOIN n WHERE n.a > 0; +EXPLAIN header = 1 SELECT 1 FROM t_nested ARRAY JOIN n WHERE n.a > 0; + +-- Numeric tupleElement index — should prune the same as string access. +SELECT tupleElement(n, 1) FROM t_nested ARRAY JOIN n ORDER BY n.a; +EXPLAIN header = 1 SELECT tupleElement(n, 1) FROM t_nested ARRAY JOIN n ORDER BY n.a; + +DROP TABLE t_nested; + +-- General case: ARRAY JOIN with two independent arrays, only one used. +DROP TABLE IF EXISTS t_two_arrays; +CREATE TABLE t_two_arrays (a Array(Int64), b Array(Int64)) ENGINE = MergeTree ORDER BY tuple(); +INSERT INTO t_two_arrays VALUES ([1, 2], [3, 4]); + +SELECT b FROM t_two_arrays ARRAY JOIN a, b ORDER BY b; + +-- Verify: column a should be pruned from ARRAY JOIN, only b remains. +EXPLAIN QUERY TREE SELECT b FROM t_two_arrays ARRAY JOIN a, b ORDER BY b; + +-- Verify with EXPLAIN header=1 that only b is read from storage. +EXPLAIN header = 1 SELECT b FROM t_two_arrays ARRAY JOIN a, b ORDER BY b; + +DROP TABLE t_two_arrays; From 72e8baa9f8c5ca8f540fc9599d2b4036bcafb034 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Wed, 18 Mar 2026 23:20:14 +0000 Subject: [PATCH 078/141] Backport #99164 to 25.8: Fix LOGICAL_ERROR due to patch parts column order mismatch --- src/Common/FailPoint.cpp | 1 + .../MergeTree/MergeTreeBlockReadUtils.cpp | 17 +++++++ .../MergeTree/PatchParts/applyPatches.cpp | 8 ++- ...atch_parts_column_order_mismatch.reference | 6 +++ ...4034_patch_parts_column_order_mismatch.sql | 50 +++++++++++++++++++ 5 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 tests/queries/0_stateless/04034_patch_parts_column_order_mismatch.reference create mode 100644 tests/queries/0_stateless/04034_patch_parts_column_order_mismatch.sql diff --git a/src/Common/FailPoint.cpp b/src/Common/FailPoint.cpp index 476738471079..25dd29bee5ad 100644 --- a/src/Common/FailPoint.cpp +++ b/src/Common/FailPoint.cpp @@ -129,6 +129,7 @@ static struct InitFiu ONCE(database_iceberg_gcs) \ REGULAR(rmt_delay_execute_drop_range) \ REGULAR(rmt_delay_commit_part) \ + REGULAR(patch_parts_reverse_column_order) ONCE(smt_commit_exception_before_op) \ ONCE(backup_add_empty_memory_table) \ REGULAR(refresh_task_stop_racing_for_running_refresh) diff --git a/src/Storages/MergeTree/MergeTreeBlockReadUtils.cpp b/src/Storages/MergeTree/MergeTreeBlockReadUtils.cpp index b767f5b623c8..5287e609cd91 100644 --- a/src/Storages/MergeTree/MergeTreeBlockReadUtils.cpp +++ b/src/Storages/MergeTree/MergeTreeBlockReadUtils.cpp @@ -7,6 +7,7 @@ #include #include #include +#include #include #include #include @@ -28,6 +29,11 @@ namespace ErrorCodes extern const int NO_SUCH_COLUMN_IN_TABLE; } +namespace FailPoints +{ + extern const char patch_parts_reverse_column_order[]; +} + namespace { @@ -328,6 +334,17 @@ void addPatchPartsColumns( required_virtuals.insert(patch_system_columns.begin(), patch_system_columns.end()); Names patch_columns_to_read_names(patch_columns_to_read_set.begin(), patch_columns_to_read_set.end()); + + fiu_do_on(FailPoints::patch_parts_reverse_column_order, + { + /// Simulate non-deterministic NameSet iteration producing different column + /// orderings for different patches. This reproduces the bug fixed in + /// getUpdatedHeader (applyPatches.cpp) where sortColumns() normalizes order + /// before the positional assertCompatibleHeader comparison. + if (i % 2 == 1) + std::reverse(patch_columns_to_read_names.begin(), patch_columns_to_read_names.end()); + }); + result.patch_columns[i] = storage_snapshot->getColumnsByNames(options, patch_columns_to_read_names); } diff --git a/src/Storages/MergeTree/PatchParts/applyPatches.cpp b/src/Storages/MergeTree/PatchParts/applyPatches.cpp index 8791db1da731..0cf987543c02 100644 --- a/src/Storages/MergeTree/PatchParts/applyPatches.cpp +++ b/src/Storages/MergeTree/PatchParts/applyPatches.cpp @@ -275,7 +275,13 @@ Block getUpdatedHeader(const PatchesToApply & patches, const NameSet & updated_c header.erase(column.name); } - headers.push_back(std::move(header)); + /// Sort columns by name so that assertCompatibleHeader below compares + /// matching columns at the same positions. Patch blocks may arrive with + /// different column orderings because addPatchPartsColumns collects names + /// from a NameSet (unordered_set) whose iteration order is non-deterministic. + /// Downstream consumers use name-based lookups, so order does not matter + /// for correctness — only for this positional compatibility check. + headers.push_back(header.sortColumns()); } for (size_t i = 1; i < headers.size(); ++i) diff --git a/tests/queries/0_stateless/04034_patch_parts_column_order_mismatch.reference b/tests/queries/0_stateless/04034_patch_parts_column_order_mismatch.reference new file mode 100644 index 000000000000..4287567495fe --- /dev/null +++ b/tests/queries/0_stateless/04034_patch_parts_column_order_mismatch.reference @@ -0,0 +1,6 @@ +1 updated1 99 9.9 999 upd1 +2 updated1 99 9.9 999 upd1 +1 updated2 88 8.8 888 upd2 +2 updated2 88 8.8 888 upd2 +1 updated2 88 8.8 888 upd2 +2 updated2 88 8.8 888 upd2 diff --git a/tests/queries/0_stateless/04034_patch_parts_column_order_mismatch.sql b/tests/queries/0_stateless/04034_patch_parts_column_order_mismatch.sql new file mode 100644 index 000000000000..3c1d29ede8d4 --- /dev/null +++ b/tests/queries/0_stateless/04034_patch_parts_column_order_mismatch.sql @@ -0,0 +1,50 @@ +-- Regression test for https://github.com/ClickHouse/clickhouse-core-incidents/issues/1021 +-- When multiple patch parts (Merge + Join mode) update the same columns, +-- the column ordering in patch blocks must be deterministic to avoid +-- LOGICAL_ERROR "Block structure mismatch in patch parts stream". +-- +-- The failpoint reverses column order for odd-indexed patches to expose any +-- code relying on positional column matching. Without the sort in +-- getUpdatedHeader, this triggers the bug. + +SET enable_lightweight_update = 1; + +SYSTEM ENABLE FAILPOINT patch_parts_reverse_column_order; + +DROP TABLE IF EXISTS t_patch_order; + +CREATE TABLE t_patch_order (id UInt64, a_col String, b_col UInt64, c_col Float64, d_col UInt32, e_col String) +ENGINE = MergeTree ORDER BY id +SETTINGS + enable_block_number_column = 1, + enable_block_offset_column = 1, + apply_patches_on_merge = 0; + +-- Insert two separate blocks to create two base parts. +INSERT INTO t_patch_order VALUES (1, 'hello', 10, 1.5, 100, 'world'); +INSERT INTO t_patch_order VALUES (2, 'foo', 20, 2.5, 200, 'bar'); + +-- First UPDATE: creates Merge-mode patch parts for both base parts. +UPDATE t_patch_order SET a_col = 'updated1', b_col = 99, c_col = 9.9, d_col = 999, e_col = 'upd1' WHERE 1; + +-- Verify patch application works in Merge mode. +SELECT * FROM t_patch_order ORDER BY id; + +-- Merge base parts; patches become Join-mode (apply_patches_on_merge = 0). +OPTIMIZE TABLE t_patch_order FINAL; + +-- Second UPDATE: creates new Merge-mode patch parts for the merged base part. +UPDATE t_patch_order SET a_col = 'updated2', b_col = 88, c_col = 8.8, d_col = 888, e_col = 'upd2' WHERE 1; + +-- This SELECT must apply both Join-mode and Merge-mode patches simultaneously. +-- The failpoint reverses column order for odd-indexed patches. Without the fix, +-- getUpdatedHeader throws LOGICAL_ERROR because it compares patch headers positionally. +SELECT * FROM t_patch_order ORDER BY id; + +-- Materialize patches and verify final state. +ALTER TABLE t_patch_order APPLY PATCHES SETTINGS mutations_sync = 2; +SELECT * FROM t_patch_order ORDER BY id SETTINGS apply_patch_parts = 0; + +SYSTEM DISABLE FAILPOINT patch_parts_reverse_column_order; + +DROP TABLE t_patch_order; From 656d7f3e3abe1f4e6ede83b2d34f52ead99a0193 Mon Sep 17 00:00:00 2001 From: Anton Popov Date: Wed, 18 Mar 2026 23:44:02 +0000 Subject: [PATCH 079/141] Fix missing backslash in APPLY_FOR_FAILPOINTS macro continuation The cherry-picked line `REGULAR(patch_parts_reverse_column_order)` was missing a trailing backslash to continue the multi-line macro, causing a build failure. Co-Authored-By: Claude Opus 4.6 (1M context) --- src/Common/FailPoint.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Common/FailPoint.cpp b/src/Common/FailPoint.cpp index 25dd29bee5ad..216407b8907d 100644 --- a/src/Common/FailPoint.cpp +++ b/src/Common/FailPoint.cpp @@ -129,7 +129,7 @@ static struct InitFiu ONCE(database_iceberg_gcs) \ REGULAR(rmt_delay_execute_drop_range) \ REGULAR(rmt_delay_commit_part) \ - REGULAR(patch_parts_reverse_column_order) + REGULAR(patch_parts_reverse_column_order) \ ONCE(smt_commit_exception_before_op) \ ONCE(backup_add_empty_memory_table) \ REGULAR(refresh_task_stop_racing_for_running_refresh) From 243936f1e811394ae87d0a216685bb0dab52d60b Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Thu, 19 Mar 2026 10:49:32 +0000 Subject: [PATCH 080/141] Update autogenerated version to 25.8.19.20 and contributors --- cmake/autogenerated_versions.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cmake/autogenerated_versions.txt b/cmake/autogenerated_versions.txt index ef5c744ca19d..303dc0e94e90 100644 --- a/cmake/autogenerated_versions.txt +++ b/cmake/autogenerated_versions.txt @@ -2,11 +2,11 @@ # NOTE: VERSION_REVISION has nothing common with DBMS_TCP_PROTOCOL_VERSION, # only DBMS_TCP_PROTOCOL_VERSION should be incremented on protocol changes. -SET(VERSION_REVISION 54519) +SET(VERSION_REVISION 54520) SET(VERSION_MAJOR 25) SET(VERSION_MINOR 8) -SET(VERSION_PATCH 19) -SET(VERSION_GITHASH 557fdf60f81c4370867dff464de7f4b1064d39a7) -SET(VERSION_DESCRIBE v25.8.19.1-lts) -SET(VERSION_STRING 25.8.19.1) +SET(VERSION_PATCH 20) +SET(VERSION_GITHASH 228561f76593d974d76bd1090659dbc50c8511f2) +SET(VERSION_DESCRIBE v25.8.20.1-lts) +SET(VERSION_STRING 25.8.20.1) # end of autochange From e14fb74eef827f002b932cdeae90d7f3d8e1e140 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Thu, 19 Mar 2026 16:33:24 +0000 Subject: [PATCH 081/141] Backport #99380 to 25.8: Fix ignoring of TABLE_UUID_MISMATCH for non analyzer --- src/Interpreters/DatabaseCatalog.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Interpreters/DatabaseCatalog.cpp b/src/Interpreters/DatabaseCatalog.cpp index b2f334122b65..eaebb870ec3e 100644 --- a/src/Interpreters/DatabaseCatalog.cpp +++ b/src/Interpreters/DatabaseCatalog.cpp @@ -401,7 +401,7 @@ DatabaseAndTable DatabaseCatalog::getTableImpl( return {}; } /// In old analyzer resolving done in multiple places, so we ignore TABLE_UUID_MISMATCH error. - else if (!analyzer) + else if (analyzer) { const auto & table_storage_id = db_and_table.second->getStorageID(); if (db_and_table.first->getDatabaseName() != table_id.database_name || From 75eb6d26c4869cd3c829646598da02be1ec53909 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Thu, 19 Mar 2026 17:33:04 +0000 Subject: [PATCH 082/141] Backport #99976 to 25.8: Fix assertion failure in CRoaring on self-merge of NumericIndexedVector --- ...FunctionGroupNumericIndexedVectorDataBSI.h | 23 +++++++++++++++++++ ...umeric_indexed_vector_self_merge.reference | 2 ++ ...tion_numeric_indexed_vector_self_merge.sql | 11 +++++++++ 3 files changed, 36 insertions(+) create mode 100644 tests/queries/0_stateless/04049_aggregate_function_numeric_indexed_vector_self_merge.reference create mode 100644 tests/queries/0_stateless/04049_aggregate_function_numeric_indexed_vector_self_merge.sql diff --git a/src/AggregateFunctions/AggregateFunctionGroupNumericIndexedVectorDataBSI.h b/src/AggregateFunctions/AggregateFunctionGroupNumericIndexedVectorDataBSI.h index a65a1fb1ca12..ffcf8816b915 100644 --- a/src/AggregateFunctions/AggregateFunctionGroupNumericIndexedVectorDataBSI.h +++ b/src/AggregateFunctions/AggregateFunctionGroupNumericIndexedVectorDataBSI.h @@ -462,6 +462,19 @@ class BSINumericIndexedVector */ void pointwiseAddInplace(const BSINumericIndexedVector & rhs) { + /// Self-addition requires a deep copy because the full adder logic below + /// performs in-place XOR on shared bitmaps (`sum->rb_xor(*addend)` where + /// `sum` and `addend` alias the same Roaring bitmap via `shallowCopyFrom`), + /// which triggers an assertion in CRoaring (`assert(x1 != x2)`) and would + /// produce incorrect results (A XOR A = 0) in release builds. + if (this == &rhs) + { + BSINumericIndexedVector copy; + copy.deepCopyFrom(rhs); + pointwiseAddInplace(copy); + return; + } + if (isEmpty()) { deepCopyFrom(rhs); @@ -538,6 +551,16 @@ class BSINumericIndexedVector */ void pointwiseSubtractInplace(const BSINumericIndexedVector & rhs) { + /// Self-subtraction requires a deep copy for the same reason as + /// `pointwiseAddInplace`: in-place XOR on aliased bitmaps is undefined. + if (this == &rhs) + { + BSINumericIndexedVector copy; + copy.deepCopyFrom(rhs); + pointwiseSubtractInplace(copy); + return; + } + auto total_indexes = getAllIndex(); total_indexes->rb_or(*rhs.getAllIndex()); diff --git a/tests/queries/0_stateless/04049_aggregate_function_numeric_indexed_vector_self_merge.reference b/tests/queries/0_stateless/04049_aggregate_function_numeric_indexed_vector_self_merge.reference new file mode 100644 index 000000000000..156baf3abc90 --- /dev/null +++ b/tests/queries/0_stateless/04049_aggregate_function_numeric_indexed_vector_self_merge.reference @@ -0,0 +1,2 @@ +{100:2} +{100:4} diff --git a/tests/queries/0_stateless/04049_aggregate_function_numeric_indexed_vector_self_merge.sql b/tests/queries/0_stateless/04049_aggregate_function_numeric_indexed_vector_self_merge.sql new file mode 100644 index 000000000000..15eb95fe70bd --- /dev/null +++ b/tests/queries/0_stateless/04049_aggregate_function_numeric_indexed_vector_self_merge.sql @@ -0,0 +1,11 @@ +-- Test that self-merge of NumericIndexedVector aggregate states does not trigger +-- assertion failure in CRoaring (x1 != x2 in `roaring_bitmap_xor_inplace`). +-- https://github.com/ClickHouse/ClickHouse/issues/99704 + +-- `multiply` triggers self-merge via exponentiation by squaring (even branch). +SELECT arrayJoin([numericIndexedVectorToMap( + multiply(2, groupNumericIndexedVectorState(100, 1)))]); + +-- Power of 2 forces multiple self-merge iterations. +SELECT arrayJoin([numericIndexedVectorToMap( + multiply(4, groupNumericIndexedVectorState(100, 1)))]); From e82cde65e76960f5f109f5c12a5bd7db1719d742 Mon Sep 17 00:00:00 2001 From: Pavel Kruglov <48961922+Avogar@users.noreply.github.com> Date: Thu, 19 Mar 2026 20:21:10 +0100 Subject: [PATCH 083/141] Update 04038_check_table_sparse_tuple_dynamic.reference --- .../04038_check_table_sparse_tuple_dynamic.reference | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/queries/0_stateless/04038_check_table_sparse_tuple_dynamic.reference b/tests/queries/0_stateless/04038_check_table_sparse_tuple_dynamic.reference index 970376aa3410..d00491fd7e5b 100644 --- a/tests/queries/0_stateless/04038_check_table_sparse_tuple_dynamic.reference +++ b/tests/queries/0_stateless/04038_check_table_sparse_tuple_dynamic.reference @@ -1 +1 @@ -1 +1 From 1fe0b1d96f62a7f53bade72500f55613c4b9189b Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Fri, 20 Mar 2026 08:25:11 +0000 Subject: [PATCH 084/141] Backport #100024 to 25.8: Fix cross-user data leak in `system.asynchronous_inserts` --- .../StorageSystemAsynchronousInserts.cpp | 8 +++ ...asynchronous_inserts_user_filter.reference | 6 +++ ...system_asynchronous_inserts_user_filter.sh | 53 +++++++++++++++++++ 3 files changed, 67 insertions(+) create mode 100644 tests/queries/0_stateless/04043_system_asynchronous_inserts_user_filter.reference create mode 100755 tests/queries/0_stateless/04043_system_asynchronous_inserts_user_filter.sh diff --git a/src/Storages/System/StorageSystemAsynchronousInserts.cpp b/src/Storages/System/StorageSystemAsynchronousInserts.cpp index 64775988ac05..2385a67ffa30 100644 --- a/src/Storages/System/StorageSystemAsynchronousInserts.cpp +++ b/src/Storages/System/StorageSystemAsynchronousInserts.cpp @@ -8,6 +8,8 @@ #include #include #include +#include +#include namespace DB { @@ -37,6 +39,9 @@ void StorageSystemAsynchronousInserts::fillData(MutableColumns & res_columns, Co if (!insert_queue) return; + const auto current_user_id = context->getUserID(); + const bool show_all = context->getAccess()->isGranted(AccessType::SHOW_USERS); + for (size_t shard_num = 0; shard_num < insert_queue->getPoolSize(); ++shard_num) { auto [queue, queue_lock] = insert_queue->getQueueLocked(shard_num); @@ -45,6 +50,9 @@ void StorageSystemAsynchronousInserts::fillData(MutableColumns & res_columns, Co { const auto & [key, data] = elem; + if (!show_all && key.user_id != current_user_id) + continue; + auto time_in_microseconds = [](const time_point & timestamp) { auto time_diff = duration_cast(steady_clock::now() - timestamp); diff --git a/tests/queries/0_stateless/04043_system_asynchronous_inserts_user_filter.reference b/tests/queries/0_stateless/04043_system_asynchronous_inserts_user_filter.reference new file mode 100644 index 000000000000..e9130c6855ee --- /dev/null +++ b/tests/queries/0_stateless/04043_system_asynchronous_inserts_user_filter.reference @@ -0,0 +1,6 @@ +restricted_user sees: +0 +secret_user sees: +1 +admin sees: +1 diff --git a/tests/queries/0_stateless/04043_system_asynchronous_inserts_user_filter.sh b/tests/queries/0_stateless/04043_system_asynchronous_inserts_user_filter.sh new file mode 100755 index 000000000000..9acc6585241c --- /dev/null +++ b/tests/queries/0_stateless/04043_system_asynchronous_inserts_user_filter.sh @@ -0,0 +1,53 @@ +#!/usr/bin/env bash +# Tags: no-fasttest + +# Regression test: system.asynchronous_inserts must not leak cross-user insert metadata. +# A user without SHOW_USERS privilege must only see their own pending inserts. + +CUR_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +# shellcheck source=../shell_config.sh +. "$CUR_DIR"/../shell_config.sh + +${CLICKHOUSE_CLIENT} -q " + DROP USER IF EXISTS secret_user_${CLICKHOUSE_DATABASE}; + DROP USER IF EXISTS restricted_user_${CLICKHOUSE_DATABASE}; + CREATE USER secret_user_${CLICKHOUSE_DATABASE}; + CREATE USER restricted_user_${CLICKHOUSE_DATABASE}; + DROP TABLE IF EXISTS ${CLICKHOUSE_DATABASE}.async_insert_test; + CREATE TABLE ${CLICKHOUSE_DATABASE}.async_insert_test (x UInt64) ENGINE=MergeTree ORDER BY x; + GRANT INSERT ON ${CLICKHOUSE_DATABASE}.async_insert_test TO secret_user_${CLICKHOUSE_DATABASE}; + GRANT SELECT ON system.asynchronous_inserts TO secret_user_${CLICKHOUSE_DATABASE}; + GRANT SELECT ON system.asynchronous_inserts TO restricted_user_${CLICKHOUSE_DATABASE}; +" + +# secret_user inserts with async_insert enabled and a very long flush timeout so the entry stays in the queue. +${CLICKHOUSE_CLIENT} \ + --user "secret_user_${CLICKHOUSE_DATABASE}" \ + --async_insert 1 \ + --async_insert_busy_timeout_max_ms 600000 \ + --async_insert_busy_timeout_min_ms 600000 \ + --wait_for_async_insert 0 \ + -q "INSERT INTO ${CLICKHOUSE_DATABASE}.async_insert_test VALUES (42)" + +# restricted_user must see 0 rows (no cross-user visibility). +echo "restricted_user sees:" +${CLICKHOUSE_CLIENT} \ + --user "restricted_user_${CLICKHOUSE_DATABASE}" \ + -q "SELECT count() FROM system.asynchronous_inserts WHERE table = 'async_insert_test' AND database = '${CLICKHOUSE_DATABASE}'" + +# secret_user must see their own row. +echo "secret_user sees:" +${CLICKHOUSE_CLIENT} \ + --user "secret_user_${CLICKHOUSE_DATABASE}" \ + -q "SELECT count() FROM system.asynchronous_inserts WHERE table = 'async_insert_test' AND database = '${CLICKHOUSE_DATABASE}'" + +# Admin (current session) must see all rows. +echo "admin sees:" +${CLICKHOUSE_CLIENT} \ + -q "SELECT count() FROM system.asynchronous_inserts WHERE table = 'async_insert_test' AND database = '${CLICKHOUSE_DATABASE}'" + +${CLICKHOUSE_CLIENT} -q " + DROP USER IF EXISTS secret_user_${CLICKHOUSE_DATABASE}; + DROP USER IF EXISTS restricted_user_${CLICKHOUSE_DATABASE}; + DROP TABLE IF EXISTS ${CLICKHOUSE_DATABASE}.async_insert_test; +" From 5094f250a4adf42b3773334364d48a5c2cc6dd73 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Fri, 20 Mar 2026 11:58:07 +0000 Subject: [PATCH 085/141] Update autogenerated version to 25.8.20.4 and contributors --- cmake/autogenerated_versions.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cmake/autogenerated_versions.txt b/cmake/autogenerated_versions.txt index 303dc0e94e90..e6f22cb9f2dc 100644 --- a/cmake/autogenerated_versions.txt +++ b/cmake/autogenerated_versions.txt @@ -2,11 +2,11 @@ # NOTE: VERSION_REVISION has nothing common with DBMS_TCP_PROTOCOL_VERSION, # only DBMS_TCP_PROTOCOL_VERSION should be incremented on protocol changes. -SET(VERSION_REVISION 54520) +SET(VERSION_REVISION 54521) SET(VERSION_MAJOR 25) SET(VERSION_MINOR 8) -SET(VERSION_PATCH 20) -SET(VERSION_GITHASH 228561f76593d974d76bd1090659dbc50c8511f2) -SET(VERSION_DESCRIBE v25.8.20.1-lts) -SET(VERSION_STRING 25.8.20.1) +SET(VERSION_PATCH 21) +SET(VERSION_GITHASH 2e1cd6354ae8898072e5dbf97aa6e5945761e3d7) +SET(VERSION_DESCRIBE v25.8.21.1-lts) +SET(VERSION_STRING 25.8.21.1) # end of autochange From 2141781207cd2f62d18574ef03b43ddadeb0f02c Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Sun, 22 Mar 2026 10:17:52 +0000 Subject: [PATCH 086/141] Backport #100234 to 25.8: Fix shared variant column pointers in `ColumnVariant::filter` --- src/Columns/ColumnVariant.cpp | 5 ++++- src/Interpreters/Set.cpp | 12 +++++++++- src/Interpreters/Set.h | 4 ++-- ...ash_join_allocated_size_tracking.reference | 1 + ...4042_hash_join_allocated_size_tracking.sql | 22 +++++++++++++++++++ ...ariant_filter_shared_columns_bug.reference | 0 ...4051_variant_filter_shared_columns_bug.sql | 19 ++++++++++++++++ 7 files changed, 59 insertions(+), 4 deletions(-) create mode 100644 tests/queries/0_stateless/04042_hash_join_allocated_size_tracking.reference create mode 100644 tests/queries/0_stateless/04042_hash_join_allocated_size_tracking.sql create mode 100644 tests/queries/0_stateless/04051_variant_filter_shared_columns_bug.reference create mode 100644 tests/queries/0_stateless/04051_variant_filter_shared_columns_bug.sql diff --git a/src/Columns/ColumnVariant.cpp b/src/Columns/ColumnVariant.cpp index 2d8ebcfc5c40..bd6dfbcde261 100644 --- a/src/Columns/ColumnVariant.cpp +++ b/src/Columns/ColumnVariant.cpp @@ -917,7 +917,10 @@ ColumnPtr ColumnVariant::filter(const Filter & filt, ssize_t result_size_hint) c /// If we have only NULLs, just filter local_discriminators column. if (hasOnlyNulls()) { - Columns new_variants(variants.begin(), variants.end()); + Columns new_variants; + new_variants.reserve(variants.size()); + for (const auto & variant : variants) + new_variants.emplace_back(variant->cloneEmpty()); auto new_discriminators = local_discriminators->filter(filt, result_size_hint); /// In case of all NULL values offsets doesn't contain any useful values, just resize it. ColumnPtr new_offsets = offsets->cloneResized(new_discriminators->size()); diff --git a/src/Interpreters/Set.cpp b/src/Interpreters/Set.cpp index 374d29264984..de0b10dde1f2 100644 --- a/src/Interpreters/Set.cpp +++ b/src/Interpreters/Set.cpp @@ -267,7 +267,7 @@ void Set::appendSetElements(SetKeyColumns & holder) { auto filtered_column = holder.key_columns[i]->filter(holder.filter->getData(), rows); if (set_elements[i]->empty()) - set_elements[i] = filtered_column; + set_elements[i] = IColumn::mutate(std::move(filtered_column)); else set_elements[i]->insertRangeFrom(*filtered_column, 0, filtered_column->size()); if (transform_null_in && holder.null_map_holder) @@ -281,6 +281,16 @@ void Set::checkIsCreated() const throw Exception(ErrorCodes::LOGICAL_ERROR, "Trying to use set before it has been built."); } +Columns Set::getSetElements() const +{ + checkIsCreated(); + Columns result; + result.reserve(set_elements.size()); + for (const auto & col : set_elements) + result.push_back(col->getPtr()); + return result; +} + ColumnUInt8::Ptr checkDateTimePrecision(const ColumnWithTypeAndName & column_to_cast) { // Handle nullable columns diff --git a/src/Interpreters/Set.h b/src/Interpreters/Set.h index cc282c7c42ea..da617b2f2d8d 100644 --- a/src/Interpreters/Set.h +++ b/src/Interpreters/Set.h @@ -81,7 +81,7 @@ class Set bool hasExplicitSetElements() const { return fill_set_elements || (!set_elements.empty() && set_elements.front()->size() == data.getTotalRowCount()); } bool hasSetElements() const { return !set_elements.empty(); } - Columns getSetElements() const { checkIsCreated(); return { set_elements.begin(), set_elements.end() }; } + Columns getSetElements() const; void checkColumnsNumber(size_t num_key_columns) const; bool areTypesEqual(size_t set_type_idx, const DataTypePtr & other_type) const; @@ -143,7 +143,7 @@ class Set /// Collected elements of `Set`. /// It is necessary for the index to work on the primary key in the IN statement. - std::vector set_elements; + MutableColumns set_elements; /** Protects work with the set in the functions `insertFromBlock` and `execute`. * These functions can be called simultaneously from different threads only when using StorageSet, diff --git a/tests/queries/0_stateless/04042_hash_join_allocated_size_tracking.reference b/tests/queries/0_stateless/04042_hash_join_allocated_size_tracking.reference new file mode 100644 index 000000000000..86d9c30c0b0a --- /dev/null +++ b/tests/queries/0_stateless/04042_hash_join_allocated_size_tracking.reference @@ -0,0 +1 @@ +200000 2147483647 diff --git a/tests/queries/0_stateless/04042_hash_join_allocated_size_tracking.sql b/tests/queries/0_stateless/04042_hash_join_allocated_size_tracking.sql new file mode 100644 index 000000000000..1a1393193d88 --- /dev/null +++ b/tests/queries/0_stateless/04042_hash_join_allocated_size_tracking.sql @@ -0,0 +1,22 @@ +SET enable_analyzer = 1; + +CREATE TABLE test__fuzz_1 (`id` Nullable(UInt64), `d` Dynamic(max_types = 133)) ENGINE = Memory; + +INSERT INTO test__fuzz_1 SETTINGS min_insert_block_size_rows = 50000 SELECT number, number FROM numbers(100000) SETTINGS min_insert_block_size_rows = 50000; + +INSERT INTO test__fuzz_1 SETTINGS min_insert_block_size_rows = 50000 SELECT number, concat('str_', toString(number)) FROM numbers(100000, 100000) SETTINGS min_insert_block_size_rows = 50000; + +INSERT INTO test__fuzz_1 SETTINGS min_insert_block_size_rows = 50000 SELECT number, arrayMap(x -> multiIf((number % 9) = 0, NULL, (number % 9) = 3, concat('str_', toString(number)), number), range((number % 10) + 1)) FROM numbers(200000, 100000) SETTINGS min_insert_block_size_rows = 50000; + +INSERT INTO test__fuzz_1 SETTINGS min_insert_block_size_rows = 50000 SELECT number, NULL FROM numbers(300000, 100000) SETTINGS min_insert_block_size_rows = 50000; + +INSERT INTO test__fuzz_1 SETTINGS min_insert_block_size_rows = 50000 SELECT number, multiIf((number % 4) = 3, concat('str_', toString(number)), (number % 4) = 2, NULL, (number % 4) = 1, number, arrayMap(x -> multiIf((number % 9) = 0, NULL, (number % 9) = 3, concat('str_', toString(number)), number), range((number % 10) + 1))) FROM numbers(400000, 400000) SETTINGS min_insert_block_size_rows = 50000; + +INSERT INTO test__fuzz_1 SETTINGS min_insert_block_size_rows = 50000 SELECT number, if((number % 5) = 1, CAST([range(CAST((number % 10) + 1, 'UInt64'))], 'Array(Array(Dynamic))'), number) FROM numbers(100000, 100000) SETTINGS min_insert_block_size_rows = 50000; + +INSERT INTO test__fuzz_1 SETTINGS min_insert_block_size_rows = 50000 SELECT number, if((number % 5) = 1, CAST(CAST(concat('str_', number), 'LowCardinality(String)'), 'Dynamic'), CAST(number, 'Dynamic')) FROM numbers(100000, 100000) SETTINGS min_insert_block_size_rows = 50000; + +SELECT count(equals(toInt256(257), intDiv(65536, -2147483649) AS alias144)), toInt128(2147483647) FROM test__fuzz_1 WHERE NOT empty((SELECT d.`Array(Variant(String, UInt64))`)); + +DROP TABLE test__fuzz_1; + diff --git a/tests/queries/0_stateless/04051_variant_filter_shared_columns_bug.reference b/tests/queries/0_stateless/04051_variant_filter_shared_columns_bug.reference new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/tests/queries/0_stateless/04051_variant_filter_shared_columns_bug.sql b/tests/queries/0_stateless/04051_variant_filter_shared_columns_bug.sql new file mode 100644 index 000000000000..d81c6488f713 --- /dev/null +++ b/tests/queries/0_stateless/04051_variant_filter_shared_columns_bug.sql @@ -0,0 +1,19 @@ +-- Regression test for ColumnVariant::filter sharing variant column pointers +-- in the hasOnlyNulls() optimization path. The filter was copying ColumnPtr +-- shared pointers instead of cloning, causing two ColumnVariant objects to +-- share the same variant columns. When one was mutated via insertRangeFrom, +-- the other became inconsistent (discriminators_size=0 but variant_sizes>0), +-- leading to a LOGICAL_ERROR in compress(). + +SET cross_join_min_rows_to_compress = 1; +SET enable_analyzer = 1; + +DROP TABLE IF EXISTS test_variant_filter; +CREATE TABLE test_variant_filter (`id` UInt64, `d` Dynamic) ENGINE = Memory; + +INSERT INTO test_variant_filter SELECT number, NULL FROM numbers(50000); +INSERT INTO test_variant_filter SELECT number, [number, 'str']::Array(Variant(String, UInt64)) FROM numbers(50000); + +SELECT 1 FROM test_variant_filter WHERE NOT empty((SELECT d.`Array(Variant(String, UInt64))`)) FORMAT Null; + +DROP TABLE test_variant_filter; From 472539e02d490aa8a323f6d14110c2a7b189fbd0 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Sun, 22 Mar 2026 11:19:21 +0000 Subject: [PATCH 087/141] Backport #99542 to 25.8: Fix incorrect partition pruning for toWeek() function --- src/Functions/DateTimeTransforms.h | 9 ++++++++ src/Functions/IFunctionCustomWeek.h | 2 +- .../03732_toweek_partition_pruning.reference | 2 ++ .../03732_toweek_partition_pruning.sql | 21 +++++++++++++++++++ ..._week_monotonicity_key_condition.reference | 5 ++++- ...o_year_week_monotonicity_key_condition.sql | 6 +++++- 6 files changed, 42 insertions(+), 3 deletions(-) create mode 100644 tests/queries/0_stateless/03732_toweek_partition_pruning.reference create mode 100644 tests/queries/0_stateless/03732_toweek_partition_pruning.sql diff --git a/src/Functions/DateTimeTransforms.h b/src/Functions/DateTimeTransforms.h index 745ac3650300..20d096330965 100644 --- a/src/Functions/DateTimeTransforms.h +++ b/src/Functions/DateTimeTransforms.h @@ -396,6 +396,7 @@ struct ToYearWeekImpl return yw.first * 100 + yw.second; } + static constexpr bool hasMonotonicity() { return true; } using FactorTransform = ZeroTransform; }; @@ -431,6 +432,7 @@ struct ToStartOfWeekImpl return time_zone.toFirstDayNumOfWeek(ExtendedDayNum(d), week_mode); } + static constexpr bool hasMonotonicity() { return true; } using FactorTransform = ZeroTransform; }; @@ -464,6 +466,7 @@ struct ToLastDayOfWeekImpl return time_zone.toLastDayNumOfWeek(ExtendedDayNum(d), week_mode); } + static constexpr bool hasMonotonicity() { return true; } using FactorTransform = ZeroTransform; }; @@ -494,6 +497,11 @@ struct ToWeekImpl return yw.second; } + /// toWeek() is not monotonic because week numbers can wrap at year boundaries + /// (e.g. ISO week 52 -> week 1 in late December), depending on the week_mode. + /// See https://github.com/ClickHouse/ClickHouse/issues/90240 + static constexpr bool hasMonotonicity() { return false; } + using FactorTransform = ToStartOfYearImpl; }; @@ -1591,6 +1599,7 @@ struct ToDayOfWeekImpl return time_zone.toDayOfWeek(DayNum(d), mode); } + static constexpr bool hasMonotonicity() { return true; } using FactorTransform = ToMondayImpl; }; diff --git a/src/Functions/IFunctionCustomWeek.h b/src/Functions/IFunctionCustomWeek.h index 99941e5c186c..9978586506c0 100644 --- a/src/Functions/IFunctionCustomWeek.h +++ b/src/Functions/IFunctionCustomWeek.h @@ -41,7 +41,7 @@ class IFunctionCustomWeek : public IFunction return true; } - bool hasInformationAboutMonotonicity() const override { return true; } + bool hasInformationAboutMonotonicity() const override { return Transform::hasMonotonicity(); } Monotonicity getMonotonicityForRange(const IDataType & type, const Field & left, const Field & right) const override { diff --git a/tests/queries/0_stateless/03732_toweek_partition_pruning.reference b/tests/queries/0_stateless/03732_toweek_partition_pruning.reference new file mode 100644 index 000000000000..02af9a39522c --- /dev/null +++ b/tests/queries/0_stateless/03732_toweek_partition_pruning.reference @@ -0,0 +1,2 @@ +49 2 +52 2 diff --git a/tests/queries/0_stateless/03732_toweek_partition_pruning.sql b/tests/queries/0_stateless/03732_toweek_partition_pruning.sql new file mode 100644 index 000000000000..bd1ce72d7713 --- /dev/null +++ b/tests/queries/0_stateless/03732_toweek_partition_pruning.sql @@ -0,0 +1,21 @@ +-- https://github.com/ClickHouse/ClickHouse/issues/90240 +-- toWeek() incorrectly claimed monotonicity, causing partition pruning +-- to skip December partitions for weeks 49-52. + +DROP TABLE IF EXISTS test_toweek_pruning; + +CREATE TABLE test_toweek_pruning (date Date, value String) +ENGINE = MergeTree +PARTITION BY toYYYYMM(date) +ORDER BY date; + +INSERT INTO test_toweek_pruning VALUES + ('2025-11-30', 'x'), ('2025-12-01', 'x'), ('2025-12-07', 'x'), + ('2025-12-08', 'x'), ('2025-12-14', 'x'), ('2025-12-15', 'x'), + ('2025-12-21', 'x'), ('2025-12-22', 'x'), ('2025-12-28', 'x'), + ('2025-12-29', 'x'), ('2025-12-31', 'x'); + +SELECT toWeek(date, 3), count() FROM test_toweek_pruning WHERE toWeek(date, 3) = 49 GROUP BY 1; +SELECT toWeek(date, 3), count() FROM test_toweek_pruning WHERE toWeek(date, 3) = 52 GROUP BY 1; + +DROP TABLE test_toweek_pruning; diff --git a/tests/queries/0_stateless/03789_to_year_week_monotonicity_key_condition.reference b/tests/queries/0_stateless/03789_to_year_week_monotonicity_key_condition.reference index 7e87f95616da..a8960301ac05 100644 --- a/tests/queries/0_stateless/03789_to_year_week_monotonicity_key_condition.reference +++ b/tests/queries/0_stateless/03789_to_year_week_monotonicity_key_condition.reference @@ -33,8 +33,11 @@ CREATE TABLE t (dt DateTime) ENGINE=MergeTree ORDER BY dt SETTINGS index_granula INSERT INTO t SELECT toDateTime('2020-01-01 00:00:00') + number * 3600 FROM numbers(24 * 40); SELECT count() FROM t -WHERE toWeek(dt) = toWeek(toDateTime('2020-01-15 00:00:00')) SETTINGS force_primary_key = 1, max_rows_to_read = 169; +WHERE toWeek(dt) = toWeek(toDateTime('2020-01-15 00:00:00')); 168 +SELECT count() +FROM t +WHERE toWeek(dt) = toWeek(toDateTime('2020-01-15 00:00:00')) SETTINGS force_primary_key = 1; -- { serverError INDEX_NOT_USED } DROP TABLE IF EXISTS t; CREATE TABLE t (s LowCardinality(String)) ENGINE = MergeTree ORDER BY s; INSERT INTO t VALUES ('2020-01-10 00:00:00'), ('2020-01-2 00:00:00'); diff --git a/tests/queries/0_stateless/03789_to_year_week_monotonicity_key_condition.sql b/tests/queries/0_stateless/03789_to_year_week_monotonicity_key_condition.sql index fb550e72051f..5e81bfe84ce5 100644 --- a/tests/queries/0_stateless/03789_to_year_week_monotonicity_key_condition.sql +++ b/tests/queries/0_stateless/03789_to_year_week_monotonicity_key_condition.sql @@ -40,7 +40,11 @@ INSERT INTO t SELECT toDateTime('2020-01-01 00:00:00') + number * 3600 FROM numb SELECT count() FROM t -WHERE toWeek(dt) = toWeek(toDateTime('2020-01-15 00:00:00')) SETTINGS force_primary_key = 1, max_rows_to_read = 169; +WHERE toWeek(dt) = toWeek(toDateTime('2020-01-15 00:00:00')); + +SELECT count() +FROM t +WHERE toWeek(dt) = toWeek(toDateTime('2020-01-15 00:00:00')) SETTINGS force_primary_key = 1; -- { serverError INDEX_NOT_USED } DROP TABLE IF EXISTS t; CREATE TABLE t (s LowCardinality(String)) ENGINE = MergeTree ORDER BY s; From d7d5364d0914439dda542c88c378e180f1c7ab73 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Mon, 23 Mar 2026 16:32:39 +0000 Subject: [PATCH 088/141] Backport #99344 to 25.8: Mask secrets for XDBC and NATS engines --- src/Parsers/FunctionSecretArgumentsFinder.h | 84 +++++++++++++++++++ src/Storages/NATS/NATSHandler.cpp | 8 ++ src/Storages/NATS/NATSHandler.h | 1 + src/Storages/NATS/NATS_fwd.h | 1 + .../test_mask_sensitive_info/test.py | 44 +++++++++- ...age_odbc_parsing_exception_check.reference | 2 +- 6 files changed, 138 insertions(+), 2 deletions(-) diff --git a/src/Parsers/FunctionSecretArgumentsFinder.h b/src/Parsers/FunctionSecretArgumentsFinder.h index 9d580827fc76..998765b665b4 100644 --- a/src/Parsers/FunctionSecretArgumentsFinder.h +++ b/src/Parsers/FunctionSecretArgumentsFinder.h @@ -148,6 +148,13 @@ class FunctionSecretArgumentsFinder { findYTsaurusStorageTableEngineSecretArguments(); } + else if ((function->name() == "jdbc") || (function->name() == "odbc")) + { + /// jdbc('DSN', schema, table) or jdbc('DSN', table) + /// odbc('DSN', schema, table) or odbc('DSN', table) + /// The DSN (connection string) may contain credentials. + findXDBCSecretArguments(); + } } void findMySQLFunctionSecretArguments() @@ -216,6 +223,76 @@ class FunctionSecretArgumentsFinder } } + void findXDBCSecretArguments() + { + if (isNamedCollectionName(0)) + { + /// jdbc(named_collection, ..., datasource = 'DSN', ...) + /// odbc(named_collection, ..., connection_settings = 'DSN', ...) + /// `datasource` and `connection_settings` are mutually exclusive aliases. + /// If the value is a URI, mask only the password; otherwise hide the whole value. + /// If somehow both are present (invalid query), hide all named arguments. + ssize_t ds_idx = findNamedArgument(nullptr, "datasource", 1); + ssize_t cs_idx = findNamedArgument(nullptr, "connection_settings", 1); + + if (ds_idx >= 0 && cs_idx >= 0) + { + /// Both present — hide all named arguments starting from index 1. + result.start = 1; + result.count = function->arguments->size() - 1; + result.are_named = true; + } + else if (ds_idx >= 0) + maskXDBCSecretNamedArgument("datasource", 1); + else if (cs_idx >= 0) + maskXDBCSecretNamedArgument("connection_settings", 1); + } + else + { + /// jdbc('DSN', schema, table) / jdbc('DSN', table) + /// odbc('DSN', schema, table) / odbc('DSN', table) + /// JDBC('DSN', database, table) / ODBC('DSN', database, table) + /// The connection string may be a URI with credentials embedded, + /// e.g. scheme://username:password@host:port/dbname + /// If so, mask only the password part; otherwise hide the whole argument. + String uri; + if (tryGetStringFromArgument(0, &uri)) + { + if (maskURIPassword(&uri)) + { + chassert(result.count == 0); + result.start = 0; + result.count = 1; + result.replacement = std::move(uri); + return; + } + } + markSecretArgument(0, false); + } + } + + /// Similar to `findSecretNamedArgument`, but if the value is a URI with credentials, + /// masks only the password part instead of hiding the entire value. + void maskXDBCSecretNamedArgument(std::string_view key, size_t start) + { + String value; + ssize_t arg_idx = findNamedArgument(&value, key, start); + if (arg_idx < 0) + return; + + if (!value.empty() && maskURIPassword(&value)) + { + result.are_named = true; + result.start = arg_idx; + result.count = 1; + result.replacement = std::move(value); + } + else + { + markSecretArgument(arg_idx, /* argument_is_named= */ true); + } + } + /// Returns the number of arguments excluding "headers" and "extra_credentials" (which should /// always be at the end). Marks "headers" as secret, if found. size_t excludeS3OrURLNestedMaps() @@ -540,6 +617,13 @@ class FunctionSecretArgumentsFinder { findYTsaurusStorageTableEngineSecretArguments(); } + else if ((engine_name == "JDBC") || (engine_name == "ODBC")) + { + /// JDBC('DSN', database, table) + /// ODBC('DSN', database, table) + /// The DSN (connection string) may contain credentials. + findXDBCSecretArguments(); + } } void findExternalDistributedTableEngineSecretArguments() diff --git a/src/Storages/NATS/NATSHandler.cpp b/src/Storages/NATS/NATSHandler.cpp index 5b49651b5a9a..ea89044fc482 100644 --- a/src/Storages/NATS/NATSHandler.cpp +++ b/src/Storages/NATS/NATSHandler.cpp @@ -36,6 +36,14 @@ NATSHandler::NATSHandler(LoggerPtr log_) execute_tasks_scheduler.data = this; } +NATSHandler::~NATSHandler() +{ + /// Close the async handle before UVLoop destructor runs, + /// otherwise uv_loop_close reads from already-destroyed memory. + uv_close(reinterpret_cast(&execute_tasks_scheduler), nullptr); + uv_run(loop.getLoop(), UV_RUN_NOWAIT); +} + void NATSHandler::runLoop() { { diff --git a/src/Storages/NATS/NATSHandler.h b/src/Storages/NATS/NATSHandler.h index 9268eefd39c2..8c7336d56119 100644 --- a/src/Storages/NATS/NATSHandler.h +++ b/src/Storages/NATS/NATSHandler.h @@ -22,6 +22,7 @@ class NATSHandler public: explicit NATSHandler(LoggerPtr log_); + ~NATSHandler(); /// Loop for background thread worker. void runLoop(); diff --git a/src/Storages/NATS/NATS_fwd.h b/src/Storages/NATS/NATS_fwd.h index d3af6dd12afc..f324df8a8c2a 100644 --- a/src/Storages/NATS/NATS_fwd.h +++ b/src/Storages/NATS/NATS_fwd.h @@ -13,6 +13,7 @@ using ValueMaskingFunc = std::function; static inline std::unordered_map SETTINGS_TO_HIDE = { {"nats_password", DEFAULT_MASKING_RULE}, + {"nats_token", DEFAULT_MASKING_RULE}, {"nats_credential_file", DEFAULT_MASKING_RULE}, {"nats_url", [](const DB::Field & value) { diff --git a/tests/integration/test_mask_sensitive_info/test.py b/tests/integration/test_mask_sensitive_info/test.py index cf7437be8ea5..b2b2969b82d1 100644 --- a/tests/integration/test_mask_sensitive_info/test.py +++ b/tests/integration/test_mask_sensitive_info/test.py @@ -292,6 +292,17 @@ def test_create_table(): f"Kafka() SETTINGS kafka_broker_list = '127.0.0.1', kafka_topic_list = 'topic', kafka_group_name = 'group', kafka_format = 'JSONEachRow', kafka_security_protocol = 'sasl_ssl', kafka_sasl_mechanism = 'PLAIN', kafka_sasl_username = 'user', kafka_sasl_password = '{password}', format_avro_schema_registry_url = 'http://schema_user:{password}@domain.com'", f"S3('http://minio1:9001/root/data/test5.csv.gz', 'CSV', access_key_id = 'minio', secret_access_key = '{password}', compression_method = 'gzip')", f"Redis('localhost', 0, '{password}') PRIMARY KEY x;", + f"JDBC('DSN=mydb;Uid=user;Pwd={password}', 'mydb', 'mytable')", + f"ODBC('DSN=mydb;Uid=user;Pwd={password}', 'mydb', 'mytable')", + f"JDBC('jdbc://user:{password}@localhost:5432/mydb', 'mydb', 'mytable')", + f"ODBC('odbc://user:{password}@localhost:5432/mydb', 'mydb', 'mytable')", + f"JDBC(named_collection_1, datasource = 'DSN=mydb;Uid=user;Pwd={password}', external_database = 'mydb', external_table = 'mytable')", + f"ODBC(named_collection_1, connection_settings = 'DSN=mydb;Uid=user;Pwd={password}', external_database = 'mydb', external_table = 'mytable')", + f"JDBC(named_collection_1, datasource = 'jdbc://user:{password}@localhost:5432/mydb', external_database = 'mydb', external_table = 'mytable')", + f"ODBC(named_collection_1, connection_settings = 'odbc://user:{password}@localhost:5432/mydb', external_database = 'mydb', external_table = 'mytable')", + (f"JDBC(named_collection_1, datasource = 'DSN=mydb;Uid=user;Pwd={password}', connection_settings = 'DSN=mydb2;Uid=user2;Pwd={password}', external_database = 'mydb', external_table = 'mytable')", "ARGUMENTS"), + (f"JDBC(named_collection_1, connection_settings = 'jdbc://user2:{password}@localhost:5432/mydb2', external_database = 'mydb', datasource = 'jdbc://user:{password}@localhost:5432/mydb', external_table = 'mytable')", "ARGUMENTS"), + (f"NATS() SETTINGS nats_url = 'localhost:4222', nats_subjects = 'subject', nats_format = 'JSONEachRow', nats_token = '{password}'", "CANNOT_CONNECT_NATS"), ] def make_test_case(i): @@ -372,6 +383,17 @@ def make_test_case(i): "CREATE TABLE table34 (`x` int) ENGINE = Kafka SETTINGS kafka_broker_list = '127.0.0.1', kafka_topic_list = 'topic', kafka_group_name = 'group', kafka_format = 'JSONEachRow', kafka_security_protocol = 'sasl_ssl', kafka_sasl_mechanism = 'PLAIN', kafka_sasl_username = 'user', kafka_sasl_password = '[HIDDEN]', format_avro_schema_registry_url = 'http://schema_user:[HIDDEN]@domain.com'", "CREATE TABLE table35 (`x` int) ENGINE = S3('http://minio1:9001/root/data/test5.csv.gz', 'CSV', access_key_id = 'minio', secret_access_key = '[HIDDEN]', compression_method = 'gzip')", "CREATE TABLE table36 (`x` int) ENGINE = Redis('localhost', 0, '[HIDDEN]') PRIMARY KEY x", + "CREATE TABLE table37 (`x` int) ENGINE = JDBC('[HIDDEN]', 'mydb', 'mytable')", + "CREATE TABLE table38 (`x` int) ENGINE = ODBC('[HIDDEN]', 'mydb', 'mytable')", + "CREATE TABLE table39 (`x` int) ENGINE = JDBC('jdbc://user:[HIDDEN]@localhost:5432/mydb', 'mydb', 'mytable')", + "CREATE TABLE table40 (`x` int) ENGINE = ODBC('odbc://user:[HIDDEN]@localhost:5432/mydb', 'mydb', 'mytable')", + "CREATE TABLE table41 (`x` int) ENGINE = JDBC(named_collection_1, datasource = '[HIDDEN]', external_database = 'mydb', external_table = 'mytable')", + "CREATE TABLE table42 (`x` int) ENGINE = ODBC(named_collection_1, connection_settings = '[HIDDEN]', external_database = 'mydb', external_table = 'mytable')", + "CREATE TABLE table43 (`x` int) ENGINE = JDBC(named_collection_1, datasource = 'jdbc://user:[HIDDEN]@localhost:5432/mydb', external_database = 'mydb', external_table = 'mytable')", + "CREATE TABLE table44 (`x` int) ENGINE = ODBC(named_collection_1, connection_settings = 'odbc://user:[HIDDEN]@localhost:5432/mydb', external_database = 'mydb', external_table = 'mytable')", + "CREATE TABLE table45 (`x` int) ENGINE = JDBC(named_collection_1, datasource = '[HIDDEN]', connection_settings = '[HIDDEN]', external_database = '[HIDDEN]', external_table = '[HIDDEN]')", + "CREATE TABLE table46 (`x` int) ENGINE = JDBC(named_collection_1, connection_settings = '[HIDDEN]', external_database = '[HIDDEN]', datasource = '[HIDDEN]', external_table = '[HIDDEN]')", + "CREATE TABLE table47 (`x` int) ENGINE = NATS SETTINGS nats_url = 'localhost:4222', nats_subjects = 'subject', nats_format = 'JSONEachRow', nats_token = '[HIDDEN]'", ], must_not_contain=[password], ) @@ -491,7 +513,17 @@ def test_table_functions(): f"icebergAzure('{azure_storage_account_url}', 'cont', 'test_simple_6.csv', '{azure_account_name}', '{azure_account_key}', 'CSV', 'none', 'auto')", f"deltaLakeAzure('{azure_storage_account_url}', 'cont', 'test_simple_6.csv', '{azure_account_name}', '{azure_account_key}', 'CSV', 'none', 'auto')", f"hudi('http://minio1:9001/root/data/test7.csv', 'minio', '{password}')", - f"redis('localhost', 'key', 'key Int64', 0, '{password}')" + f"redis('localhost', 'key', 'key Int64', 0, '{password}')", + f"jdbc('DSN=mydb;Uid=user;Pwd={password}', 'mydb', 'mytable')", + f"odbc('DSN=mydb;Uid=user;Pwd={password}', 'mydb', 'mytable')", + f"jdbc('jdbc://user:{password}@localhost:5432/mydb', 'mydb', 'mytable')", + f"odbc('odbc://user:{password}@localhost:5432/mydb', 'mydb', 'mytable')", + f"jdbc(named_collection_1, datasource = 'DSN=mydb;Uid=user;Pwd={password}')", + f"odbc(named_collection_1, connection_settings = 'DSN=mydb;Uid=user;Pwd={password}')", + f"jdbc(named_collection_1, datasource = 'jdbc://user:{password}@localhost:5432/mydb')", + f"odbc(named_collection_1, connection_settings = 'odbc://user:{password}@localhost:5432/mydb')", + (f"jdbc(named_collection_1, datasource = 'DSN=mydb;Uid=user;Pwd={password}', connection_settings = 'DSN=mydb2;Uid=user2;Pwd={password}')", "ARGUMENTS"), + (f"jdbc(named_collection_1, connection_settings = 'jdbc://user2:{password}@localhost:5432/mydb2', external_database = 'mydb', datasource = 'jdbc://user:{password}@localhost:5432/mydb')", "ARGUMENTS"), ] def make_test_case(i): @@ -578,6 +610,16 @@ def make_test_case(i): f"CREATE TABLE tablefunc43 (`x` int) AS deltaLakeAzure('{azure_storage_account_url}', 'cont', 'test_simple_6.csv', '{azure_account_name}', '[HIDDEN]', 'CSV', 'none', 'auto')", "CREATE TABLE tablefunc44 (`x` int) AS hudi('http://minio1:9001/root/data/test7.csv', 'minio', '[HIDDEN]')", "CREATE TABLE tablefunc45 (`x` int) AS redis('localhost', 'key', 'key Int64', 0, '[HIDDEN]')", + "CREATE TABLE tablefunc46 (`x` int) AS jdbc('[HIDDEN]', 'mydb', 'mytable')", + "CREATE TABLE tablefunc47 (`x` int) AS odbc('[HIDDEN]', 'mydb', 'mytable')", + "CREATE TABLE tablefunc48 (`x` int) AS jdbc('jdbc://user:[HIDDEN]@localhost:5432/mydb', 'mydb', 'mytable')", + "CREATE TABLE tablefunc49 (`x` int) AS odbc('odbc://user:[HIDDEN]@localhost:5432/mydb', 'mydb', 'mytable')", + "CREATE TABLE tablefunc50 (`x` int) AS jdbc(named_collection_1, datasource = '[HIDDEN]')", + "CREATE TABLE tablefunc51 (`x` int) AS odbc(named_collection_1, connection_settings = '[HIDDEN]')", + "CREATE TABLE tablefunc52 (`x` int) AS jdbc(named_collection_1, datasource = 'jdbc://user:[HIDDEN]@localhost:5432/mydb')", + "CREATE TABLE tablefunc53 (`x` int) AS odbc(named_collection_1, connection_settings = 'odbc://user:[HIDDEN]@localhost:5432/mydb')", + "CREATE TABLE tablefunc54 (`x` int) AS jdbc(named_collection_1, datasource = '[HIDDEN]', connection_settings = '[HIDDEN]')", + "CREATE TABLE tablefunc55 (`x` int) AS jdbc(named_collection_1, connection_settings = '[HIDDEN]', external_database = '[HIDDEN]', datasource = '[HIDDEN]')", ], must_not_contain=[password], ) diff --git a/tests/queries/0_stateless/01033_storage_odbc_parsing_exception_check.reference b/tests/queries/0_stateless/01033_storage_odbc_parsing_exception_check.reference index 548952c3a6a6..8a079f11d9ca 100644 --- a/tests/queries/0_stateless/01033_storage_odbc_parsing_exception_check.reference +++ b/tests/queries/0_stateless/01033_storage_odbc_parsing_exception_check.reference @@ -1 +1 @@ -CREATE TABLE default.BannerDict\n(\n `BannerID` UInt64,\n `CompaignID` UInt64\n)\nENGINE = ODBC(\'DSN=pgconn;Database=postgres\', \'somedb\', \'bannerdict\') +CREATE TABLE default.BannerDict\n(\n `BannerID` UInt64,\n `CompaignID` UInt64\n)\nENGINE = ODBC(\'[HIDDEN]\', \'somedb\', \'bannerdict\') From 6d30f878cec204f34237edc79eb58b832cc75372 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A1nos=20Benjamin=20Antal?= Date: Tue, 24 Mar 2026 09:55:21 +0100 Subject: [PATCH 089/141] Remove incorrectly handled test cases --- tests/integration/test_mask_sensitive_info/test.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/integration/test_mask_sensitive_info/test.py b/tests/integration/test_mask_sensitive_info/test.py index b2b2969b82d1..1ca836c0e406 100644 --- a/tests/integration/test_mask_sensitive_info/test.py +++ b/tests/integration/test_mask_sensitive_info/test.py @@ -522,8 +522,6 @@ def test_table_functions(): f"odbc(named_collection_1, connection_settings = 'DSN=mydb;Uid=user;Pwd={password}')", f"jdbc(named_collection_1, datasource = 'jdbc://user:{password}@localhost:5432/mydb')", f"odbc(named_collection_1, connection_settings = 'odbc://user:{password}@localhost:5432/mydb')", - (f"jdbc(named_collection_1, datasource = 'DSN=mydb;Uid=user;Pwd={password}', connection_settings = 'DSN=mydb2;Uid=user2;Pwd={password}')", "ARGUMENTS"), - (f"jdbc(named_collection_1, connection_settings = 'jdbc://user2:{password}@localhost:5432/mydb2', external_database = 'mydb', datasource = 'jdbc://user:{password}@localhost:5432/mydb')", "ARGUMENTS"), ] def make_test_case(i): @@ -618,8 +616,6 @@ def make_test_case(i): "CREATE TABLE tablefunc51 (`x` int) AS odbc(named_collection_1, connection_settings = '[HIDDEN]')", "CREATE TABLE tablefunc52 (`x` int) AS jdbc(named_collection_1, datasource = 'jdbc://user:[HIDDEN]@localhost:5432/mydb')", "CREATE TABLE tablefunc53 (`x` int) AS odbc(named_collection_1, connection_settings = 'odbc://user:[HIDDEN]@localhost:5432/mydb')", - "CREATE TABLE tablefunc54 (`x` int) AS jdbc(named_collection_1, datasource = '[HIDDEN]', connection_settings = '[HIDDEN]')", - "CREATE TABLE tablefunc55 (`x` int) AS jdbc(named_collection_1, connection_settings = '[HIDDEN]', external_database = '[HIDDEN]', datasource = '[HIDDEN]')", ], must_not_contain=[password], ) From 687e609d0a1364123b5370a6e993d4846059cf3a Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Tue, 24 Mar 2026 13:44:37 +0000 Subject: [PATCH 090/141] Backport #100475 to 25.8: Fix missing stream exception for nested JSON in wide parts --- src/Columns/ColumnDynamic.h | 8 ++-- src/Columns/ColumnObject.cpp | 8 ++-- ..._data_buckets_missing_stream_bug.reference | 3 ++ ...shared_data_buckets_missing_stream_bug.sql | 42 +++++++++++++++++++ 4 files changed, 53 insertions(+), 8 deletions(-) create mode 100644 tests/queries/0_stateless/04054_json_nested_shared_data_buckets_missing_stream_bug.reference create mode 100644 tests/queries/0_stateless/04054_json_nested_shared_data_buckets_missing_stream_bug.sql diff --git a/src/Columns/ColumnDynamic.h b/src/Columns/ColumnDynamic.h index 3028ad021d8d..710be4059b83 100644 --- a/src/Columns/ColumnDynamic.h +++ b/src/Columns/ColumnDynamic.h @@ -212,7 +212,7 @@ class ColumnDynamic final : public COWHelper, Colum ColumnPtr filter(const Filter & filt, ssize_t result_size_hint) const override { - return create(variant_column_ptr->filter(filt, result_size_hint), variant_info, max_dynamic_types, global_max_dynamic_types); + return create(variant_column_ptr->filter(filt, result_size_hint), variant_info, max_dynamic_types, global_max_dynamic_types, statistics); } void expand(const Filter & mask, bool inverted) override @@ -227,12 +227,12 @@ class ColumnDynamic final : public COWHelper, Colum ColumnPtr index(const IColumn & indexes, size_t limit) const override { - return create(variant_column_ptr->index(indexes, limit), variant_info, max_dynamic_types, global_max_dynamic_types); + return create(variant_column_ptr->index(indexes, limit), variant_info, max_dynamic_types, global_max_dynamic_types, statistics); } ColumnPtr replicate(const Offsets & replicate_offsets) const override { - return create(variant_column_ptr->replicate(replicate_offsets), variant_info, max_dynamic_types, global_max_dynamic_types); + return create(variant_column_ptr->replicate(replicate_offsets), variant_info, max_dynamic_types, global_max_dynamic_types, statistics); } MutableColumns scatter(ColumnIndex num_columns, const Selector & selector) const override @@ -241,7 +241,7 @@ class ColumnDynamic final : public COWHelper, Colum MutableColumns scattered_columns; scattered_columns.reserve(num_columns); for (auto & scattered_variant_column : scattered_variant_columns) - scattered_columns.emplace_back(create(std::move(scattered_variant_column), variant_info, max_dynamic_types, global_max_dynamic_types)); + scattered_columns.emplace_back(create(std::move(scattered_variant_column), variant_info, max_dynamic_types, global_max_dynamic_types, statistics)); return scattered_columns; } diff --git a/src/Columns/ColumnObject.cpp b/src/Columns/ColumnObject.cpp index 965d2c8d21b3..d5d6d8876817 100644 --- a/src/Columns/ColumnObject.cpp +++ b/src/Columns/ColumnObject.cpp @@ -1149,7 +1149,7 @@ ColumnPtr ColumnObject::filter(const Filter & filt, ssize_t result_size_hint) co filtered_dynamic_paths[path] = column->filter(filt, result_size_hint); auto filtered_shared_data = shared_data->filter(filt, result_size_hint); - return ColumnObject::create(filtered_typed_paths, filtered_dynamic_paths, filtered_shared_data, max_dynamic_paths, global_max_dynamic_paths, max_dynamic_types); + return ColumnObject::create(filtered_typed_paths, filtered_dynamic_paths, filtered_shared_data, max_dynamic_paths, global_max_dynamic_paths, max_dynamic_types, statistics); } void ColumnObject::expand(const Filter & mask, bool inverted) @@ -1190,7 +1190,7 @@ ColumnPtr ColumnObject::index(const IColumn & indexes, size_t limit) const indexed_dynamic_paths[path] = column->index(indexes, limit); auto indexed_shared_data = shared_data->index(indexes, limit); - return ColumnObject::create(indexed_typed_paths, indexed_dynamic_paths, indexed_shared_data, max_dynamic_paths, global_max_dynamic_paths, max_dynamic_types); + return ColumnObject::create(indexed_typed_paths, indexed_dynamic_paths, indexed_shared_data, max_dynamic_paths, global_max_dynamic_paths, max_dynamic_types, statistics); } ColumnPtr ColumnObject::replicate(const Offsets & replicate_offsets) const @@ -1206,7 +1206,7 @@ ColumnPtr ColumnObject::replicate(const Offsets & replicate_offsets) const replicated_dynamic_paths[path] = column->replicate(replicate_offsets); auto replicated_shared_data = shared_data->replicate(replicate_offsets); - return ColumnObject::create(replicated_typed_paths, replicated_dynamic_paths, replicated_shared_data, max_dynamic_paths, global_max_dynamic_paths, max_dynamic_types); + return ColumnObject::create(replicated_typed_paths, replicated_dynamic_paths, replicated_shared_data, max_dynamic_paths, global_max_dynamic_paths, max_dynamic_types, statistics); } MutableColumns ColumnObject::scatter(ColumnIndex num_columns, const Selector & selector) const @@ -1237,7 +1237,7 @@ MutableColumns ColumnObject::scatter(ColumnIndex num_columns, const Selector & s MutableColumns result_columns; result_columns.reserve(num_columns); for (size_t i = 0; i != num_columns; ++i) - result_columns.emplace_back(ColumnObject::create(std::move(scattered_typed_paths[i]), std::move(scattered_dynamic_paths[i]), std::move(scattered_shared_data_columns[i]), max_dynamic_paths, global_max_dynamic_paths, max_dynamic_types)); + result_columns.emplace_back(ColumnObject::create(std::move(scattered_typed_paths[i]), std::move(scattered_dynamic_paths[i]), std::move(scattered_shared_data_columns[i]), max_dynamic_paths, global_max_dynamic_paths, max_dynamic_types, statistics)); return result_columns; } diff --git a/tests/queries/0_stateless/04054_json_nested_shared_data_buckets_missing_stream_bug.reference b/tests/queries/0_stateless/04054_json_nested_shared_data_buckets_missing_stream_bug.reference new file mode 100644 index 000000000000..2fdc1deb963d --- /dev/null +++ b/tests/queries/0_stateless/04054_json_nested_shared_data_buckets_missing_stream_bug.reference @@ -0,0 +1,3 @@ +1 {"images":[{"url":"c","width":300}]} +2 {"images":[{"url":"d","width":400}]} +3 {"images":[{"url":"a","width":100}]} diff --git a/tests/queries/0_stateless/04054_json_nested_shared_data_buckets_missing_stream_bug.sql b/tests/queries/0_stateless/04054_json_nested_shared_data_buckets_missing_stream_bug.sql new file mode 100644 index 000000000000..9373a9fbaa57 --- /dev/null +++ b/tests/queries/0_stateless/04054_json_nested_shared_data_buckets_missing_stream_bug.sql @@ -0,0 +1,42 @@ +-- Tags: long + +SET allow_experimental_json_type = 1; + +-- Regression test for a bug where ColumnObject::index (and filter/replicate/scatter) +-- did not propagate statistics, causing a mismatch between the number of shared data +-- buckets chosen during stream creation vs serialization state creation for nested JSON +-- columns inside Array(JSON). This resulted in: +-- "Stream ... object_shared_data.1.size1 not found" (LOGICAL_ERROR) +-- +-- The bug requires: Wide parts, nested JSON with empty shared data, a non-trivial +-- permutation applied during INSERT, and optimize_on_insert=0 to prevent mergeBlock +-- from pre-sorting the block and nullifying the permutation. + +DROP TABLE IF EXISTS src; +DROP TABLE IF EXISTS dst; + +CREATE TABLE src (id UInt64, data JSON(max_dynamic_paths=256)) +ENGINE = MergeTree ORDER BY tuple() +SETTINGS min_bytes_for_wide_part=0; + +INSERT INTO src VALUES + (3, '{"images": [{"url": "a", "width": 100}]}'), + (2, '{"images": [{"url": "d", "width": 400}]}'), + (1, '{"images": [{"url": "c", "width": 300}]}'); + +CREATE TABLE dst (id UInt64, data JSON(max_dynamic_paths=256)) +ENGINE = MergeTree ORDER BY id +SETTINGS min_bytes_for_wide_part=0; + +-- Data arrives at the MergeTree sink with statistics intact from reading the source part. +-- The sink applies a permutation to sort by id. With optimize_on_insert=0, the raw +-- permutation is passed to the writer. The inner JSON (inside Array) goes through +-- ColumnArray::permute -> ColumnArray::indexImpl -> ColumnObject::index. +-- Before the fix, ColumnObject::index dropped statistics, causing a bucket count mismatch. +INSERT INTO dst SELECT * FROM src +SETTINGS max_insert_threads=1, optimize_on_insert=0; + +SELECT id, data FROM dst ORDER BY id; + +DROP TABLE src; +DROP TABLE dst; From ae86bf2726c606289f5e1eeeba8575b053656631 Mon Sep 17 00:00:00 2001 From: Pavel Kruglov <48961922+Avogar@users.noreply.github.com> Date: Tue, 24 Mar 2026 21:46:37 +0100 Subject: [PATCH 091/141] Update 04042_hash_join_allocated_size_tracking.sql --- .../0_stateless/04042_hash_join_allocated_size_tracking.sql | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/queries/0_stateless/04042_hash_join_allocated_size_tracking.sql b/tests/queries/0_stateless/04042_hash_join_allocated_size_tracking.sql index 1a1393193d88..54a787aa2ec3 100644 --- a/tests/queries/0_stateless/04042_hash_join_allocated_size_tracking.sql +++ b/tests/queries/0_stateless/04042_hash_join_allocated_size_tracking.sql @@ -1,4 +1,5 @@ SET enable_analyzer = 1; +SET use_variant_as_common_type = 1; CREATE TABLE test__fuzz_1 (`id` Nullable(UInt64), `d` Dynamic(max_types = 133)) ENGINE = Memory; From 29edc33173a63e3fdb4886c160d3084876538c5c Mon Sep 17 00:00:00 2001 From: Pavel Kruglov <48961922+Avogar@users.noreply.github.com> Date: Tue, 24 Mar 2026 21:46:52 +0100 Subject: [PATCH 092/141] Update 04051_variant_filter_shared_columns_bug.sql --- .../0_stateless/04051_variant_filter_shared_columns_bug.sql | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/queries/0_stateless/04051_variant_filter_shared_columns_bug.sql b/tests/queries/0_stateless/04051_variant_filter_shared_columns_bug.sql index d81c6488f713..9afcef92c472 100644 --- a/tests/queries/0_stateless/04051_variant_filter_shared_columns_bug.sql +++ b/tests/queries/0_stateless/04051_variant_filter_shared_columns_bug.sql @@ -7,6 +7,7 @@ SET cross_join_min_rows_to_compress = 1; SET enable_analyzer = 1; +SET use_variant_as_common_type = 1; DROP TABLE IF EXISTS test_variant_filter; CREATE TABLE test_variant_filter (`id` UInt64, `d` Dynamic) ENGINE = Memory; From 6b04d02fddb74baf91f149886202c8f7c0ee73c9 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Fri, 27 Mar 2026 11:28:30 +0000 Subject: [PATCH 093/141] Backport #100483 to 25.8: Validate file paths in backup metadata to reject path traversal --- src/Backups/BackupImpl.cpp | 45 ++++++++ ...kup_restore_validate_entry_paths.reference | 2 + ...054_backup_restore_validate_entry_paths.sh | 100 ++++++++++++++++++ 3 files changed, 147 insertions(+) create mode 100644 tests/queries/0_stateless/04054_backup_restore_validate_entry_paths.reference create mode 100755 tests/queries/0_stateless/04054_backup_restore_validate_entry_paths.sh diff --git a/src/Backups/BackupImpl.cpp b/src/Backups/BackupImpl.cpp index 8009f0038843..bed961f7c10f 100644 --- a/src/Backups/BackupImpl.cpp +++ b/src/Backups/BackupImpl.cpp @@ -26,6 +26,8 @@ #include #include +#include + namespace ProfileEvents { @@ -54,8 +56,11 @@ namespace ErrorCodes extern const int CANNOT_RESTORE_TO_NONENCRYPTED_DISK; extern const int FAILED_TO_SYNC_BACKUP_OR_RESTORE; extern const int LOGICAL_ERROR; + extern const int INSECURE_PATH; } +namespace fs = std::filesystem; + namespace { const int INITIAL_BACKUP_VERSION = 1; @@ -89,6 +94,43 @@ namespace return path.substr(1); return path; } + + /// Validate that a file name from a backup does not contain path traversal sequences. + /// This prevents a corrupted or tampered backup from accessing files outside the intended directories during restore. + void validateFileNameFromBackup(const String & file_name, const String & field_name, const String & backup_name_for_logging) + { + fs::path path(file_name); + + /// Reject absolute or rooted paths. + if (path.is_absolute() || path.has_root_name() || path.has_root_directory()) + throw Exception( + ErrorCodes::INSECURE_PATH, + "Backup {}: <{}> {} is an absolute path, which is not allowed", + backup_name_for_logging, + field_name, + quoteString(file_name)); + + /// Normalize the path and check that it does not escape the backup root. + auto normalized = path.lexically_normal(); + + /// Reject empty or degenerate paths. + if (normalized.empty() || normalized == fs::path(".")) + throw Exception( + ErrorCodes::BACKUP_DAMAGED, + "Backup {}: <{}> {} is empty or invalid", + backup_name_for_logging, + field_name, + quoteString(file_name)); + + /// After normalization, a path that escapes the root starts with "..". + if (*normalized.begin() == "..") + throw Exception( + ErrorCodes::INSECURE_PATH, + "Backup {}: <{}> {} resolves to a path outside the backup, which is not allowed", + backup_name_for_logging, + field_name, + quoteString(file_name)); + } } @@ -501,6 +543,7 @@ void BackupImpl::readBackupMetadata() const Poco::XML::Node * file_config = child; BackupFileInfo info; info.file_name = getString(file_config, "name"); + validateFileNameFromBackup(info.file_name, "name", backup_name_for_logging); info.object_key = getString(file_config, "object_key", ""); info.size = getUInt64(file_config, "size"); if (info.size) @@ -532,6 +575,8 @@ void BackupImpl::readBackupMetadata() if (info.size > info.base_size) { info.data_file_name = getString(file_config, "data_file", info.file_name); + if (info.data_file_name != info.file_name) + validateFileNameFromBackup(info.data_file_name, "data_file", backup_name_for_logging); } info.encrypted_by_disk = getBool(file_config, "encrypted_by_disk", false); } diff --git a/tests/queries/0_stateless/04054_backup_restore_validate_entry_paths.reference b/tests/queries/0_stateless/04054_backup_restore_validate_entry_paths.reference new file mode 100644 index 000000000000..9e647571eac7 --- /dev/null +++ b/tests/queries/0_stateless/04054_backup_restore_validate_entry_paths.reference @@ -0,0 +1,2 @@ +OK: path traversal was blocked +1 hello diff --git a/tests/queries/0_stateless/04054_backup_restore_validate_entry_paths.sh b/tests/queries/0_stateless/04054_backup_restore_validate_entry_paths.sh new file mode 100755 index 000000000000..b1aa605bc9f3 --- /dev/null +++ b/tests/queries/0_stateless/04054_backup_restore_validate_entry_paths.sh @@ -0,0 +1,100 @@ +#!/usr/bin/env bash +# Test that RESTORE rejects backup entries with path traversal sequences (../) + +CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +# shellcheck source=../shell_config.sh +. "$CURDIR"/../shell_config.sh + +${CLICKHOUSE_CLIENT} --query "DROP TABLE IF EXISTS tbl_backup_traversal" +${CLICKHOUSE_CLIENT} --query "CREATE TABLE tbl_backup_traversal (id UInt64, data String) ENGINE = MergeTree ORDER BY id" +${CLICKHOUSE_CLIENT} --query "INSERT INTO tbl_backup_traversal VALUES (1, 'hello')" + +backups_disk_root=$(${CLICKHOUSE_CLIENT} --query "SELECT path FROM system.disks WHERE name='backups'" 2>/dev/null) + +if [ -z "${backups_disk_root}" ]; then + echo "backups disk is not configured, skipping test" + exit 0 +fi + +extra_content="EXTRA_FILE_CONTENT_HERE" +extra_size=${#extra_content} +extra_checksum=$(echo -n "${extra_content}" | md5sum | awk '{print $1}') +extra_data_path="data/default/tbl_backup_traversal/extra_payload.bin" + +# Creates a backup, injects an extra file entry into its .backup metadata, and +# attempts to restore. Expects the specified error. +# $1 - backup suffix +# $2 - injected value +# $3 - expected error code (e.g. INSECURE_PATH, BACKUP_DAMAGED) +# $4 - (optional) injected value; defaults to extra_data_path +inject_and_restore() { + local suffix="$1" + local injected_name="$2" + local expected_error="$3" + local injected_data_file="${4:-${extra_data_path}}" + local bname="${CLICKHOUSE_TEST_UNIQUE_NAME}_${suffix}" + + ${CLICKHOUSE_CLIENT} --query "BACKUP TABLE tbl_backup_traversal TO Disk('backups', '${bname}')" > /dev/null 2>&1 + + local bpath="${backups_disk_root}/${bname}" + mkdir -p "${bpath}/$(dirname "${extra_data_path}")" + echo -n "${extra_content}" > "${bpath}/${extra_data_path}" + + sed -i "s||${injected_name}${extra_size}${extra_checksum}${injected_data_file}|" "${bpath}/.backup" + + ${CLICKHOUSE_CLIENT} --query "DROP TABLE IF EXISTS tbl_backup_traversal" + ${CLICKHOUSE_CLIENT} -m -q "RESTORE TABLE tbl_backup_traversal FROM Disk('backups', '${bname}'); -- { serverError ${expected_error} }" +} + +# Helper to recreate the table between tests. +recreate_table() { + ${CLICKHOUSE_CLIENT} --query "CREATE TABLE IF NOT EXISTS tbl_backup_traversal (id UInt64, data String) ENGINE = MergeTree ORDER BY id" + ${CLICKHOUSE_CLIENT} --query "INSERT INTO tbl_backup_traversal VALUES (1, 'hello')" +} + +# Test 1: relative path traversal in . +inject_and_restore "rel" "data/default/tbl_backup_traversal/all_0_0_0/../../../../../../../tmp/backup_traversal_test_output.txt" INSECURE_PATH + +# Verify the file was NOT written outside the backup directory. +if [ -f "/tmp/backup_traversal_test_output.txt" ]; then + echo "FAIL: file written to /tmp/" + rm -f "/tmp/backup_traversal_test_output.txt" +else + echo "OK: path traversal was blocked" +fi + +# Test 2: absolute path in . +recreate_table +inject_and_restore "abs" "/tmp/backup_absolute_path_test_output.xml" INSECURE_PATH + +# Test 3: path traversal in (source path for reading from the backup). +recreate_table +inject_and_restore "datafile" "data/default/tbl_backup_traversal/extra_payload.bin" INSECURE_PATH "data/default/tbl_backup_traversal/all_0_0_0/../../../../../../../etc/passwd" + +# Test 4: empty should be rejected as damaged. +recreate_table +inject_and_restore "empty" "" BACKUP_DAMAGED + +# Test 5: "." as should be rejected as damaged. +recreate_table +inject_and_restore "dot" "." BACKUP_DAMAGED + +# Test 6: bare ".." as . +recreate_table +inject_and_restore "dotdot" ".." INSECURE_PATH + +# Test 7: absolute path in . +recreate_table +inject_and_restore "abs_datafile" "data/default/tbl_backup_traversal/extra_payload.bin" INSECURE_PATH "/etc/passwd" + +# Test 8: normal backup/restore still works after the validation was added. +recreate_table +normal_backup="${CLICKHOUSE_TEST_UNIQUE_NAME}_normal" +${CLICKHOUSE_CLIENT} --query "BACKUP TABLE tbl_backup_traversal TO Disk('backups', '${normal_backup}')" > /dev/null 2>&1 +${CLICKHOUSE_CLIENT} --query "DROP TABLE tbl_backup_traversal" +${CLICKHOUSE_CLIENT} --query "RESTORE TABLE tbl_backup_traversal FROM Disk('backups', '${normal_backup}')" > /dev/null 2>&1 +${CLICKHOUSE_CLIENT} --query "SELECT * FROM tbl_backup_traversal" + +# Clean up. +${CLICKHOUSE_CLIENT} --query "DROP TABLE IF EXISTS tbl_backup_traversal" +rm -rf "${backups_disk_root:?}/${CLICKHOUSE_TEST_UNIQUE_NAME}"_* 2>/dev/null || true From 6a0e0b129b771b7f80dfa589f59bbb9813212066 Mon Sep 17 00:00:00 2001 From: Dmitry Novik Date: Fri, 27 Mar 2026 12:38:44 +0100 Subject: [PATCH 094/141] Fix test --- .../0_stateless/04039_prune_array_join_columns.reference | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/queries/0_stateless/04039_prune_array_join_columns.reference b/tests/queries/0_stateless/04039_prune_array_join_columns.reference index 66b8a189b808..692d5c24e54a 100644 --- a/tests/queries/0_stateless/04039_prune_array_join_columns.reference +++ b/tests/queries/0_stateless/04039_prune_array_join_columns.reference @@ -26,7 +26,7 @@ QUERY id: 0 ORDER BY LIST id: 14, nodes: 1 SORT id: 15, sort_direction: ASCENDING, with_fill: 0 - EXPRESSION n.a + EXPRESSION FUNCTION id: 16, function_name: tupleElement, function_type: ordinary, result_type: Int64 ARGUMENTS LIST id: 17, nodes: 2 @@ -79,7 +79,7 @@ QUERY id: 0 ORDER BY LIST id: 19, nodes: 1 SORT id: 20, sort_direction: ASCENDING, with_fill: 0 - EXPRESSION n.a + EXPRESSION FUNCTION id: 21, function_name: tupleElement, function_type: ordinary, result_type: Int64 ARGUMENTS LIST id: 22, nodes: 2 @@ -127,7 +127,7 @@ QUERY id: 0 ORDER BY LIST id: 13, nodes: 1 SORT id: 14, sort_direction: ASCENDING, with_fill: 0 - EXPRESSION n.a + EXPRESSION FUNCTION id: 15, function_name: tupleElement, function_type: ordinary, result_type: Int64 ARGUMENTS LIST id: 16, nodes: 2 @@ -226,7 +226,7 @@ QUERY id: 0 ORDER BY LIST id: 8, nodes: 1 SORT id: 9, sort_direction: ASCENDING, with_fill: 0 - EXPRESSION b + EXPRESSION COLUMN id: 10, column_name: __array_join_exp_2, result_type: Int64, source_id: 3 Expression (Project names) Header: b Int64 From 36f7e2fb9bf63d72930d257e5db18bad919208e2 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Fri, 27 Mar 2026 17:29:04 +0000 Subject: [PATCH 095/141] Backport #100760 to 25.8: Fix crash in has() with LowCardinality tuple key in KeyCondition --- src/Storages/MergeTree/KeyCondition.cpp | 6 ++- ...s_lowcardinality_tuple_key_crash.reference | 3 ++ ...059_has_lowcardinality_tuple_key_crash.sql | 38 +++++++++++++++++++ 3 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 tests/queries/0_stateless/04059_has_lowcardinality_tuple_key_crash.reference create mode 100644 tests/queries/0_stateless/04059_has_lowcardinality_tuple_key_crash.sql diff --git a/src/Storages/MergeTree/KeyCondition.cpp b/src/Storages/MergeTree/KeyCondition.cpp index a1282c4b2ab7..a18b62bb5250 100644 --- a/src/Storages/MergeTree/KeyCondition.cpp +++ b/src/Storages/MergeTree/KeyCondition.cpp @@ -1432,7 +1432,11 @@ bool KeyCondition::tryPrepareSetIndex( for (size_t indexes_mapping_index = 0; indexes_mapping_index < indexes_mapping_size; ++indexes_mapping_index) { - const auto & key_column_type = data_types[indexes_mapping_index]; + /// Recursively strip LowCardinality from the key column type (including inside Tuples). + /// When castColumnAccurateOrNull targets a LowCardinality type and the source value + /// is out-of-range (e.g. Int64 → LowCardinality(UInt32)), accurateOrNull produces nulls + /// that get inserted into the non-nullable ColumnUnique dictionary, crashing the server. + auto key_column_type = recursiveRemoveLowCardinality(data_types[indexes_mapping_index]); size_t set_element_index = indexes_mapping[indexes_mapping_index].tuple_index; auto set_element_type = set_types[set_element_index]; ColumnPtr set_column = set_columns[set_element_index]; diff --git a/tests/queries/0_stateless/04059_has_lowcardinality_tuple_key_crash.reference b/tests/queries/0_stateless/04059_has_lowcardinality_tuple_key_crash.reference new file mode 100644 index 000000000000..bb5ee5c21ebe --- /dev/null +++ b/tests/queries/0_stateless/04059_has_lowcardinality_tuple_key_crash.reference @@ -0,0 +1,3 @@ +0 +0 +1 diff --git a/tests/queries/0_stateless/04059_has_lowcardinality_tuple_key_crash.sql b/tests/queries/0_stateless/04059_has_lowcardinality_tuple_key_crash.sql new file mode 100644 index 000000000000..353014c43496 --- /dev/null +++ b/tests/queries/0_stateless/04059_has_lowcardinality_tuple_key_crash.sql @@ -0,0 +1,38 @@ +-- Regression test for crash: "ColumnUnique can't contain null values" +-- when has() is used with PREWHERE on a Tuple key containing LowCardinality elements. +-- The crash occurred because tryPrepareSetColumnsForIndex passed the LowCardinality-wrapped +-- key type to castColumnAccurateOrNull, which produced null values for out-of-range casts +-- that were then inserted into a non-nullable LowCardinality dictionary. + +SET allow_suspicious_low_cardinality_types = 1; + +DROP TABLE IF EXISTS test_has_lc_tuple_crash; + +CREATE TABLE test_has_lc_tuple_crash +( + id UInt64, + key_tuple Tuple(LowCardinality(UInt32), UInt32), + payload UInt64 +) +ENGINE = MergeTree +ORDER BY key_tuple +SETTINGS index_granularity = 1000, allow_nullable_key = 1; + +INSERT INTO test_has_lc_tuple_crash SELECT number, (number, number % 10), number FROM numbers(1000); + +-- This query should not crash. The Int64 values (-2147483649, 9223372036854775806) +-- cannot be safely cast to (LowCardinality(UInt32), UInt32), so accurateOrNull produces nulls. +-- Previously, these nulls were inserted into the non-nullable LowCardinality dictionary, causing a crash. +SELECT count() FROM test_has_lc_tuple_crash + PREWHERE has((SELECT DISTINCT [(-2147483649, 9223372036854775806)]), key_tuple) + WHERE has((SELECT DISTINCT [(1, 10)]), key_tuple); + +-- Simpler variant: just PREWHERE with out-of-range values +SELECT count() FROM test_has_lc_tuple_crash + PREWHERE has([(-1, 0)], key_tuple); + +-- Verify correct results still work: (10, 0) matches row where number=10 (key_tuple=(10, 10%10)=(10,0)) +SELECT count() FROM test_has_lc_tuple_crash + WHERE has([(10, 0)], key_tuple); + +DROP TABLE test_has_lc_tuple_crash; From e325d37a1614496c017b949aed01d5e024f8fbf8 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Sat, 28 Mar 2026 11:57:08 +0000 Subject: [PATCH 096/141] Update autogenerated version to 25.8.21.7 and contributors --- cmake/autogenerated_versions.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cmake/autogenerated_versions.txt b/cmake/autogenerated_versions.txt index e6f22cb9f2dc..f114a1e87bcf 100644 --- a/cmake/autogenerated_versions.txt +++ b/cmake/autogenerated_versions.txt @@ -2,11 +2,11 @@ # NOTE: VERSION_REVISION has nothing common with DBMS_TCP_PROTOCOL_VERSION, # only DBMS_TCP_PROTOCOL_VERSION should be incremented on protocol changes. -SET(VERSION_REVISION 54521) +SET(VERSION_REVISION 54522) SET(VERSION_MAJOR 25) SET(VERSION_MINOR 8) -SET(VERSION_PATCH 21) -SET(VERSION_GITHASH 2e1cd6354ae8898072e5dbf97aa6e5945761e3d7) -SET(VERSION_DESCRIBE v25.8.21.1-lts) -SET(VERSION_STRING 25.8.21.1) +SET(VERSION_PATCH 22) +SET(VERSION_GITHASH 099badce0f7744623716d4efa2971d3e1c63d1cf) +SET(VERSION_DESCRIBE v25.8.22.1-lts) +SET(VERSION_STRING 25.8.22.1) # end of autochange From 95eb73c5f80a4d894fa373ece53ecb13fa6f3d5c Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Sun, 29 Mar 2026 16:20:08 +0000 Subject: [PATCH 097/141] Backport #100843 to 25.8: Sanitize input in `ULIDStringToDateTime` --- src/Functions/ULIDStringToDateTime.cpp | 12 ++++++++++++ .../0_stateless/04057_ulid_non_ascii_input.reference | 1 + .../0_stateless/04057_ulid_non_ascii_input.sql | 9 +++++++++ 3 files changed, 22 insertions(+) create mode 100644 tests/queries/0_stateless/04057_ulid_non_ascii_input.reference create mode 100644 tests/queries/0_stateless/04057_ulid_non_ascii_input.sql diff --git a/src/Functions/ULIDStringToDateTime.cpp b/src/Functions/ULIDStringToDateTime.cpp index 3c6797c9297c..53d1ae06ebdc 100644 --- a/src/Functions/ULIDStringToDateTime.cpp +++ b/src/Functions/ULIDStringToDateTime.cpp @@ -147,6 +147,18 @@ class FunctionULIDStringToDateTime : public IFunction static DateTime64 decode(const UInt8 * data) { + /// Validate that all bytes are ASCII before passing to ulid_decode, + /// which uses char values as array indices. Signed chars with values + /// >= 128 would produce negative indices and out-of-bounds reads. + for (size_t i = 0; i < ULID_LENGTH; ++i) + { + if (data[i] >= 128) + throw Exception( + ErrorCodes::BAD_ARGUMENTS, + "Cannot parse ULID: non-ASCII character at position {}", + i); + } + unsigned char buffer[16]; int ret = ulid_decode(buffer, reinterpret_cast(data)); if (ret != 0) diff --git a/tests/queries/0_stateless/04057_ulid_non_ascii_input.reference b/tests/queries/0_stateless/04057_ulid_non_ascii_input.reference new file mode 100644 index 000000000000..6358d6525e96 --- /dev/null +++ b/tests/queries/0_stateless/04057_ulid_non_ascii_input.reference @@ -0,0 +1 @@ +2023-03-28 01:16:44.000 diff --git a/tests/queries/0_stateless/04057_ulid_non_ascii_input.sql b/tests/queries/0_stateless/04057_ulid_non_ascii_input.sql new file mode 100644 index 000000000000..fe46f82e03e9 --- /dev/null +++ b/tests/queries/0_stateless/04057_ulid_non_ascii_input.sql @@ -0,0 +1,9 @@ +-- Tags: no-fasttest +-- Test that ULIDStringToDateTime properly rejects non-ASCII input without buffer overflow + +SELECT ULIDStringToDateTime(unhex(repeat('ff', 26))); -- { serverError BAD_ARGUMENTS } +SELECT ULIDStringToDateTime(unhex(repeat('80', 26))); -- { serverError BAD_ARGUMENTS } +SELECT ULIDStringToDateTime(unhex(repeat('fe', 26))); -- { serverError BAD_ARGUMENTS } + +-- Valid ULID should still work +SELECT ULIDStringToDateTime('01GWJWKW30MFPQJRYEAF4XFZ9E', 'UTC'); From 1727aa0a3b85af443fe04b541d7b1aefa1c50205 Mon Sep 17 00:00:00 2001 From: Alexey Milovidov Date: Sun, 29 Mar 2026 20:22:08 +0200 Subject: [PATCH 098/141] Update 03903_query_condition_cache_cte_constant_folding.sql --- .../03903_query_condition_cache_cte_constant_folding.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/queries/0_stateless/03903_query_condition_cache_cte_constant_folding.sql b/tests/queries/0_stateless/03903_query_condition_cache_cte_constant_folding.sql index 821cffd16b4d..23e016f1c775 100644 --- a/tests/queries/0_stateless/03903_query_condition_cache_cte_constant_folding.sql +++ b/tests/queries/0_stateless/03903_query_condition_cache_cte_constant_folding.sql @@ -13,7 +13,7 @@ CREATE TABLE test_qcc_cte (activity_year Int16) ENGINE = MergeTree ORDER BY acti -- Need enough rows to have multiple granules so the cache can incorrectly exclude some. INSERT INTO test_qcc_cte SELECT number % 10 + 2018 FROM numbers(100000); -SYSTEM CLEAR QUERY CONDITION CACHE; +SYSTEM DROP QUERY CONDITION CACHE; -- First query: addMonths('2022-12-01', 0) -> year = 2022, filter: year IN (2021, 2022) WITH block_0 AS ( From c97ec785cb3321dd8b90f6c054a1b0852bc0eb30 Mon Sep 17 00:00:00 2001 From: Rahul <254529899+motsc@users.noreply.github.com> Date: Tue, 31 Mar 2026 14:52:22 +0000 Subject: [PATCH 099/141] feat: add distroless Docker image variant for server and keeper Backport of #98664 to the 25.8 release branch. Cherry-picked from 437f9c515ac4e1d9be499061d0017e92ea955bcc. --- ci/jobs/scripts/docker_server/config.sh | 16 + .../clickhouse-distroless-initdb/initdb.sql | 3 + .../tests/clickhouse-distroless-initdb/run.sh | 46 + .../clickhouse-distroless-no-shell/run.sh | 17 + docker/keeper/Dockerfile.distroless | 179 +++ docker/server/Dockerfile.distroless | 199 +++ programs/CMakeLists.txt | 2 + programs/docker-init/CMakeLists.txt | 8 + programs/docker-init/docker-init.cpp | 1075 +++++++++++++++++ programs/main.cpp | 2 + tests/ci/docker_server.py | 41 +- 11 files changed, 1583 insertions(+), 5 deletions(-) create mode 100644 ci/jobs/scripts/docker_server/config.sh create mode 100644 ci/jobs/scripts/docker_server/tests/clickhouse-distroless-initdb/initdb.sql create mode 100755 ci/jobs/scripts/docker_server/tests/clickhouse-distroless-initdb/run.sh create mode 100755 ci/jobs/scripts/docker_server/tests/clickhouse-distroless-no-shell/run.sh create mode 100644 docker/keeper/Dockerfile.distroless create mode 100644 docker/server/Dockerfile.distroless create mode 100644 programs/docker-init/CMakeLists.txt create mode 100644 programs/docker-init/docker-init.cpp diff --git a/ci/jobs/scripts/docker_server/config.sh b/ci/jobs/scripts/docker_server/config.sh new file mode 100644 index 000000000000..84882b1745df --- /dev/null +++ b/ci/jobs/scripts/docker_server/config.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash + +# Get current file directory +currentDir="$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")" + +# iterate over all directories in current path +clickhouseTests=$( find "$currentDir"/tests/ -maxdepth 1 -name 'clickhouse-*' -not -name 'clickhouse-distroless-*' -type d -exec basename {} \; ) +clickhouseDistrolessTests=$( find "$currentDir"/tests/ -maxdepth 1 -name 'clickhouse-distroless-*' -type d -exec basename {} \; ) +keeperTests=$( find "$currentDir"/tests/ -maxdepth 1 -name 'keeper-*' -type d -exec basename {} \; ) + +imageTests+=( + ['clickhouse/clickhouse-server']="${clickhouseTests}" + ['clickhouse/clickhouse-server:distroless']="${clickhouseTests} ${clickhouseDistrolessTests}" + ['clickhouse/clickhouse-keeper']="${keeperTests}" + ['clickhouse/clickhouse-keeper:distroless']="${keeperTests}" +) diff --git a/ci/jobs/scripts/docker_server/tests/clickhouse-distroless-initdb/initdb.sql b/ci/jobs/scripts/docker_server/tests/clickhouse-distroless-initdb/initdb.sql new file mode 100644 index 000000000000..16304daf2aa6 --- /dev/null +++ b/ci/jobs/scripts/docker_server/tests/clickhouse-distroless-initdb/initdb.sql @@ -0,0 +1,3 @@ +CREATE DATABASE IF NOT EXISTS test_db; +CREATE TABLE IF NOT EXISTS test_db.test_table (id UInt32, value UInt32) ENGINE = MergeTree ORDER BY id; +INSERT INTO test_db.test_table VALUES (1, 100), (2, 200); diff --git a/ci/jobs/scripts/docker_server/tests/clickhouse-distroless-initdb/run.sh b/ci/jobs/scripts/docker_server/tests/clickhouse-distroless-initdb/run.sh new file mode 100755 index 000000000000..597818de6c21 --- /dev/null +++ b/ci/jobs/scripts/docker_server/tests/clickhouse-distroless-initdb/run.sh @@ -0,0 +1,46 @@ +#!/bin/bash +# Verify that clickhouse docker-init executes SQL initdb scripts correctly. +# The distroless image has no shell so initdb scripts must be handled +# by the compiled docker-init entrypoint, not by entrypoint.sh. +set -eo pipefail + +dir="$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")" +source "$dir/../lib.sh" + +image="$1" + +export CLICKHOUSE_USER='init_test_user' +export CLICKHOUSE_PASSWORD='init_test_password' + +cid="$( + docker run -d \ + -e CLICKHOUSE_USER \ + -e CLICKHOUSE_PASSWORD \ + -v "$dir/initdb.sql":/docker-entrypoint-initdb.d/initdb.sql:ro \ + --name "$(cname)" \ + "$image" +)" +trap 'docker rm -vf $cid > /dev/null' EXIT + +chCli() { + docker run --rm -i \ + --link "$cid":clickhouse \ + -e CLICKHOUSE_USER \ + -e CLICKHOUSE_PASSWORD \ + "$image" \ + clickhouse-client \ + --host clickhouse \ + --user "$CLICKHOUSE_USER" \ + --password "$CLICKHOUSE_PASSWORD" \ + --query "$*" +} + +# shellcheck source=../../../../../tmp/docker-library/official-images/test/retry.sh +. "$TESTS_LIB_DIR/retry.sh" \ + --tries "$CLICKHOUSE_TEST_TRIES" \ + --sleep "$CLICKHOUSE_TEST_SLEEP" \ + chCli SELECT 1 + +# Verify the initdb script ran and created the table with the expected data +chCli SHOW TABLES IN test_db | grep '^test_table$' >/dev/null +[ "$(chCli 'SELECT SUM(value) FROM test_db.test_table')" = 300 ] diff --git a/ci/jobs/scripts/docker_server/tests/clickhouse-distroless-no-shell/run.sh b/ci/jobs/scripts/docker_server/tests/clickhouse-distroless-no-shell/run.sh new file mode 100755 index 000000000000..c5319f120446 --- /dev/null +++ b/ci/jobs/scripts/docker_server/tests/clickhouse-distroless-no-shell/run.sh @@ -0,0 +1,17 @@ +#!/bin/bash +# Verify the distroless production image contains no shell. +# This is the key property of a distroless image: /bin/sh, /bin/bash, +# and other shells must be absent to reduce the attack surface. +set -eo pipefail + +image="$1" + +if docker run --rm --entrypoint /bin/sh "$image" -c "echo bad" 2>/dev/null; then + echo "FAIL: /bin/sh should not exist in the distroless image" >&2 + exit 1 +fi + +if docker run --rm --entrypoint /bin/bash "$image" -c "echo bad" 2>/dev/null; then + echo "FAIL: /bin/bash should not exist in the distroless image" >&2 + exit 1 +fi diff --git a/docker/keeper/Dockerfile.distroless b/docker/keeper/Dockerfile.distroless new file mode 100644 index 000000000000..37491d02f883 --- /dev/null +++ b/docker/keeper/Dockerfile.distroless @@ -0,0 +1,179 @@ +# Distroless ClickHouse Keeper image. +# Contains no shell, no package manager, no coreutils. +# The entrypoint is the compiled `clickhouse docker-init --keeper` subcommand. +# +# Build targets: +# production — gcr.io/distroless/cc-debian12:nonroot (default) +# debug — gcr.io/distroless/cc-debian12:debug-nonroot (includes busybox shell) +# +# Usage: +# docker build -f Dockerfile.distroless --target production -t clickhouse/clickhouse-keeper:distroless . +# docker build -f Dockerfile.distroless --target debug -t clickhouse/clickhouse-keeper:distroless-debug . + +# ────────────────────────────────────────────────────────────────────────────── +# Stage 1: Install ClickHouse and assemble the output directory tree. +# ────────────────────────────────────────────────────────────────────────────── +FROM ubuntu:22.04 AS ch-builder + +ARG DEBIAN_FRONTEND=noninteractive +ARG apt_archive="http://archive.ubuntu.com" + +# user/group precreated explicitly with fixed uid/gid on purpose. +# The same uid/gid (101) is used both for alpine and ubuntu. +RUN sed -i "s|http://archive.ubuntu.com|${apt_archive}|g" /etc/apt/sources.list \ + && groupadd -r clickhouse --gid=101 \ + && useradd -r -g clickhouse --uid=101 --home-dir=/var/lib/clickhouse --shell=/bin/bash clickhouse \ + && apt-get update \ + && apt-get install --yes --no-install-recommends \ + ca-certificates \ + wget \ + && rm -rf /var/lib/apt/lists/* /var/cache/debconf /tmp/* + +ARG REPO_CHANNEL="stable" +ARG REPOSITORY="deb [signed-by=/usr/share/keyrings/clickhouse-keyring.gpg] https://packages.clickhouse.com/deb ${REPO_CHANNEL} main" +ARG VERSION="26.1.2.11" +ARG PACKAGES="clickhouse-common-static clickhouse-keeper" + +ARG deb_location_url="" +ARG DIRECT_DOWNLOAD_URLS="" +ARG single_binary_location_url="" +ARG TARGETARCH + +# Install from direct URLs (deb packages provided by CI). +RUN if [ -n "${DIRECT_DOWNLOAD_URLS}" ]; then \ + rm -rf /tmp/clickhouse_debs \ + && mkdir -p /tmp/clickhouse_debs \ + && for url in $DIRECT_DOWNLOAD_URLS; do \ + wget --progress=bar:force:noscroll "$url" -P /tmp/clickhouse_debs || exit 1 \ + ; done \ + && dpkg -i /tmp/clickhouse_debs/*.deb \ + && rm -rf /tmp/* ; \ + fi + +# Install from a web location with deb packages. +RUN arch="${TARGETARCH:-amd64}" \ + && if [ -n "${deb_location_url}" ]; then \ + rm -rf /tmp/clickhouse_debs \ + && mkdir -p /tmp/clickhouse_debs \ + && for package in ${PACKAGES}; do \ + { wget --progress=bar:force:noscroll "${deb_location_url}/${package}_${VERSION}_${arch}.deb" -P /tmp/clickhouse_debs || \ + wget --progress=bar:force:noscroll "${deb_location_url}/${package}_${VERSION}_all.deb" -P /tmp/clickhouse_debs ; } \ + || exit 1 \ + ; done \ + && dpkg -i /tmp/clickhouse_debs/*.deb \ + && rm -rf /tmp/* ; \ + fi + +# Install from a single binary. +RUN if [ -n "${single_binary_location_url}" ]; then \ + rm -rf /tmp/clickhouse_binary \ + && mkdir -p /tmp/clickhouse_binary \ + && wget --progress=bar:force:noscroll "${single_binary_location_url}" -O /tmp/clickhouse_binary/clickhouse \ + && chmod +x /tmp/clickhouse_binary/clickhouse \ + && /tmp/clickhouse_binary/clickhouse install --user "clickhouse" --group "clickhouse" \ + && rm -rf /tmp/* ; \ + fi + +# Fall back to installation from the ClickHouse repository. +RUN clickhouse local -q 'SELECT 1' >/dev/null 2>&1 && exit 0 || : \ + ; apt-get update \ + && apt-get install --yes --no-install-recommends dirmngr gnupg2 \ + && mkdir -p /etc/apt/sources.list.d \ + && GNUPGHOME=$(mktemp -d) \ + && GNUPGHOME="$GNUPGHOME" gpg --batch --no-default-keyring \ + --keyring /usr/share/keyrings/clickhouse-keyring.gpg \ + --keyserver hkp://keyserver.ubuntu.com:80 \ + --recv-keys 3a9ea1193a97b548be1457d48919f6bd2b48d754 \ + && rm -rf "$GNUPGHOME" \ + && chmod +r /usr/share/keyrings/clickhouse-keyring.gpg \ + && echo "${REPOSITORY}" > /etc/apt/sources.list.d/clickhouse.list \ + && echo "installing from repository: ${REPOSITORY}" \ + && apt-get update \ + && for package in ${PACKAGES}; do \ + packages="${packages} ${package}=${VERSION}" \ + ; done \ + && apt-get install --yes --no-install-recommends ${packages} \ + && rm -rf /var/lib/apt/lists/* /var/cache/debconf /tmp/* \ + && apt-get autoremove --purge -yq dirmngr gnupg2 + +# Verify the installation. +# Use "clickhouse local" (not "clickhouse-local") because the clickhouse-local symlink +# is provided by clickhouse-server which is not installed here. +RUN clickhouse local -q 'SELECT version()' + +ARG DEFAULT_DATA_DIR="/var/lib/clickhouse" +ARG DEFAULT_LOG_DIR="/var/log/clickhouse-keeper" +ARG DEFAULT_CONFIG_DIR="/etc/clickhouse-keeper" + +# Assemble the output directory tree. +RUN mkdir -p \ + /output/usr/bin \ + /output${DEFAULT_CONFIG_DIR} \ + /output${DEFAULT_DATA_DIR} \ + /output${DEFAULT_LOG_DIR} \ + /output/tmp \ + && cp /usr/bin/clickhouse /output/usr/bin/clickhouse \ + && for link in clickhouse-keeper clickhouse-keeper-client clickhouse-docker-init; do \ + ln -sf /usr/bin/clickhouse "/output/usr/bin/${link}" ; \ + done \ + && if [ -d "${DEFAULT_CONFIG_DIR}" ]; then cp -rp "${DEFAULT_CONFIG_DIR}/." "/output${DEFAULT_CONFIG_DIR}/"; fi \ + && chown -R clickhouse:clickhouse \ + /output${DEFAULT_CONFIG_DIR} \ + /output${DEFAULT_DATA_DIR} \ + /output${DEFAULT_LOG_DIR} \ + && chmod 1777 /output/tmp \ + && { \ + printf 'root:x:0:0:root:/root:/sbin/nologin\n'; \ + printf 'nobody:x:65534:65534:nobody:/nonexistent:/sbin/nologin\n'; \ + printf 'nonroot:x:65532:65532:nonroot:/home/nonroot:/sbin/nologin\n'; \ + printf 'clickhouse:x:101:101:ClickHouse:/var/lib/clickhouse:/sbin/nologin\n'; \ + } > /output/etc/passwd \ + && { \ + printf 'root:x:0:\n'; \ + printf 'nobody:x:65534:\n'; \ + printf 'nonroot:x:65532:\n'; \ + printf 'clickhouse:x:101:\n'; \ + } > /output/etc/group + +# ────────────────────────────────────────────────────────────────────────────── +# Stage 2: Production distroless image. +# ────────────────────────────────────────────────────────────────────────────── +# Pinned 2026-03-10. Refresh: docker pull gcr.io/distroless/cc-debian12:nonroot && docker inspect --format='{{index .RepoDigests 0}}' gcr.io/distroless/cc-debian12:nonroot +FROM gcr.io/distroless/cc-debian12:nonroot@sha256:7e5b8df2f4d36f5599ef4ab856d7d444922531709becb03f3368c6d797d0a5eb AS production + +COPY --from=ch-builder /output/ / + +ENV TZ=UTC \ + CLICKHOUSE_WATCHDOG_ENABLE=0 + +# 9181: ZooKeeper-compatible client port +# 9234: Raft port (inter-node communication) +EXPOSE 9181 9234 + +VOLUME ["/var/lib/clickhouse", "/var/log/clickhouse-keeper"] + +USER 101:101 +WORKDIR /var/lib/clickhouse + +ENTRYPOINT ["/usr/bin/clickhouse", "docker-init", "--keeper"] + +# ────────────────────────────────────────────────────────────────────────────── +# Stage 3: Debug image — same as production but includes the busybox shell +# at /busybox/sh for interactive troubleshooting. +# ────────────────────────────────────────────────────────────────────────────── +# Pinned 2026-03-10. Refresh: docker pull gcr.io/distroless/cc-debian12:debug-nonroot && docker inspect --format='{{index .RepoDigests 0}}' gcr.io/distroless/cc-debian12:debug-nonroot +FROM gcr.io/distroless/cc-debian12:debug-nonroot@sha256:641f055b21555d5e4f77b7f1f3caca80840a76c4f7ae5df36a159a436941d2c2 AS debug + +COPY --from=ch-builder /output/ / + +ENV TZ=UTC \ + CLICKHOUSE_WATCHDOG_ENABLE=0 + +EXPOSE 9181 9234 + +VOLUME ["/var/lib/clickhouse", "/var/log/clickhouse-keeper"] + +USER 101:101 +WORKDIR /var/lib/clickhouse + +ENTRYPOINT ["/usr/bin/clickhouse", "docker-init", "--keeper"] diff --git a/docker/server/Dockerfile.distroless b/docker/server/Dockerfile.distroless new file mode 100644 index 000000000000..bf6dbb903ebc --- /dev/null +++ b/docker/server/Dockerfile.distroless @@ -0,0 +1,199 @@ +# Distroless ClickHouse server image. +# Contains no shell, no package manager, no coreutils. +# The entrypoint is the compiled `clickhouse docker-init` subcommand. +# +# Build targets: +# production — gcr.io/distroless/cc-debian12:nonroot (default) +# debug — gcr.io/distroless/cc-debian12:debug-nonroot (includes busybox shell) +# +# Usage: +# docker build -f Dockerfile.distroless --target production -t clickhouse/clickhouse-server:distroless . +# docker build -f Dockerfile.distroless --target debug -t clickhouse/clickhouse-server:distroless-debug . + +# ────────────────────────────────────────────────────────────────────────────── +# Stage 1: Install ClickHouse and assemble the output directory tree. +# ────────────────────────────────────────────────────────────────────────────── +FROM ubuntu:22.04 AS ch-builder + +# see https://github.com/moby/moby/issues/4032#issuecomment-192327844 +ARG DEBIAN_FRONTEND=noninteractive + +ARG apt_archive="http://archive.ubuntu.com" + +# user/group precreated explicitly with fixed uid/gid on purpose. +# It is especially important for rootless containers: in that case entrypoint +# can't do chown and owners of mounted volumes should be configured externally. +# We do that in advance at the beginning of Dockerfile before any packages will be +# installed to prevent picking those uid/gid by some unrelated software. +# The same uid/gid (101) is used both for alpine and ubuntu. +RUN sed -i "s|http://archive.ubuntu.com|${apt_archive}|g" /etc/apt/sources.list \ + && groupadd -r clickhouse --gid=101 \ + && useradd -r -g clickhouse --uid=101 --home-dir=/var/lib/clickhouse --shell=/bin/bash clickhouse \ + && apt-get update \ + && apt-get install --yes --no-install-recommends \ + ca-certificates \ + wget \ + && rm -rf /var/lib/apt/lists/* /var/cache/debconf /tmp/* + +ARG REPO_CHANNEL="stable" +ARG REPOSITORY="deb [signed-by=/usr/share/keyrings/clickhouse-keyring.gpg] https://packages.clickhouse.com/deb ${REPO_CHANNEL} main" +ARG VERSION="26.1.2.11" +ARG PACKAGES="clickhouse-client clickhouse-server clickhouse-common-static" + +#docker-official-library:off +ARG deb_location_url="" +ARG DIRECT_DOWNLOAD_URLS="" +ARG single_binary_location_url="" +ARG TARGETARCH + +# Install from direct URLs (deb packages provided by CI). +RUN if [ -n "${DIRECT_DOWNLOAD_URLS}" ]; then \ + rm -rf /tmp/clickhouse_debs \ + && mkdir -p /tmp/clickhouse_debs \ + && for url in $DIRECT_DOWNLOAD_URLS; do \ + wget --progress=bar:force:noscroll "$url" -P /tmp/clickhouse_debs || exit 1 \ + ; done \ + && dpkg -i /tmp/clickhouse_debs/*.deb \ + && rm -rf /tmp/* ; \ + fi + +# Install from a web location with deb packages. +RUN arch="${TARGETARCH:-amd64}" \ + && if [ -n "${deb_location_url}" ]; then \ + rm -rf /tmp/clickhouse_debs \ + && mkdir -p /tmp/clickhouse_debs \ + && for package in ${PACKAGES}; do \ + { wget --progress=bar:force:noscroll "${deb_location_url}/${package}_${VERSION}_${arch}.deb" -P /tmp/clickhouse_debs || \ + wget --progress=bar:force:noscroll "${deb_location_url}/${package}_${VERSION}_all.deb" -P /tmp/clickhouse_debs ; } \ + || exit 1 \ + ; done \ + && dpkg -i /tmp/clickhouse_debs/*.deb \ + && rm -rf /tmp/* ; \ + fi + +# Install from a single binary. +RUN if [ -n "${single_binary_location_url}" ]; then \ + rm -rf /tmp/clickhouse_binary \ + && mkdir -p /tmp/clickhouse_binary \ + && wget --progress=bar:force:noscroll "${single_binary_location_url}" -O /tmp/clickhouse_binary/clickhouse \ + && chmod +x /tmp/clickhouse_binary/clickhouse \ + && /tmp/clickhouse_binary/clickhouse install --user "clickhouse" --group "clickhouse" \ + && rm -rf /tmp/* ; \ + fi + +# Fall back to installation from the ClickHouse repository. +RUN clickhouse local -q 'SELECT 1' >/dev/null 2>&1 && exit 0 || : \ + ; apt-get update \ + && apt-get install --yes --no-install-recommends dirmngr gnupg2 \ + && mkdir -p /etc/apt/sources.list.d \ + && GNUPGHOME=$(mktemp -d) \ + && GNUPGHOME="$GNUPGHOME" gpg --batch --no-default-keyring \ + --keyring /usr/share/keyrings/clickhouse-keyring.gpg \ + --keyserver hkp://keyserver.ubuntu.com:80 \ + --recv-keys 3a9ea1193a97b548be1457d48919f6bd2b48d754 \ + && rm -rf "$GNUPGHOME" \ + && chmod +r /usr/share/keyrings/clickhouse-keyring.gpg \ + && echo "${REPOSITORY}" > /etc/apt/sources.list.d/clickhouse.list \ + && echo "installing from repository: ${REPOSITORY}" \ + && apt-get update \ + && for package in ${PACKAGES}; do \ + packages="${packages} ${package}=${VERSION}" \ + ; done \ + && apt-get install --yes --no-install-recommends ${packages} \ + && rm -rf /var/lib/apt/lists/* /var/cache/debconf /tmp/* \ + && apt-get autoremove --purge -yq dirmngr gnupg2 + +#docker-official-library:on + +# Verify the installation. +RUN clickhouse-local -q 'SELECT * FROM system.build_options' + +# Assemble the output directory tree that will be COPYed into the distroless image. +# Symlinks pointing to /usr/bin/clickhouse are preserved by Docker COPY. +RUN mkdir -p \ + /output/usr/bin \ + /output/etc/clickhouse-server/config.d \ + /output/etc/clickhouse-server/users.d \ + /output/etc/clickhouse-client \ + /output/var/lib/clickhouse \ + /output/var/log/clickhouse-server \ + /output/docker-entrypoint-initdb.d \ + /output/tmp \ + && cp /usr/bin/clickhouse /output/usr/bin/clickhouse \ + && for link in clickhouse-server clickhouse-client clickhouse-local \ + clickhouse-keeper clickhouse-keeper-client \ + clickhouse-docker-init; do \ + ln -sf /usr/bin/clickhouse "/output/usr/bin/${link}" ; \ + done \ + && cp -r /etc/clickhouse-server/. /output/etc/clickhouse-server/ \ + && if [ -d /etc/clickhouse-client ]; then cp -r /etc/clickhouse-client/. /output/etc/clickhouse-client/; fi + +COPY docker_related_config.xml /output/etc/clickhouse-server/config.d/ + +# Set ownership after all config files are in place (including docker_related_config.xml above). +RUN chown -R clickhouse:clickhouse \ + /output/etc/clickhouse-server \ + /output/var/lib/clickhouse \ + /output/var/log/clickhouse-server \ + /output/docker-entrypoint-initdb.d \ + && chmod 1777 /output/tmp + +# Create /etc/passwd and /etc/group that include the clickhouse user (uid/gid 101). +# These entries are merged with the distroless base's existing entries. +RUN { \ + printf 'root:x:0:0:root:/root:/sbin/nologin\n'; \ + printf 'nobody:x:65534:65534:nobody:/nonexistent:/sbin/nologin\n'; \ + printf 'nonroot:x:65532:65532:nonroot:/home/nonroot:/sbin/nologin\n'; \ + printf 'clickhouse:x:101:101:ClickHouse:/var/lib/clickhouse:/sbin/nologin\n'; \ + } > /output/etc/passwd \ + && { \ + printf 'root:x:0:\n'; \ + printf 'nobody:x:65534:\n'; \ + printf 'nonroot:x:65532:\n'; \ + printf 'clickhouse:x:101:\n'; \ + } > /output/etc/group + +# ────────────────────────────────────────────────────────────────────────────── +# Stage 2: Production distroless image. +# ────────────────────────────────────────────────────────────────────────────── +# Pinned 2026-03-10. Refresh: docker pull gcr.io/distroless/cc-debian12:nonroot && docker inspect --format='{{index .RepoDigests 0}}' gcr.io/distroless/cc-debian12:nonroot +FROM gcr.io/distroless/cc-debian12:nonroot@sha256:7e5b8df2f4d36f5599ef4ab856d7d444922531709becb03f3368c6d797d0a5eb AS production + +COPY --from=ch-builder /output/ / + +ENV CLICKHOUSE_CONFIG=/etc/clickhouse-server/config.xml \ + LC_ALL=C.UTF-8 \ + TZ=UTC \ + CLICKHOUSE_WATCHDOG_ENABLE=0 + +EXPOSE 9000 8123 9009 + +VOLUME ["/var/lib/clickhouse", "/var/log/clickhouse-server"] + +USER 101:101 +WORKDIR /var/lib/clickhouse + +ENTRYPOINT ["/usr/bin/clickhouse", "docker-init"] + +# ────────────────────────────────────────────────────────────────────────────── +# Stage 3: Debug image — same as production but includes the busybox shell +# at /busybox/sh for interactive troubleshooting. +# ────────────────────────────────────────────────────────────────────────────── +# Pinned 2026-03-10. Refresh: docker pull gcr.io/distroless/cc-debian12:debug-nonroot && docker inspect --format='{{index .RepoDigests 0}}' gcr.io/distroless/cc-debian12:debug-nonroot +FROM gcr.io/distroless/cc-debian12:debug-nonroot@sha256:641f055b21555d5e4f77b7f1f3caca80840a76c4f7ae5df36a159a436941d2c2 AS debug + +COPY --from=ch-builder /output/ / + +ENV CLICKHOUSE_CONFIG=/etc/clickhouse-server/config.xml \ + LC_ALL=C.UTF-8 \ + TZ=UTC \ + CLICKHOUSE_WATCHDOG_ENABLE=0 + +EXPOSE 9000 8123 9009 + +VOLUME ["/var/lib/clickhouse", "/var/log/clickhouse-server"] + +USER 101:101 +WORKDIR /var/lib/clickhouse + +ENTRYPOINT ["/usr/bin/clickhouse", "docker-init"] diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt index 4071df99a354..370933054309 100644 --- a/programs/CMakeLists.txt +++ b/programs/CMakeLists.txt @@ -99,6 +99,7 @@ add_subdirectory (checksum-for-compressed-block) add_subdirectory (client) add_subdirectory (compressor) add_subdirectory (disks) +add_subdirectory (docker-init) add_subdirectory (extract-from-config) add_subdirectory (format) add_subdirectory (fst-dump-tree) @@ -195,6 +196,7 @@ clickhouse_program_install(clickhouse-checksum-for-compressed-block checksum-for clickhouse_program_install(clickhouse-client client chc) clickhouse_program_install(clickhouse-compressor compressor) clickhouse_program_install(clickhouse-disks disks) +clickhouse_program_install(clickhouse-docker-init docker-init) clickhouse_program_install(clickhouse-extract-from-config extract-from-config) clickhouse_program_install(clickhouse-format format) clickhouse_program_install(clickhouse-fst-dump-tree fst-dump-tree) diff --git a/programs/docker-init/CMakeLists.txt b/programs/docker-init/CMakeLists.txt new file mode 100644 index 000000000000..10ff94881396 --- /dev/null +++ b/programs/docker-init/CMakeLists.txt @@ -0,0 +1,8 @@ +set (CLICKHOUSE_DOCKER_INIT_SOURCES docker-init.cpp) + +set (CLICKHOUSE_DOCKER_INIT_LINK + PRIVATE + clickhouse_common_io +) + +clickhouse_program_add(docker-init) diff --git a/programs/docker-init/docker-init.cpp b/programs/docker-init/docker-init.cpp new file mode 100644 index 000000000000..4f49cd43b2bc --- /dev/null +++ b/programs/docker-init/docker-init.cpp @@ -0,0 +1,1075 @@ +/// clickhouse docker-init — Docker entrypoint for distroless ClickHouse images. +/// Replaces entrypoint.sh in shell-free environments (no bash, no coreutils). +/// +/// Usage: +/// clickhouse docker-init [--keeper] [-- ...] +/// +/// Environment variables (same as entrypoint.sh): +/// CLICKHOUSE_CONFIG, CLICKHOUSE_RUN_AS_ROOT, CLICKHOUSE_DO_NOT_CHOWN, +/// CLICKHOUSE_UID, CLICKHOUSE_GID, CLICKHOUSE_USER, CLICKHOUSE_PASSWORD, +/// CLICKHOUSE_PASSWORD_FILE, CLICKHOUSE_DB, CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT, +/// CLICKHOUSE_SKIP_USER_SETUP, CLICKHOUSE_ALWAYS_RUN_INITDB_SCRIPTS, +/// CLICKHOUSE_INIT_TIMEOUT, CLICKHOUSE_WATCHDOG_ENABLE, KEEPER_CONFIG + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +namespace fs = std::filesystem; + +namespace +{ + +/// Path to the clickhouse multi-tool binary, derived from argv[0]. +/// NOLINTNEXTLINE(cppcoreguidelines-avoid-non-const-global-variables) +std::string g_clickhouse_binary; + +/// Set by the SIGTERM/SIGINT handler during init to request graceful shutdown. +/// NOLINTNEXTLINE(cppcoreguidelines-avoid-non-const-global-variables) +volatile sig_atomic_t g_shutdown_requested = 0; + +/// PID of the temporary init server, so the signal handler can forward SIGTERM. +/// NOLINTNEXTLINE(cppcoreguidelines-avoid-non-const-global-variables) +volatile pid_t g_init_server_pid = 0; + +void shutdownHandler(int sig) +{ + g_shutdown_requested = 1; + + /// Forward the signal to the temporary server if one is running. + pid_t pid = g_init_server_pid; + if (pid > 0) + kill(pid, sig); +} + +/// Get an environment variable value, returning default_value if not set. +std::string getEnv(const char * name, const std::string & default_value = "") +{ + const char * val = std::getenv(name); // NOLINT(concurrency-mt-unsafe) + return val ? std::string(val) : default_value; +} + +/// Build an execvp-compatible argv array from a vector of strings. +std::vector buildArgv(const std::vector & args) +{ + std::vector argv; + argv.reserve(args.size() + 1); + for (const auto & a : args) + argv.push_back(const_cast(a.c_str())); // NOLINT(cppcoreguidelines-pro-type-const-cast) + argv.push_back(nullptr); + return argv; +} + +/// Run a command and wait for it. Returns the exit code (or -1 on error). +int runCommand(const std::vector & args) +{ + pid_t pid = fork(); + if (pid < 0) + return -1; + + if (pid == 0) + { + auto argv = buildArgv(args); + execvp(argv[0], argv.data()); + _exit(127); + } + + int status = 0; + while (waitpid(pid, &status, 0) < 0) + if (errno != EINTR) + return -1; + return WIFEXITED(status) ? WEXITSTATUS(status) : -1; +} + +/// Run a command, capture its stdout, return {exit_code, output_lines}. +std::pair> captureCommand(const std::vector & args) +{ + int pipefd[2]; + if (pipe(pipefd) < 0) + return {-1, {}}; + + pid_t pid = fork(); + if (pid < 0) + { + (void)close(pipefd[0]); + (void)close(pipefd[1]); + return {-1, {}}; + } + + if (pid == 0) + { + (void)close(pipefd[0]); + if (dup2(pipefd[1], STDOUT_FILENO) < 0) + _exit(127); + (void)close(pipefd[1]); + + /// Suppress stderr to avoid noise from --try extractions. + int devnull = open("/dev/null", O_WRONLY); + if (devnull >= 0) + { + (void)dup2(devnull, STDERR_FILENO); + (void)close(devnull); + } + + auto argv = buildArgv(args); + execvp(argv[0], argv.data()); + _exit(127); + } + + (void)close(pipefd[1]); + + std::string output; + char buf[4096]; + ssize_t n; + while ((n = read(pipefd[0], buf, sizeof(buf))) > 0) + output.append(buf, static_cast(n)); + (void)close(pipefd[0]); + + int status = 0; + while (waitpid(pid, &status, 0) < 0) + if (errno != EINTR) + return {-1, {}}; + + /// Split output into non-empty lines. + std::vector lines; + { + size_t pos = 0; + while (pos < output.size()) + { + size_t found = output.find('\n', pos); + if (found == std::string::npos) + found = output.size(); + std::string line = output.substr(pos, found - pos); + if (!line.empty() && line.back() == '\r') + line.pop_back(); + if (!line.empty()) + lines.push_back(std::move(line)); + pos = found + 1; + } + } + + return {WIFEXITED(status) ? WEXITSTATUS(status) : -1, std::move(lines)}; +} + +/// Run two commands connected by a pipe: lhs | rhs. +/// Returns the exit code of the rhs process. +int runPipeline(const std::vector & lhs, const std::vector & rhs) +{ + int pipefd[2]; + if (pipe(pipefd) < 0) + return -1; + + pid_t lhs_pid = fork(); + if (lhs_pid < 0) + { + (void)close(pipefd[0]); + (void)close(pipefd[1]); + return -1; + } + if (lhs_pid == 0) + { + (void)close(pipefd[0]); + (void)dup2(pipefd[1], STDOUT_FILENO); + (void)close(pipefd[1]); + auto argv = buildArgv(lhs); + execvp(argv[0], argv.data()); + _exit(127); + } + + pid_t rhs_pid = fork(); + if (rhs_pid < 0) + { + (void)close(pipefd[0]); + (void)close(pipefd[1]); + kill(lhs_pid, SIGTERM); + while (waitpid(lhs_pid, nullptr, 0) < 0 && errno == EINTR) {} + return -1; + } + if (rhs_pid == 0) + { + (void)close(pipefd[1]); + (void)dup2(pipefd[0], STDIN_FILENO); + (void)close(pipefd[0]); + auto argv = buildArgv(rhs); + execvp(argv[0], argv.data()); + _exit(127); + } + + (void)close(pipefd[0]); + (void)close(pipefd[1]); + + int lhs_status = 0; + int rhs_status = 0; + while (waitpid(lhs_pid, &lhs_status, 0) < 0 && errno == EINTR) {} + while (waitpid(rhs_pid, &rhs_status, 0) < 0 && errno == EINTR) {} + + return WIFEXITED(rhs_status) ? WEXITSTATUS(rhs_status) : -1; +} + +/// Returns true if the string is a safe ClickHouse identifier: +/// alphanumeric + underscore, not starting with a digit. +/// Used to validate CLICKHOUSE_USER and CLICKHOUSE_DB before embedding in SQL/XML. +bool isValidIdentifier(const std::string & s) +{ + if (s.empty()) + return false; + if (std::isdigit(static_cast(s[0]))) + return false; + for (unsigned char c : s) + if (!std::isalnum(c) && c != '_') + return false; + return true; +} + +/// Extract a single value from a ClickHouse config key via `clickhouse extract-from-config`. +/// Returns an empty string if the key is absent (--try flag suppresses errors). +std::string extractConfigValue(const std::string & config_file, const std::string & key, bool use_users = false) +{ + std::vector args = { + g_clickhouse_binary, "extract-from-config", + "--config-file", config_file, + "--key", key, + "--try", + }; + if (use_users) + args.emplace_back("--users"); + + auto [code, lines] = captureCommand(args); + return (code == 0 && !lines.empty()) ? lines[0] : std::string{}; +} + +/// Extract multiple values from a ClickHouse config key (wildcard patterns return multiple lines). +std::vector extractConfigValues(const std::string & config_file, const std::string & key) +{ + auto [code, lines] = captureCommand({ + g_clickhouse_binary, "extract-from-config", + "--config-file", config_file, + "--key", key, + "--try", + }); + return (code == 0) ? std::move(lines) : std::vector{}; +} + +/// Recursively chown a path. Logs warnings but does not abort on failure. +void recursiveChown(const std::string & path_str, uid_t uid, gid_t gid) +{ + if (lchown(path_str.c_str(), uid, gid) < 0) + std::cerr << "docker-init: warning: lchown " << path_str << ": " << strerror(errno) << "\n"; // NOLINT(concurrency-mt-unsafe) + + std::error_code ec; + if (!fs::is_directory(path_str, ec)) + return; + + for (const auto & entry : fs::recursive_directory_iterator(path_str, fs::directory_options::skip_permission_denied, ec)) + { + if (lchown(entry.path().c_str(), uid, gid) < 0) + std::cerr << "docker-init: warning: lchown " << entry.path() << ": " << strerror(errno) << "\n"; // NOLINT(concurrency-mt-unsafe) + } +} + +/// Create a directory (and all parents) and optionally chown it. +/// +/// Three cases: +/// 1. do_chown=true (root, normal mode): create with fs::create_directories, then chown. +/// 2. do_chown=false, running as root (CLICKHOUSE_DO_NOT_CHOWN=1): delegate to +/// `clickhouse su UID:GID` so the directory is created as the target user. +/// This handles NFS mounts where root is mapped to nobody. +/// 3. do_chown=false, running as non-root: create directly — we are already the target user. +bool createDirectoryAndChown(const std::string & dir, uid_t uid, gid_t gid, bool do_chown) +{ + if (dir.empty()) + return true; + + if (do_chown) + { + std::error_code ec; + fs::create_directories(dir, ec); + if (ec) + { + std::cerr << "docker-init: couldn't create directory " << dir << ": " << ec.message() << "\n"; + return false; + } + + /// Chown only if the owner needs to change (avoids slow recursive chown on already-correct dirs). + struct stat st{}; + if (stat(dir.c_str(), &st) == 0 && (st.st_uid != uid || st.st_gid != gid)) + recursiveChown(dir, uid, gid); + + return true; + } + + if (getuid() == 0) + { + /// Running as root with CLICKHOUSE_DO_NOT_CHOWN or CLICKHOUSE_RUN_AS_ROOT. + /// On NFS mounts root may be remapped to nobody, so create the directory as + /// the target user. Fork a child that drops privileges before calling + /// fs::create_directories — distroless has no mkdir binary. + pid_t pid = fork(); + if (pid < 0) + { + std::cerr << "docker-init: fork failed for directory creation: " << strerror(errno) << "\n"; // NOLINT(concurrency-mt-unsafe) + return false; + } + if (pid == 0) + { + if (setgroups(0, nullptr) < 0 || setgid(gid) < 0 || setuid(uid) < 0) + _exit(1); + std::error_code ec; + fs::create_directories(dir, ec); + _exit(ec ? 1 : 0); + } + int status = 0; + while (waitpid(pid, &status, 0) < 0 && errno == EINTR) {} + if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) + { + /// Fallback: try direct creation (works when root is not remapped). + std::error_code ec; + fs::create_directories(dir, ec); + if (ec) + { + std::cerr << "docker-init: couldn't create directory " << dir << ": " << ec.message() << "\n"; + return false; + } + } + return true; + } + + /// Non-root: we are already running as UID:GID, so create the directory directly. + std::error_code ec; + fs::create_directories(dir, ec); + if (ec) + { + std::cerr << "docker-init: couldn't create directory " << dir << ": " << ec.message() << "\n"; + return false; + } + return true; +} + +/// Write the user management XML to `/etc/clickhouse-server/users.d/default-user.xml`. +/// Returns false if a user-requested setup (CLICKHOUSE_USER/PASSWORD/ACCESS_MANAGEMENT) +/// is invalid — caller should treat this as fatal. +bool manageClickHouseUser( + const std::string & config_file, + const std::string & clickhouse_user, + const std::string & clickhouse_password, + const std::string & access_management, + bool skip_user_setup) +{ + if (skip_user_setup) + { + std::cerr << "docker-init: explicitly skip changing user 'default'\n"; + return true; + } + + const std::string users_d_dir = "/etc/clickhouse-server/users.d"; + const std::string default_user_xml = users_d_dir + "/default-user.xml"; + + std::error_code ec; + fs::create_directories(users_d_dir, ec); + + /// Detect whether the default user was customised via a mounted config file. + bool clickhouse_default_changed = false; + std::string users_xml_path = extractConfigValue(config_file, "user_directories.users_xml.path"); + if (!users_xml_path.empty()) + { + std::string abs_users_xml = (users_xml_path[0] == '/') + ? users_xml_path + : (fs::path(config_file).parent_path() / users_xml_path).string(); + + auto join = [](const std::vector & v) + { + std::string s; + for (const auto & line : v) + s += line + "\n"; + return s; + }; + + auto [c1, original] = captureCommand({ + g_clickhouse_binary, "extract-from-config", + "--config-file", abs_users_xml, + "--key", "users.default", "--try", + }); + auto [c2, processed] = captureCommand({ + g_clickhouse_binary, "extract-from-config", + "--config-file", config_file, + "--users", "--key", "users.default", "--try", + }); + + if (c1 == 0 && c2 == 0 && join(original) != join(processed)) + clickhouse_default_changed = true; + } + + bool has_custom_user = !clickhouse_user.empty() && clickhouse_user != "default"; + bool has_password = !clickhouse_password.empty(); + bool has_access_mgmt = access_management != "0"; + + if (has_custom_user || has_password || has_access_mgmt) + { + if (access_management != "0" && access_management != "1") + { + std::cerr << "docker-init: error: CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT must be '0' or '1', got '" + << access_management << "'\n"; + return false; + } + + if (!isValidIdentifier(clickhouse_user)) + { + std::cerr << "docker-init: error: CLICKHOUSE_USER '" << clickhouse_user + << "' contains characters not allowed in an XML element name; " + "use only alphanumeric characters and underscores\n"; + return false; + } + + std::cerr << "docker-init: create new user '" << clickhouse_user << "' instead 'default'\n"; + + /// Escape CDATA end marker: ]]> → ]]]]> + std::string escaped_password; + { + std::string_view src = clickhouse_password; + const std::string_view needle = "]]>"; + const std::string_view replacement = "]]]]>"; + size_t pos = 0; + size_t found; + while ((found = src.find(needle, pos)) != std::string_view::npos) + { + escaped_password.append(src, pos, found - pos); + escaped_password += replacement; + pos = found + needle.size(); + } + escaped_password.append(src, pos, src.size() - pos); + } + + { + std::ofstream f(default_user_xml); + f << "\n" + << " \n" + << " \n" + << " \n" + << " \n" + << " \n" + << "\n" + << " <" << clickhouse_user << ">\n" + << " default\n" + << " \n" + << " ::/0\n" + << " \n" + << " \n" + << " default\n" + << " " << access_management << "\n" + << " \n" + << " \n" + << "\n"; + if (!f.good()) + std::cerr << "docker-init: error: failed to write " << default_user_xml << "\n"; + } + } + else if (clickhouse_default_changed) + { + /// A mounted config already customised the user — leave it as-is. + } + else + { + std::cerr << "docker-init: neither CLICKHOUSE_USER nor CLICKHOUSE_PASSWORD is set, " + "disabling network access for user 'default'\n"; + { + std::ofstream f(default_user_xml); + f << "\n" + << " \n" + << " \n" + << " \n" + << " \n" + << " \n" + << " ::1\n" + << " 127.0.0.1\n" + << " \n" + << " \n" + << " \n" + << "\n"; + if (!f.good()) + std::cerr << "docker-init: error: failed to write " << default_user_xml << "\n"; + } + } + return true; +} + +/// Returns false on first error (fail-fast, matches shell `set -e`). +bool createClickHouseDatabase( + const std::vector & client_base, + const std::string & clickhouse_db) +{ + if (clickhouse_db.empty()) + return true; + if (!isValidIdentifier(clickhouse_db)) + { + std::cerr << "docker-init: error: CLICKHOUSE_DB '" << clickhouse_db + << "' contains characters not safe for use in SQL; " + "use only alphanumeric characters and underscores\n"; + return false; + } + std::cerr << "docker-init: create database '" << clickhouse_db << "'\n"; + std::vector args = client_base; + args.insert(args.end(), {"-q", "CREATE DATABASE IF NOT EXISTS " + clickhouse_db}); + if (runCommand(args) != 0) + { + std::cerr << "docker-init: error: failed to create database '" << clickhouse_db << "'\n"; + return false; + } + return true; +} + +/// Returns false on first script failure (fail-fast, matches shell `set -e`). +bool runInitScripts(const std::vector & client_base) +{ + std::error_code ec; + if (!fs::is_directory("/docker-entrypoint-initdb.d", ec)) + return true; + std::vector init_files; + for (const auto & entry : fs::directory_iterator("/docker-entrypoint-initdb.d", ec)) + init_files.push_back(entry.path()); + std::sort(init_files.begin(), init_files.end()); + + for (const auto & path : init_files) + { + std::string filename = path.filename().string(); + + if (filename.ends_with(".sql") && !filename.ends_with(".sql.gz")) + { + std::cerr << "docker-init: running " << path << "\n"; + std::vector args = client_base; + args.emplace_back("--queries-file"); + args.push_back(path.string()); + if (runCommand(args) != 0) + { + std::cerr << "docker-init: error: init script " << path << " failed\n"; + return false; + } + } + else if (filename.ends_with(".sql.gz")) + { + std::cerr << "docker-init: running " << path << " (decompressing)\n"; + /// Decompress via clickhouse-local (auto-detects .gz) and pipe to clickhouse-client. + /// Escape single quotes in the path to prevent SQL injection via crafted filenames. + std::string escaped_path; + for (char c : path.string()) + { + if (c == '\'') + escaped_path += "''"; + else + escaped_path += c; + } + std::vector decompress_args = { + g_clickhouse_binary, "local", + "--query", + "SELECT * FROM file('" + escaped_path + "', RawBLOB) FORMAT RawBLOB", + }; + if (runPipeline(decompress_args, client_base) != 0) + { + std::cerr << "docker-init: error: init script " << path << " failed\n"; + return false; + } + } + else if (filename.ends_with(".sh")) + { + std::cerr << "docker-init: WARNING: shell scripts cannot run in a distroless " + "environment, skipping " << path << "\n"; + } + else + { + std::cerr << "docker-init: ignoring " << path << "\n"; + } + } + return true; +} + +/// Start a temporary ClickHouse server, run init scripts, then stop it. +bool initClickHouseDB( + const std::string & config_file, + const std::string & data_dir, + const std::string & clickhouse_user, + const std::string & clickhouse_password, + uid_t run_uid, + gid_t run_gid, + const std::vector & extra_server_args, + bool always_run_initdb) +{ + /// Skip if data directory is already initialised and CLICKHOUSE_ALWAYS_RUN_INITDB_SCRIPTS is unset. + bool database_exists = fs::is_directory(data_dir + "/data"); + if (!always_run_initdb && database_exists) + { + std::cerr << "docker-init: ClickHouse data directory appears to contain a database; " + "skipping initialization\n"; + return true; + } + + std::string clickhouse_db = getEnv("CLICKHOUSE_DB"); + + /// Check whether /docker-entrypoint-initdb.d has any files. + std::error_code ec; + bool has_init_files = fs::is_directory("/docker-entrypoint-initdb.d", ec) + && fs::directory_iterator("/docker-entrypoint-initdb.d", ec) != fs::directory_iterator{}; + + if (!has_init_files && clickhouse_db.empty()) + return true; + + std::string native_port = extractConfigValue(config_file, "tcp_port"); + if (native_port.empty()) + native_port = "9000"; + + std::string run_as = std::to_string(run_uid) + ":" + std::to_string(run_gid); + + /// Start a temporary server bound only to localhost. + /// The "--" separator is required: positional arguments after "--" override config.xml + /// properties (e.g. --listen_host=127.0.0.1), while options before "--" are parsed by + /// Poco and must be registered. Without "--", Poco rejects "--listen_host" as unknown. + std::vector server_args = { + g_clickhouse_binary, "su", run_as, "clickhouse-server", + "--config-file=" + config_file, + "--", "--listen_host=127.0.0.1", + }; + for (const auto & arg : extra_server_args) + server_args.push_back(arg); + + if (g_shutdown_requested) + return true; + + pid_t server_pid = fork(); + if (server_pid < 0) + { + std::cerr << "docker-init: failed to fork temporary server\n"; + return false; + } + + if (server_pid == 0) + { + auto argv = buildArgv(server_args); + execvp(argv[0], argv.data()); + _exit(127); + } + + /// Allow the signal handler to forward SIGTERM to the temp server. + g_init_server_pid = server_pid; + + /// Poll until the server accepts connections. + /// This is a service-readiness wait, not a race condition workaround. + int tries = 1000; + { + std::string timeout_str = getEnv("CLICKHOUSE_INIT_TIMEOUT", "1000"); + try + { + tries = std::stoi(timeout_str); + } + catch (const std::exception &) + { + std::cerr << "docker-init: warning: invalid CLICKHOUSE_INIT_TIMEOUT '" + << timeout_str << "', using default 1000\n"; + } + } + bool server_ready = false; + + while (tries > 0 && !server_ready && !g_shutdown_requested) + { + pid_t check_pid = fork(); + if (check_pid < 0) + { + /// fork failed — skip this iteration and retry. + --tries; + sleep(1); // NOLINT(concurrency-mt-unsafe) + continue; + } + if (check_pid == 0) + { + int devnull = open("/dev/null", O_WRONLY); + if (devnull >= 0) + { + dup2(devnull, STDOUT_FILENO); + dup2(devnull, STDERR_FILENO); + close(devnull); + } + /// Keep args in a named variable so the strings outlive argv. + std::vector check_args = { + g_clickhouse_binary, "client", + "--host", "127.0.0.1", + "--port", native_port, + "-u", clickhouse_user, + "--password", clickhouse_password, + "--query", "SELECT 1", + }; + auto argv = buildArgv(check_args); + execvp(argv[0], argv.data()); + _exit(127); + } + + int check_status = 0; + while (waitpid(check_pid, &check_status, 0) < 0 && errno == EINTR) {} + if (WIFEXITED(check_status) && WEXITSTATUS(check_status) == 0) + { + server_ready = true; + } + else + { + --tries; + sleep(1); // NOLINT(concurrency-mt-unsafe) -- Wait between health-check retries — not a race condition fix. + } + } + + if (!server_ready) + { + if (g_shutdown_requested) + std::cerr << "docker-init: shutdown requested, stopping init server\n"; + else + std::cerr << "docker-init: ClickHouse init process timed out\n"; + kill(server_pid, SIGTERM); + while (waitpid(server_pid, nullptr, 0) < 0 && errno == EINTR) {} + g_init_server_pid = 0; + return false; + } + + std::vector client_base = { + g_clickhouse_binary, "client", + "--multiquery", + "--host", "127.0.0.1", + "--port", native_port, + "-u", clickhouse_user, + "--password", clickhouse_password, + }; + + const bool ok = createClickHouseDatabase(client_base, clickhouse_db) + && runInitScripts(client_base); + + /// Always stop the temporary server regardless of init result. + kill(server_pid, SIGTERM); + int server_status = 0; + while (waitpid(server_pid, &server_status, 0) < 0 && errno == EINTR) {} + g_init_server_pid = 0; + if (!WIFEXITED(server_status) || WEXITSTATUS(server_status) != 0) + std::cerr << "docker-init: warning: init server did not exit cleanly\n"; + return ok; +} + +} // anonymous namespace + + +int mainEntryClickHouseDockerInit(int argc, char ** argv) +{ + g_clickhouse_binary = (argc > 0 && argv[0][0] != '\0') ? argv[0] : "clickhouse"; + + bool keeper_mode = false; + bool show_help = false; + bool separator_seen = false; + std::vector extra_args; + + for (int i = 1; i < argc; ++i) + { + std::string_view arg = argv[i]; + + if (!separator_seen && (arg == "--help" || arg == "-h")) + { + show_help = true; + break; + } + else if (!separator_seen && arg == "--keeper") + keeper_mode = true; + else if (!separator_seen && arg == "--") + separator_seen = true; + else + extra_args.emplace_back(arg); + } + + if (show_help) + { + std::cout + << "Usage: clickhouse docker-init [--keeper] [-- ...]\n" + "Docker entrypoint for distroless ClickHouse images.\n" + "\nOptions:\n" + " --keeper Start ClickHouse Keeper instead of server\n" + " --help Show this help message\n" + "\nEnvironment variables (server mode):\n" + " CLICKHOUSE_CONFIG Path to config file " + "(default: /etc/clickhouse-server/config.xml)\n" + " CLICKHOUSE_RUN_AS_ROOT Run as root (0/1)\n" + " CLICKHOUSE_DO_NOT_CHOWN Skip chown operations (0/1)\n" + " CLICKHOUSE_UID Override UID to run as\n" + " CLICKHOUSE_GID Override GID to run as\n" + " CLICKHOUSE_USER Default user name (default: default)\n" + " CLICKHOUSE_PASSWORD Default user password\n" + " CLICKHOUSE_PASSWORD_FILE File containing password\n" + " CLICKHOUSE_DB Database to create on init\n" + " CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT Enable access management (0/1)\n" + " CLICKHOUSE_SKIP_USER_SETUP Skip user setup (0/1)\n" + " CLICKHOUSE_ALWAYS_RUN_INITDB_SCRIPTS Always run init scripts\n" + " CLICKHOUSE_INIT_TIMEOUT Max retries for server readiness (default: 1000)\n" + " CLICKHOUSE_WATCHDOG_ENABLE Enable watchdog (default: 0)\n" + "\nEnvironment variables (keeper mode):\n" + " KEEPER_CONFIG Path to keeper config file\n" + " CLICKHOUSE_DATA_DIR Data directory (default: /var/lib/clickhouse)\n" + " LOG_DIR Log directory (default: /var/log/clickhouse-keeper)\n"; + return 0; + } + + /// --- Passthrough mode --- + /// If the first extra argument does not start with '--', treat it as a command to exec + /// directly without server startup. This mirrors entrypoint.sh: + /// if [[ "$1" == "--"* ]]; then start server; fi; exec "$@" + /// + /// For recognized ClickHouse subcommand names (client, local, etc.) resolve the path + /// via bin_dir so that multi-tool dispatch (by argv[0] basename) works correctly. + /// For everything else (echo, date, bash, ...) let PATH resolution handle it. + if (!extra_args.empty() && !extra_args[0].starts_with("--")) + { + static constexpr std::array clickhouse_tools = { + "clickhouse-client", + "clickhouse-local", + "clickhouse-keeper-client", + "clickhouse-benchmark", + "clickhouse-format", + "clickhouse-compressor", + "clickhouse-obfuscator", + "clickhouse-extract-from-config", + "clickhouse-disks", + "client", + "local", + "keeper-client", + "benchmark", + "format", + "compressor", + "obfuscator", + "extract-from-config", + "disks", + }; + + std::string cmd = extra_args[0]; + if (std::find(clickhouse_tools.begin(), clickhouse_tools.end(), extra_args[0]) != clickhouse_tools.end()) + { + /// Build the full path to the symlink (e.g. /usr/bin/clickhouse-client). + /// The symlink points to the clickhouse binary; dispatching is done by argv[0]. + /// Short names like "client" must be resolved to "clickhouse-client" since the + /// distroless image only has "clickhouse-*" symlinks (not bare "client", "local", etc.). + fs::path bin_dir = fs::path(g_clickhouse_binary).parent_path(); + std::string link_name = extra_args[0]; + if (!link_name.starts_with("clickhouse-")) + link_name = "clickhouse-" + link_name; + cmd = (bin_dir / link_name).string(); + } + + std::vector exec_cmd = {cmd}; + for (std::size_t i = 1; i < extra_args.size(); ++i) + exec_cmd.push_back(extra_args[i]); + + auto exec_argv = buildArgv(exec_cmd); + execvp(exec_argv[0], exec_argv.data()); + std::cerr << "docker-init: failed to exec '" << extra_args[0] << "': " << strerror(errno) << "\n"; // NOLINT(concurrency-mt-unsafe) + return 1; + } + + /// --- Resolve identity --- + uid_t current_uid = getuid(); + uid_t run_uid; + gid_t run_gid; + bool do_chown = true; + + if (getEnv("CLICKHOUSE_RUN_AS_ROOT") == "1" || getEnv("CLICKHOUSE_DO_NOT_CHOWN") == "1") + do_chown = false; + + if (current_uid == 0) + { + if (getEnv("CLICKHOUSE_RUN_AS_ROOT") == "1") + { + run_uid = 0; + run_gid = 0; + } + else + { + /// Default to the `clickhouse` system user if it exists, otherwise fall back to UID 101. + uid_t default_uid = 101; + gid_t default_gid = 101; + const passwd * pw = getpwnam("clickhouse"); // NOLINT(concurrency-mt-unsafe) + if (pw) + { + default_uid = pw->pw_uid; + default_gid = pw->pw_gid; + } + + std::string uid_str = getEnv("CLICKHOUSE_UID"); + std::string gid_str = getEnv("CLICKHOUSE_GID"); + run_uid = default_uid; + run_gid = default_gid; + try + { + if (!uid_str.empty()) + run_uid = static_cast(std::stoul(uid_str)); + if (!gid_str.empty()) + run_gid = static_cast(std::stoul(gid_str)); + } + catch (const std::exception &) + { + std::cerr << "docker-init: warning: invalid CLICKHOUSE_UID/GID values, " + "using defaults\n"; + } + } + } + else + { + /// Non-root: cannot chown, run as current user. + run_uid = current_uid; + run_gid = getgid(); + do_chown = false; + } + + std::string run_as = std::to_string(run_uid) + ":" + std::to_string(run_gid); + + /// --- Keeper mode --- + if (keeper_mode) + { + std::string keeper_config = getEnv("KEEPER_CONFIG", "/etc/clickhouse-keeper/keeper_config.xml"); + std::string data_dir = getEnv("CLICKHOUSE_DATA_DIR", "/var/lib/clickhouse"); + std::string log_dir = getEnv("LOG_DIR", "/var/log/clickhouse-keeper"); + + for (const auto & dir : {data_dir, log_dir, + data_dir + "/coordination", + data_dir + "/coordination/log", + data_dir + "/coordination/snapshots"}) + { + if (!createDirectoryAndChown(dir, run_uid, run_gid, do_chown)) + return 1; + } + + /// Default to disabled so Ctrl+C works in Docker. Don't override if already set. + setenv("CLICKHOUSE_WATCHDOG_ENABLE", "0", 0); // NOLINT(concurrency-mt-unsafe) + + chdir(data_dir.c_str()); // NOLINT(bugprone-unused-return-value) + + std::vector exec_args = { + g_clickhouse_binary, "su", run_as, "clickhouse-keeper", + }; + + std::error_code ec; + if (!keeper_config.empty() && fs::exists(keeper_config, ec)) + exec_args.push_back("--config-file=" + keeper_config); + + for (const auto & arg : extra_args) + exec_args.push_back(arg); + + auto exec_argv = buildArgv(exec_args); + execvp(exec_argv[0], exec_argv.data()); + std::cerr << "docker-init: failed to exec clickhouse keeper: " << strerror(errno) << "\n"; // NOLINT(concurrency-mt-unsafe) + return 1; + } + + /// --- Server mode --- + std::string config_file = getEnv("CLICKHOUSE_CONFIG", "/etc/clickhouse-server/config.xml"); + + /// Extract all relevant paths from the config. + std::string data_dir = extractConfigValue(config_file, "path"); + std::string tmp_dir = extractConfigValue(config_file, "tmp_path"); + std::string user_files_path = extractConfigValue(config_file, "user_files_path"); + std::string format_schema_path = extractConfigValue(config_file, "format_schema_path"); + + std::string log_dir; + std::string log_path = extractConfigValue(config_file, "logger.log"); + if (!log_path.empty()) + log_dir = fs::path(log_path).parent_path().string(); + + std::string error_log_dir; + std::string error_log_path = extractConfigValue(config_file, "logger.errorlog"); + if (!error_log_path.empty()) + error_log_dir = fs::path(error_log_path).parent_path().string(); + + auto disk_paths = extractConfigValues(config_file, "storage_configuration.disks.*.path"); + auto disk_metadata_paths = extractConfigValues(config_file, "storage_configuration.disks.*.metadata_path"); + + /// Create and chown data directory first, then cd into it. + if (!data_dir.empty() && !createDirectoryAndChown(data_dir, run_uid, run_gid, do_chown)) + return 1; + + chdir(data_dir.empty() ? "/" : data_dir.c_str()); // NOLINT(bugprone-unused-return-value) + + for (const auto & dir : {error_log_dir, log_dir, tmp_dir, user_files_path, format_schema_path}) + { + if (!dir.empty() && !createDirectoryAndChown(dir, run_uid, run_gid, do_chown)) + return 1; + } + for (const auto & dir : disk_paths) + if (!createDirectoryAndChown(dir, run_uid, run_gid, do_chown)) + return 1; + for (const auto & dir : disk_metadata_paths) + if (!createDirectoryAndChown(dir, run_uid, run_gid, do_chown)) + return 1; + + /// Resolve password (from env or file). + std::string clickhouse_user = getEnv("CLICKHOUSE_USER", "default"); + std::string clickhouse_password = getEnv("CLICKHOUSE_PASSWORD"); + std::string password_file = getEnv("CLICKHOUSE_PASSWORD_FILE"); + if (!password_file.empty()) + { + std::ifstream pf(password_file); + if (pf.is_open()) + std::getline(pf, clickhouse_password); + else + std::cerr << "docker-init: warning: cannot read CLICKHOUSE_PASSWORD_FILE '" + << password_file << "': " << strerror(errno) << "\n"; // NOLINT(concurrency-mt-unsafe) + } + + std::string access_management = getEnv("CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT", "0"); + bool skip_user_setup = (getEnv("CLICKHOUSE_SKIP_USER_SETUP") == "1"); + + if (!manageClickHouseUser(config_file, clickhouse_user, clickhouse_password, access_management, skip_user_setup)) + return 1; + + /// Install signal handlers so `docker stop` during init triggers graceful shutdown. + /// As PID 1, signals without a handler are silently dropped by the kernel. + { + struct sigaction sa{}; + sa.sa_handler = shutdownHandler; + sigemptyset(&sa.sa_mask); + sa.sa_flags = SA_RESTART; + sigaction(SIGTERM, &sa, nullptr); + sigaction(SIGINT, &sa, nullptr); + } + + bool always_run_initdb = !getEnv("CLICKHOUSE_ALWAYS_RUN_INITDB_SCRIPTS").empty(); + if (!initClickHouseDB(config_file, data_dir, clickhouse_user, clickhouse_password, + run_uid, run_gid, extra_args, always_run_initdb)) + return 1; + + if (g_shutdown_requested) + { + std::cerr << "docker-init: shutdown requested during initialization, exiting\n"; + return 1; + } + + /// Reset signal handlers before exec — the server handles its own signals. + signal(SIGTERM, SIG_DFL); // NOLINT(cert-err33-c) + signal(SIGINT, SIG_DFL); // NOLINT(cert-err33-c) + + /// Set watchdog env — default to disabled so Ctrl+C works in Docker. + if (std::getenv("CLICKHOUSE_WATCHDOG_ENABLE") == nullptr) // NOLINT(concurrency-mt-unsafe) + setenv("CLICKHOUSE_WATCHDOG_ENABLE", "0", 0); // NOLINT(concurrency-mt-unsafe) + + /// Replace this process with clickhouse-server via `clickhouse su`. + std::vector exec_args = { + g_clickhouse_binary, "su", run_as, "clickhouse-server", + "--config-file=" + config_file, + }; + for (const auto & arg : extra_args) + exec_args.push_back(arg); + + auto exec_argv = buildArgv(exec_args); + execvp(exec_argv[0], exec_argv.data()); + std::cerr << "docker-init: failed to exec clickhouse server: " << strerror(errno) << "\n"; // NOLINT(concurrency-mt-unsafe) + return 1; +} diff --git a/programs/main.cpp b/programs/main.cpp index c572436d1738..d7486d488908 100644 --- a/programs/main.cpp +++ b/programs/main.cpp @@ -78,6 +78,7 @@ int mainEntryClickHouseGitImport(int argc, char ** argv); int mainEntryClickHouseLocal(int argc, char ** argv); int mainEntryClickHouseObfuscator(int argc, char ** argv); int mainEntryClickHouseSU(int argc, char ** argv); +int mainEntryClickHouseDockerInit(int argc, char ** argv); int mainEntryClickHouseServer(int argc, char ** argv); int mainEntryClickHouseStaticFilesDiskUploader(int argc, char ** argv); int mainEntryClickHouseZooKeeperDumpTree(int argc, char ** argv); @@ -149,6 +150,7 @@ std::pair clickhouse_applications[] = {"git-import", mainEntryClickHouseGitImport}, {"static-files-disk-uploader", mainEntryClickHouseStaticFilesDiskUploader}, {"su", mainEntryClickHouseSU}, + {"docker-init", mainEntryClickHouseDockerInit}, {"hash-binary", mainEntryClickHouseHashBinary}, {"disks", mainEntryClickHouseDisks}, {"check-marks", mainEntryClickHouseCheckMarks}, diff --git a/tests/ci/docker_server.py b/tests/ci/docker_server.py index 95160e82513f..79fd7896abe8 100644 --- a/tests/ci/docker_server.py +++ b/tests/ci/docker_server.py @@ -100,7 +100,7 @@ def parse_args() -> argparse.Namespace: help="don't push reports to S3 and github", ) parser.add_argument("--push", action="store_true", help=argparse.SUPPRESS) - parser.add_argument("--os", default=["ubuntu", "alpine"], help=argparse.SUPPRESS) + parser.add_argument("--os", default=["ubuntu", "alpine", "distroless"], help=argparse.SUPPRESS) parser.add_argument( "--no-ubuntu", action=DelOS, @@ -115,6 +115,13 @@ def parse_args() -> argparse.Namespace: default=argparse.SUPPRESS, help="don't build alpine image", ) + parser.add_argument( + "--no-distroless", + action=DelOS, + nargs=0, + default=argparse.SUPPRESS, + help="don't build distroless image", + ) parser.add_argument( "--allow-build-reuse", action="store_true", @@ -229,10 +236,25 @@ def build_and_push_image( cmd_args = list(init_args) urls = [] if direct_urls: - if os == "ubuntu" and "clickhouse-server" in image.repo: - urls = [url for url in direct_urls[arch] if ".deb" in url] + # distroless and ubuntu-server use an Ubuntu builder with dpkg, so they + # need .deb packages. alpine and ubuntu-keeper use .tgz packages. + uses_deb = os == "distroless" or ( + os == "ubuntu" and "clickhouse-server" in image.repo + ) + if uses_deb: + urls = [ + url + for url in direct_urls[arch] + if ".deb" in url and "-dbg" not in url + ] else: - urls = [url for url in direct_urls[arch] if ".tgz" in url] + # For keeper/alpine tgz builds, only pass the keeper tgz. + # Excluding clickhouse-common-static.tgz avoids a large unnecessary download. + tgz_urls = [url for url in direct_urls[arch] if ".tgz" in url] + if "keeper" in image.repo: + urls = [url for url in tgz_urls if "clickhouse-keeper" in url] + else: + urls = tgz_urls cmd_args.extend( buildx_args(repo_urls, arch, direct_urls=urls, version=version.describe) ) @@ -396,7 +418,16 @@ def main(): "clickhouse-common-static", ] elif "clickhouse-keeper" in image_repo: - PACKAGES = ["clickhouse-keeper"] + # Both packages are needed to cover all three keeper image variants: + # distroless: installs from .deb via dpkg; clickhouse-common-static + # provides the clickhouse multi-tool binary (clickhouse-keeper + # is a symlink to it). clickhouse-keeper .deb is not published + # separately, so the common-static .deb is the only source. + # alpine/ubuntu: installs from .tgz; clickhouse-keeper provides the + # standalone keeper binary and its symlinks. The common-static + # .tgz is implicitly excluded because the url filter below + # keeps only urls containing "clickhouse-keeper" in the name. + PACKAGES = ["clickhouse-common-static", "clickhouse-keeper"] else: assert False, "BUG" urls = read_build_urls(build_name, Path(REPORT_PATH)) From 6ca49bdc65fb05a8ec6ce447a5a035b7b296dbb9 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Wed, 1 Apr 2026 16:34:18 +0000 Subject: [PATCH 100/141] Backport #100800 to 25.8: Dont show secrets in select from system.databases query --- src/Databases/DataLake/DataLakeConstants.h | 10 ++++++++++ tests/integration/test_database_glue/test.py | 3 +++ tests/integration/test_database_iceberg/test.py | 1 - 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/Databases/DataLake/DataLakeConstants.h b/src/Databases/DataLake/DataLakeConstants.h index eaa8f5a276e6..0b228bf310ec 100644 --- a/src/Databases/DataLake/DataLakeConstants.h +++ b/src/Databases/DataLake/DataLakeConstants.h @@ -21,9 +21,19 @@ static constexpr auto DEFAULT_MASKING_RULE = [](const DB::Field &){ return "'[HI using ValueMaskingFunc = std::function; static inline std::unordered_map SETTINGS_TO_HIDE = { + /// Catalog credentials {"catalog_credential", DEFAULT_MASKING_RULE}, {"auth_header", DEFAULT_MASKING_RULE}, + /// AWS credentials {"aws_access_key_id", DEFAULT_MASKING_RULE}, {"aws_secret_access_key", DEFAULT_MASKING_RULE}, + /// OneLake credentials + {"onelake_client_secret", DEFAULT_MASKING_RULE}, + /// Google credentials + {"google_adc_client_secret", DEFAULT_MASKING_RULE}, + {"google_adc_refresh_token", DEFAULT_MASKING_RULE}, + /// DLF credentials + {"dlf_access_key_id", DEFAULT_MASKING_RULE}, + {"dlf_access_key_secret", DEFAULT_MASKING_RULE}, }; } diff --git a/tests/integration/test_database_glue/test.py b/tests/integration/test_database_glue/test.py index 70db874cd3c8..e705061d0897 100644 --- a/tests/integration/test_database_glue/test.py +++ b/tests/integration/test_database_glue/test.py @@ -225,6 +225,9 @@ def create_clickhouse_glue_table( """ ) + show_result = node.query(f"SHOW DATABASE {CATALOG_NAME}") + assert minio_secret_key not in show_result + def drop_clickhouse_glue_table( node, database_name, table_name ): diff --git a/tests/integration/test_database_iceberg/test.py b/tests/integration/test_database_iceberg/test.py index 1fbc012b9056..8401d71c1706 100644 --- a/tests/integration/test_database_iceberg/test.py +++ b/tests/integration/test_database_iceberg/test.py @@ -145,7 +145,6 @@ def create_clickhouse_iceberg_database( assert minio_secret_key not in show_result assert "HIDDEN" in show_result - def create_clickhouse_iceberg_table( started_cluster, node, database_name, table_name, schema, additional_settings={} ): From 822abf069f873dc501fdb0b0fa0b0fb47b8cd481 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Thu, 2 Apr 2026 08:35:26 +0000 Subject: [PATCH 101/141] Backport #100901 to 25.8: Subtract slab_reclaimable from kernel memory in cgroupv2 reader --- src/Common/MemoryWorker.cpp | 91 ++++++++++++++++------- src/Common/tests/gtest_cgroups_reader.cpp | 27 ++++++- 2 files changed, 90 insertions(+), 28 deletions(-) diff --git a/src/Common/MemoryWorker.cpp b/src/Common/MemoryWorker.cpp index 241d6d218515..38adbce5367a 100644 --- a/src/Common/MemoryWorker.cpp +++ b/src/Common/MemoryWorker.cpp @@ -38,15 +38,13 @@ namespace ErrorCodes namespace { -using Metrics = std::map; - /// Format is /// kernel 5 /// rss 15 /// [...] -Metrics readAllMetricsFromStatFile(ReadBufferFromFile & buf) +std::map readAllMetricsFromStatFile(ReadBufferFromFile & buf) { - Metrics metrics; + std::map metrics; while (!buf.eof()) { std::string current_key; @@ -64,10 +62,21 @@ Metrics readAllMetricsFromStatFile(ReadBufferFromFile & buf) return metrics; } -uint64_t readMetricsFromStatFile(ReadBufferFromFile & buf, std::initializer_list keys, std::initializer_list optional_keys, bool * warnings_printed) +using Metrics = std::map; + +void readMetricsFromStatFile( + ReadBufferFromFile & buf, + Metrics & metrics, + std::initializer_list keys, + bool * warnings_printed) { - uint64_t sum = 0; - uint64_t found_mask = 0; + /// Zero out existing values; keeps map nodes allocated for reuse. + for (auto & [_, v] : metrics) + v = 0; + + /// Track which keys were actually seen in this pass. + uint64_t seen_mask = 0; + bool print_warnings = !*warnings_printed; while (!buf.eof()) { @@ -79,36 +88,42 @@ uint64_t readMetricsFromStatFile(ReadBufferFromFile & buf, std::initializer_list { std::string dummy; readStringUntilNewlineInto(dummy, buf); - buf.tryIgnore(1); /// skip EOL (if not EOF) + buf.tryIgnore(1); continue; } - if (print_warnings && (found_mask & (1l << (it - keys.begin())))) - { - *warnings_printed = true; - LOG_ERROR(getLogger("CgroupsReader"), "Duplicate key '{}' in '{}'", current_key, buf.getFileName()); - } - found_mask |= 1ll << (it - keys.begin()); - assertChar(' ', buf); uint64_t value = 0; readIntText(value, buf); - sum += value; - buf.tryIgnore(1); /// skip EOL (if not EOF) + buf.tryIgnore(1); + + uint64_t key_bit = 1ull << (it - keys.begin()); + if (seen_mask & key_bit) + { + if (print_warnings) + { + *warnings_printed = true; + LOG_ERROR(getLogger("CgroupsReader"), "Duplicate key '{}' in '{}'", current_key, buf.getFileName()); + } + } + seen_mask |= key_bit; + + /// Use the string_view from keys (string literals) as map key. + metrics[*it] = value; } - /// Did we see all keys? - for (const auto * it = keys.begin(); it != keys.end(); ++it) + if (print_warnings) { - if (print_warnings - && !(found_mask & (1l << (it - keys.begin()))) - && std::find(optional_keys.begin(), optional_keys.end(), *it) == optional_keys.end()) + for (const auto * it = keys.begin(); it != keys.end(); ++it) { - *warnings_printed = true; - LOG_ERROR(getLogger("CgroupsReader"), "Cannot find '{}' in '{}'", *it, buf.getFileName()); + uint64_t key_bit = 1ull << (it - keys.begin()); + if (!(seen_mask & key_bit)) + { + *warnings_printed = true; + LOG_ERROR(getLogger("CgroupsReader"), "Cannot find '{}' in '{}'", *it, buf.getFileName()); + } } } - return sum; } struct CgroupsV1Reader : ICgroupsReader @@ -119,7 +134,9 @@ struct CgroupsV1Reader : ICgroupsReader { std::lock_guard lock(mutex); buf.rewind(); - return readMetricsFromStatFile(buf, {"rss"}, {}, &warnings_printed); + readMetricsFromStatFile(buf, metrics, {"rss"}, &warnings_printed); + auto it = metrics.find("rss"); + return it != metrics.end() ? it->second : 0; } std::string dumpAllStats() override @@ -132,6 +149,7 @@ struct CgroupsV1Reader : ICgroupsReader private: std::mutex mutex; ReadBufferFromFile buf TSA_GUARDED_BY(mutex); + Metrics metrics TSA_GUARDED_BY(mutex); bool warnings_printed TSA_GUARDED_BY(mutex) = false; }; @@ -143,7 +161,25 @@ struct CgroupsV2Reader : ICgroupsReader { std::lock_guard lock(mutex); stat_buf.rewind(); - return readMetricsFromStatFile(stat_buf, {"anon", "sock", "kernel"}, {"kernel"}, &warnings_printed); + readMetricsFromStatFile( + stat_buf, metrics, {"anon", "sock", "kernel", "slab_reclaimable"}, &warnings_printed); + + auto get = [](const Metrics & m, std::string_view key) -> uint64_t + { + auto it = m.find(key); + return it != m.end() ? it->second : 0; + }; + + /// anon + sock: actual process memory. + /// kernel - slab_reclaimable: non-reclaimable kernel memory (pagetables, kernel_stack, slab_unreclaimable). + /// slab_reclaimable is excluded because the kernel reclaims it synchronously under memory pressure + /// before invoking the OOM killer, so it should not count against the application's memory budget. + uint64_t usage = get(metrics, "anon") + get(metrics, "sock"); + uint64_t kernel = get(metrics, "kernel"); + uint64_t slab_reclaimable = get(metrics, "slab_reclaimable"); + if (kernel > slab_reclaimable) + usage += kernel - slab_reclaimable; + return usage; } std::string dumpAllStats() override @@ -156,6 +192,7 @@ struct CgroupsV2Reader : ICgroupsReader private: std::mutex mutex; ReadBufferFromFile stat_buf TSA_GUARDED_BY(mutex); + Metrics metrics TSA_GUARDED_BY(mutex); bool warnings_printed TSA_GUARDED_BY(mutex) = false; }; diff --git a/src/Common/tests/gtest_cgroups_reader.cpp b/src/Common/tests/gtest_cgroups_reader.cpp index d512aefe973d..06da5018bec9 100644 --- a/src/Common/tests/gtest_cgroups_reader.cpp +++ b/src/Common/tests/gtest_cgroups_reader.cpp @@ -160,7 +160,7 @@ TEST_P(CgroupsMemoryUsageObserverFixture, ReadMemoryUsageTest) ASSERT_EQ( reader->readMemoryUsage(), version == ICgroupsReader::CgroupsVersion::V1 ? /* rss from memory.stat */ 2232029184 - : /* anon+sock+kernel from memory.stat */ 11967193184); + : /* anon+sock+kernel-slab_reclaimable from memory.stat */ 10506210680); } @@ -177,4 +177,29 @@ INSTANTIATE_TEST_SUITE_P( CgroupsMemoryUsageObserverFixture, ::testing::Values(ICgroupsReader::CgroupsVersion::V1, ICgroupsReader::CgroupsVersion::V2)); + +/// Test cgroupv2 memory.stat without kernel/slab_reclaimable (older kernels). +/// Result should be just anon + sock. +TEST(CgroupsV2NoKernel, ReadMemoryUsageTest) +{ + std::string tmp_dir = "./test_cgroups_v2_no_kernel"; + fs::create_directories(tmp_dir); + + auto stat_file = WriteBufferFromFile(tmp_dir + "/memory.stat"); + std::string content = R"(anon 5000000000 +file 1000000000 +sock 1000 +inactive_anon 0 +active_anon 5000000000 +)"; + stat_file.write(content.data(), content.size()); + stat_file.finalize(); + stat_file.sync(); + + auto reader = ICgroupsReader::createCgroupsReader(ICgroupsReader::CgroupsVersion::V2, tmp_dir); + ASSERT_EQ(reader->readMemoryUsage(), /* anon + sock */ 5000001000); + + fs::remove_all(tmp_dir); +} + #endif From 8bb552c30870c1f4f895c12b83a5be699039663c Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Sun, 5 Apr 2026 23:21:30 +0000 Subject: [PATCH 102/141] Backport #100582 to 25.8: Use `aws-sdk-cpp` 1.11.771 --- contrib/aws | 2 +- contrib/aws-c-auth | 2 +- contrib/aws-c-cal | 2 +- contrib/aws-c-common | 2 +- contrib/aws-c-compression | 2 +- contrib/aws-c-event-stream | 2 +- contrib/aws-c-http | 2 +- contrib/aws-c-io | 2 +- contrib/aws-c-mqtt | 2 +- contrib/aws-c-s3 | 2 +- contrib/aws-c-sdkutils | 2 +- contrib/aws-checksums | 2 +- contrib/aws-cmake/AwsGetVersion.cmake | 24 +++++++++++ contrib/aws-cmake/CMakeLists.txt | 58 +++++++++++++++++++++------ contrib/aws-crt-cpp | 2 +- 15 files changed, 82 insertions(+), 26 deletions(-) create mode 100644 contrib/aws-cmake/AwsGetVersion.cmake diff --git a/contrib/aws b/contrib/aws index a86b913abc27..22f694afbdc7 160000 --- a/contrib/aws +++ b/contrib/aws @@ -1 +1 @@ -Subproject commit a86b913abc2795ee23941b24dd51e862214ec6b0 +Subproject commit 22f694afbdc7e9766894998c3745e23f004f8b86 diff --git a/contrib/aws-c-auth b/contrib/aws-c-auth index baeffa791d9d..fc4b87655e5c 160000 --- a/contrib/aws-c-auth +++ b/contrib/aws-c-auth @@ -1 +1 @@ -Subproject commit baeffa791d9d1cf61460662a6d9ac2186aaf05df +Subproject commit fc4b87655e5cd3921f18d1859193c74af4102071 diff --git a/contrib/aws-c-cal b/contrib/aws-c-cal index 1586846816e6..1cb941215889 160000 --- a/contrib/aws-c-cal +++ b/contrib/aws-c-cal @@ -1 +1 @@ -Subproject commit 1586846816e6d7d5ff744a2db943107a3a74a082 +Subproject commit 1cb9412158890201a6ffceed779f90fe1f48180c diff --git a/contrib/aws-c-common b/contrib/aws-c-common index 80f21b3cac5a..95515a8b1ff4 160000 --- a/contrib/aws-c-common +++ b/contrib/aws-c-common @@ -1 +1 @@ -Subproject commit 80f21b3cac5ac51c6b8a62c7d2a5ef58a75195ee +Subproject commit 95515a8b1ff40d5bb14f965ca4cbbe99ad1843df diff --git a/contrib/aws-c-compression b/contrib/aws-c-compression index 99ec79ee2970..d8264e64f698 160000 --- a/contrib/aws-c-compression +++ b/contrib/aws-c-compression @@ -1 +1 @@ -Subproject commit 99ec79ee2970f1a045d4ced1501b97ee521f2f85 +Subproject commit d8264e64f698341eb03039b96b4f44702a9b3f83 diff --git a/contrib/aws-c-event-stream b/contrib/aws-c-event-stream index 08f24e384e5b..f43a3d24a7c1 160000 --- a/contrib/aws-c-event-stream +++ b/contrib/aws-c-event-stream @@ -1 +1 @@ -Subproject commit 08f24e384e5be20bcffa42b49213d24dad7881ae +Subproject commit f43a3d24a7c1f8b50f709ccb4fdf4c7fd2827fff diff --git a/contrib/aws-c-http b/contrib/aws-c-http index a082f8a2067e..a9745ea9998f 160000 --- a/contrib/aws-c-http +++ b/contrib/aws-c-http @@ -1 +1 @@ -Subproject commit a082f8a2067e4a31db73f1d4ffd702a8dc0f7089 +Subproject commit a9745ea9998f679cd7456e7d23cc8820e38c97d4 diff --git a/contrib/aws-c-io b/contrib/aws-c-io index 11ce3c750a1d..89a18aea93e7 160000 --- a/contrib/aws-c-io +++ b/contrib/aws-c-io @@ -1 +1 @@ -Subproject commit 11ce3c750a1dac7b04069fc5bff89e97e91bad4d +Subproject commit 89a18aea93e7b13cd3bfeef46cd0398937013be7 diff --git a/contrib/aws-c-mqtt b/contrib/aws-c-mqtt index 6d36cd372623..1d512d92709f 160000 --- a/contrib/aws-c-mqtt +++ b/contrib/aws-c-mqtt @@ -1 +1 @@ -Subproject commit 6d36cd3726233cb757468d0ea26f6cd8dad151ec +Subproject commit 1d512d92709f60b74e2cafa018e69a2e647f28e9 diff --git a/contrib/aws-c-s3 b/contrib/aws-c-s3 index de36fee8fe7a..e9d1bde139f8 160000 --- a/contrib/aws-c-s3 +++ b/contrib/aws-c-s3 @@ -1 +1 @@ -Subproject commit de36fee8fe7ab02f10987877ae94a805bf440c1f +Subproject commit e9d1bde139f88b08aaa3bf0507f443f31ccede93 diff --git a/contrib/aws-c-sdkutils b/contrib/aws-c-sdkutils index fd8c0ba2e233..f678bda9e21f 160000 --- a/contrib/aws-c-sdkutils +++ b/contrib/aws-c-sdkutils @@ -1 +1 @@ -Subproject commit fd8c0ba2e233997eaaefe82fb818b8b444b956d3 +Subproject commit f678bda9e21f7217e4bbf35e0d1ea59540687933 diff --git a/contrib/aws-checksums b/contrib/aws-checksums index 321b805559c8..1d5f2f1f3e5d 160000 --- a/contrib/aws-checksums +++ b/contrib/aws-checksums @@ -1 +1 @@ -Subproject commit 321b805559c8e911be5bddba13fcbd222a3e2d3a +Subproject commit 1d5f2f1f3e5d013aae8810878ceb5b3f6f258c4e diff --git a/contrib/aws-cmake/AwsGetVersion.cmake b/contrib/aws-cmake/AwsGetVersion.cmake new file mode 100644 index 000000000000..8930f25b2e38 --- /dev/null +++ b/contrib/aws-cmake/AwsGetVersion.cmake @@ -0,0 +1,24 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0. + +function(aws_get_version var_version_major var_version_minor var_version_patch var_version_full var_git_hash) + # Simple version is "MAJOR.MINOR.PATCH" from VERSION file + file(READ "${AWS_CRT_DIR}/VERSION" version_simple) + string(STRIP ${version_simple} version_simple) + set(${var_version_simple} ${version_simple} PARENT_SCOPE) + + string(REPLACE "." ";" VERSION_LIST ${version_simple}) + list(GET VERSION_LIST 0 version_major) + list(GET VERSION_LIST 1 version_minor) + list(GET VERSION_LIST 2 version_patch) + set(${var_version_major} ${version_major} PARENT_SCOPE) + set(${var_version_minor} ${version_minor} PARENT_SCOPE) + set(${var_version_patch} ${version_patch} PARENT_SCOPE) + + # By default, full version is same as simple version. + # But we'll make it more specific later, if we determine that we're not at an exact tagged commit. + set(${var_version_full} ${version_simple} PARENT_SCOPE) + + # Don't include the hash of HEAD in a config file. It's just terrible for build caching and useless + set(var_git_hash "" PARENT_SCOPE) +endfunction() diff --git a/contrib/aws-cmake/CMakeLists.txt b/contrib/aws-cmake/CMakeLists.txt index cc9932a89b13..c36c574215cc 100644 --- a/contrib/aws-cmake/CMakeLists.txt +++ b/contrib/aws-cmake/CMakeLists.txt @@ -25,7 +25,7 @@ include("${ClickHouse_SOURCE_DIR}/contrib/aws-cmake/AwsFeatureTests.cmake") include("${ClickHouse_SOURCE_DIR}/contrib/aws-cmake/AwsThreadAffinity.cmake") include("${ClickHouse_SOURCE_DIR}/contrib/aws-cmake/AwsThreadName.cmake") include("${ClickHouse_SOURCE_DIR}/contrib/aws-cmake/AwsSIMD.cmake") -include("${ClickHouse_SOURCE_DIR}/contrib/aws-crt-cpp/cmake/AwsGetVersion.cmake") +include("${ClickHouse_SOURCE_DIR}/contrib/aws-cmake/AwsGetVersion.cmake") set (AWS_STUBS "${ClickHouse_SOURCE_DIR}/contrib/aws-cmake/aws_stubs.cpp") @@ -44,6 +44,12 @@ if (CMAKE_BUILD_TYPE_UC STREQUAL "DEBUG") list(APPEND AWS_PRIVATE_COMPILE_DEFS "-DDEBUG_BUILD") endif() +if (OS_LINUX) + list(APPEND AWS_PRIVATE_COMPILE_DEFS "-DAWS_ENABLE_EPOLL") +elseif (OS_DARWIN) + list(APPEND AWS_PRIVATE_COMPILE_DEFS "-DAWS_ENABLE_KQUEUE") +endif() + set(ENABLE_OPENSSL_ENCRYPTION ON) if (ENABLE_OPENSSL_ENCRYPTION) list(APPEND AWS_PRIVATE_COMPILE_DEFS "-DENABLE_OPENSSL_ENCRYPTION") @@ -76,8 +82,8 @@ file(GLOB AWS_SDK_CORE_SRC "${AWS_SDK_CORE_DIR}/source/*.cpp" "${AWS_SDK_CORE_DIR}/source/auth/*.cpp" "${AWS_SDK_CORE_DIR}/source/auth/bearer-token-provider/*.cpp" - "${AWS_SDK_CORE_DIR}/source/auth/signer/*.cpp" "${AWS_SDK_CORE_DIR}/source/auth/signer-provider/*.cpp" + "${AWS_SDK_CORE_DIR}/source/auth/signer/*.cpp" "${AWS_SDK_CORE_DIR}/source/client/*.cpp" "${AWS_SDK_CORE_DIR}/source/config/*.cpp" "${AWS_SDK_CORE_DIR}/source/config/defaults/*.cpp" @@ -96,8 +102,11 @@ file(GLOB AWS_SDK_CORE_SRC "${AWS_SDK_CORE_DIR}/source/smithy/tracing/*.cpp" "${AWS_SDK_CORE_DIR}/source/utils/*.cpp" "${AWS_SDK_CORE_DIR}/source/utils/base64/*.cpp" + "${AWS_SDK_CORE_DIR}/source/utils/cbor/*.cpp" + "${AWS_SDK_CORE_DIR}/source/utils/checksum/*.cpp" "${AWS_SDK_CORE_DIR}/source/utils/component-registry/*.cpp" "${AWS_SDK_CORE_DIR}/source/utils/crypto/*.cpp" + "${AWS_SDK_CORE_DIR}/source/utils/crypto/crt/*.cpp" "${AWS_SDK_CORE_DIR}/source/utils/crypto/factory/*.cpp" "${AWS_SDK_CORE_DIR}/source/utils/crypto/openssl/*.cpp" "${AWS_SDK_CORE_DIR}/source/utils/event/*.cpp" @@ -123,8 +132,6 @@ configure_file("${AWS_SDK_CORE_DIR}/include/aws/core/SDKConfig.h.in" "${CMAKE_CURRENT_BINARY_DIR}/include/aws/core/SDKConfig.h" @ONLY) aws_get_version(AWS_CRT_CPP_VERSION_MAJOR AWS_CRT_CPP_VERSION_MINOR AWS_CRT_CPP_VERSION_PATCH FULL_VERSION GIT_HASH) -# Don't include the hash of HEAD in a config file. It's just terrible for build caching and useless -set(GIT_HASH "") set(FULL_VERSION "${AWS_CRT_CPP_VERSION_MAJOR}.${AWS_CRT_CPP_VERSION_MINOR}.${AWS_CRT_CPP_VERSION_PATCH}-clickhouse") configure_file("${AWS_CRT_DIR}/include/aws/crt/Config.h.in" "${CMAKE_CURRENT_BINARY_DIR}/include/aws/crt/Config.h" @ONLY) @@ -168,12 +175,19 @@ list(APPEND AWS_PUBLIC_INCLUDES "${AWS_AUTH_DIR}/include/") # aws-c-cal file(GLOB AWS_CAL_SRC "${AWS_CAL_DIR}/source/*.c" + "${AWS_CAL_DIR}/source/shared/*.c" ) if (ENABLE_OPENSSL_ENCRYPTION) - file(GLOB AWS_CAL_OS_SRC - "${AWS_CAL_DIR}/source/unix/*.c" - ) + if (OS_LINUX) + file(GLOB AWS_CAL_OS_SRC + "${AWS_CAL_DIR}/source/unix/*.c" + ) + else (OS_DARWIN) + file(GLOB AWS_CAL_OS_SRC + "${AWS_CAL_DIR}/source/darwin/*.c" + ) + endif() list(APPEND AWS_PRIVATE_LIBS OpenSSL::Crypto) endif() @@ -196,6 +210,9 @@ file(GLOB AWS_COMMON_SRC "${AWS_COMMON_DIR}/source/external/*.c" "${AWS_COMMON_DIR}/source/posix/*.c" "${AWS_COMMON_DIR}/source/linux/*.c" + "${AWS_COMMON_DIR}/source/external/libcbor/*.c" + "${AWS_COMMON_DIR}/source/external/libcbor/cbor/*.c" + "${AWS_COMMON_DIR}/source/external/libcbor/cbor/internal/*.c" ) file(GLOB AWS_COMMON_ARCH_SRC @@ -208,9 +225,13 @@ if (AWS_ARCH_INTEL) "${AWS_COMMON_DIR}/source/arch/intel/asm/*.c" ) elseif (AWS_ARCH_ARM64 OR AWS_ARCH_ARM32) - if (AWS_HAVE_AUXV) + if (OS_LINUX) + file(GLOB AWS_COMMON_ARCH_SRC + "${AWS_COMMON_DIR}/source/arch/arm/auxv/cpuid.c" + ) + elseif(OS_DARWIN) file(GLOB AWS_COMMON_ARCH_SRC - "${AWS_COMMON_DIR}/source/arch/arm/asm/*.c" + "${AWS_COMMON_DIR}/source/arch/arm/darwin/cpuid.c" ) endif() endif() @@ -232,17 +253,20 @@ list(APPEND AWS_PUBLIC_INCLUDES "${CMAKE_CURRENT_BINARY_DIR}/include" ) +list(APPEND AWS_PRIVATE_INCLUDES + "${AWS_COMMON_DIR}/source/external/libcbor/cbor/" + "${AWS_COMMON_DIR}/source/external/libcbor/" +) + # aws-checksums file(GLOB AWS_CHECKSUMS_SRC "${AWS_CHECKSUMS_DIR}/source/*.c" - "${AWS_CHECKSUMS_DIR}/source/intel/*.c" - "${AWS_CHECKSUMS_DIR}/source/intel/asm/*.c" - "${AWS_CHECKSUMS_DIR}/source/arm/*.c" ) if(AWS_ARCH_INTEL AND AWS_HAVE_GCC_INLINE_ASM) file(GLOB AWS_CHECKSUMS_ARCH_SRC + "${AWS_CHECKSUMS_DIR}/source/intel/*.c" "${AWS_CHECKSUMS_DIR}/source/intel/asm/*.c" ) endif() @@ -296,6 +320,8 @@ file(GLOB AWS_CRT_SRC "${AWS_CRT_DIR}/source/external/*.cpp" "${AWS_CRT_DIR}/source/http/*.cpp" "${AWS_CRT_DIR}/source/io/*.cpp" + "${AWS_CRT_DIR}/source/cbor/*.cpp" + "${AWS_CRT_DIR}/source/checksum/*.cpp" ) list(APPEND AWS_SOURCES ${AWS_CRT_SRC}) @@ -359,6 +385,12 @@ target_include_directories(_aws SYSTEM BEFORE PUBLIC ${AWS_PUBLIC_INCLUDES}) target_include_directories(_aws SYSTEM BEFORE PRIVATE ${AWS_PRIVATE_INCLUDES}) target_compile_definitions(_aws PUBLIC ${AWS_PUBLIC_COMPILE_DEFS}) target_compile_definitions(_aws PRIVATE ${AWS_PRIVATE_COMPILE_DEFS}) + +if (OS_DARWIN) + target_link_libraries(_aws PRIVATE "-framework CoreFoundation") + target_link_libraries(_aws PRIVATE "-framework Security") +endif() + target_link_libraries(_aws PRIVATE ${AWS_PRIVATE_LIBS}) aws_set_thread_affinity_method(_aws) @@ -366,7 +398,7 @@ aws_set_thread_name_method(_aws) # The library is large - avoid bloat. if (OMIT_HEAVY_DEBUG_SYMBOLS) - target_compile_options (_aws PRIVATE -g0) + target_compile_options (_aws PRIVATE -g1) endif() add_library(ch_contrib::aws_s3 ALIAS _aws) diff --git a/contrib/aws-crt-cpp b/contrib/aws-crt-cpp index e5aa45cacfdc..8776fd0dba27 160000 --- a/contrib/aws-crt-cpp +++ b/contrib/aws-crt-cpp @@ -1 +1 @@ -Subproject commit e5aa45cacfdcda7719ead38760e7c61076f5745f +Subproject commit 8776fd0dba27695736939f47d71b3e8ecf69a06d From 4ca492840ccf4d31c3e8b3cd0b5aa0987ed20a22 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Mon, 6 Apr 2026 10:37:42 +0000 Subject: [PATCH 103/141] Backport #101662 to 25.8: Bump curl from 8.18 to 8.19 --- contrib/curl | 2 +- contrib/curl-cmake/CMakeLists.txt | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/contrib/curl b/contrib/curl index 2eebc58c4b8d..8c908d2d0a6d 160000 --- a/contrib/curl +++ b/contrib/curl @@ -1 +1 @@ -Subproject commit 2eebc58c4b8d68c98c8344381a9f6df4cca838fd +Subproject commit 8c908d2d0a6d32abdedda2c52e90bd56ec76c24d diff --git a/contrib/curl-cmake/CMakeLists.txt b/contrib/curl-cmake/CMakeLists.txt index 77dd32ea2a6c..8b74a53a51e0 100644 --- a/contrib/curl-cmake/CMakeLists.txt +++ b/contrib/curl-cmake/CMakeLists.txt @@ -118,7 +118,6 @@ set (SRCS "${LIBRARY_DIR}/lib/socks_sspi.c" "${LIBRARY_DIR}/lib/splay.c" "${LIBRARY_DIR}/lib/strcase.c" - "${LIBRARY_DIR}/lib/strdup.c" "${LIBRARY_DIR}/lib/strequal.c" "${LIBRARY_DIR}/lib/strerror.c" "${LIBRARY_DIR}/lib/system_win32.c" @@ -166,6 +165,7 @@ set (SRCS "${LIBRARY_DIR}/lib/vtls/wolfssl.c" "${LIBRARY_DIR}/lib/vtls/x509asn1.c" "${LIBRARY_DIR}/lib/curlx/base64.c" + "${LIBRARY_DIR}/lib/curlx/basename.c" "${LIBRARY_DIR}/lib/curlx/dynbuf.c" "${LIBRARY_DIR}/lib/curlx/fopen.c" "${LIBRARY_DIR}/lib/curlx/inet_ntop.c" @@ -173,6 +173,7 @@ set (SRCS "${LIBRARY_DIR}/lib/curlx/multibyte.c" "${LIBRARY_DIR}/lib/curlx/nonblock.c" "${LIBRARY_DIR}/lib/curlx/strcopy.c" + "${LIBRARY_DIR}/lib/curlx/strdup.c" "${LIBRARY_DIR}/lib/curlx/strerr.c" "${LIBRARY_DIR}/lib/curlx/strparse.c" "${LIBRARY_DIR}/lib/curlx/timediff.c" From c3c85e0e2bf39fd68c102fb35050529005cbeace Mon Sep 17 00:00:00 2001 From: robot-ch-test-poll4 <69306974+robot-ch-test-poll4@users.noreply.github.com> Date: Mon, 6 Apr 2026 23:49:11 +0200 Subject: [PATCH 104/141] Backport #99484 to 25.8: Keeper: fix race between read requests and session close (#101470) * Backport #99484 to 25.8: Keeper: fix race between read requests and session close * Fix build --------- Co-authored-by: robot-clickhouse Co-authored-by: Antonio Andelic --- src/Coordination/CoordinationSettings.cpp | 2 +- src/Coordination/KeeperDispatcher.cpp | 77 ++++-- src/Coordination/KeeperDispatcher.h | 19 +- .../test_keeper_read_during_close/__init__.py | 0 .../configs/enable_keeper.xml | 30 +++ .../test_keeper_read_during_close/test.py | 235 ++++++++++++++++++ 6 files changed, 337 insertions(+), 26 deletions(-) create mode 100644 tests/integration/test_keeper_read_during_close/__init__.py create mode 100644 tests/integration/test_keeper_read_during_close/configs/enable_keeper.xml create mode 100644 tests/integration/test_keeper_read_during_close/test.py diff --git a/src/Coordination/CoordinationSettings.cpp b/src/Coordination/CoordinationSettings.cpp index 172844e8ea5b..9268bf8497e5 100644 --- a/src/Coordination/CoordinationSettings.cpp +++ b/src/Coordination/CoordinationSettings.cpp @@ -46,7 +46,7 @@ namespace ErrorCodes DECLARE(UInt64, max_requests_batch_bytes_size, 100*1024, "Max size in bytes of batch of requests that can be sent to RAFT", 0) \ DECLARE(UInt64, max_requests_append_size, 100, "Max size of batch of requests that can be sent to replica in append request", 0) \ DECLARE(UInt64, max_flush_batch_size, 1000, "Max size of batch of requests that can be flushed together", 0) \ - DECLARE(UInt64, max_requests_quick_batch_size, 100, "Max size of batch of requests to try to get before proceeding with RAFT. Keeper will not wait for requests but take only requests that are already in queue" , 0) \ + DECLARE(UInt64, max_requests_quick_batch_size, 100, "Obsolete setting, does nothing." , SettingsTierType::OBSOLETE) \ DECLARE(Bool, quorum_reads, false, "Execute read requests as writes through whole RAFT consesus with similar speed", 0) \ DECLARE(Bool, force_sync, true, "Call fsync on each change in RAFT changelog", 0) \ DECLARE(Bool, compress_logs, false, "Write compressed coordination logs in ZSTD format", 0) \ diff --git a/src/Coordination/KeeperDispatcher.cpp b/src/Coordination/KeeperDispatcher.cpp index 13aebbcd4de0..9d18d525ff06 100644 --- a/src/Coordination/KeeperDispatcher.cpp +++ b/src/Coordination/KeeperDispatcher.cpp @@ -175,7 +175,7 @@ void KeeperDispatcher::requestThread() ReadableSize(total_memory_tracker.get()), ReadableSize(total_memory_tracker.getRSS()), request.request->getOpNum()); - addErrorResponses({request}, Coordination::Error::ZOUTOFMEMORY); + addErrorResponses({request}, Coordination::Error::ZOUTOFMEMORY, /*may_have_dependent_reads=*/ false); continue; } @@ -205,7 +205,7 @@ void KeeperDispatcher::requestThread() { const auto & last_request = current_batch.back(); std::lock_guard lock(read_request_queue_mutex); - read_request_queue[last_request.session_id][last_request.request->xid].push_back(request); + read_request_queue[{last_request.session_id, last_request.request->xid}].push_back(request); } else if (request.request->getOpNum() == Coordination::OpNum::Reconfig) { @@ -294,7 +294,24 @@ void KeeperDispatcher::requestThread() /// which always returns nullptr /// in that case we don't have to do manual wait because are already sure that the batch was committed when we get /// the result back - /// otherwise, we need to manually wait until the batch is committed + /// otherwise, we need to manually wait until the batch is committed. + /// TODO: there are a few problems: + /// * There can be multiple forceWaitAndProcessResult calls for different + /// batches between waitCommittedUpto calls. + /// In such case, the addErrorResponses below would apply only to the + /// latest of those batches, but they may all be failed. + /// * Of those multiple forceWaitAndProcessResult calls, it's possible that an + /// earlier one succeeds but a later one fails. Then we won't call + /// waitCommittedUpto on the log_idx from the earlier batch, so a subsequent + /// read may happen before that write is committed, violating + /// read-after-write consistency. + /// * With async replication, it's possible for requests to fail even after + /// their forceWaitAndProcessResult call succeeds, if the leader died after + /// accepting the requests for processing (and returning log_idx) but before + /// sending them to a majority of followers. In such case we'll never send + /// a response to the client for those requests. And we may execute + /// subsequent requests from the same session and send responses for those, + /// violating ordering of responses. if (result_buf) { nuraft::buffer_serializer bs(result_buf); @@ -479,24 +496,19 @@ void KeeperDispatcher::initialize(const Poco::Util::AbstractConfiguration & conf { { /// check if we have queue of read requests depending on this request to be committed + SessionAndXID key(request_for_session.session_id, request_for_session.request->xid); std::lock_guard lock(read_request_queue_mutex); - if (auto it = read_request_queue.find(request_for_session.session_id); it != read_request_queue.end()) + if (auto it = read_request_queue.find(key); it != read_request_queue.end()) { - auto & xid_to_request_queue = it->second; - - if (auto request_queue_it = xid_to_request_queue.find(request_for_session.request->xid); - request_queue_it != xid_to_request_queue.end()) + for (const auto & read_request : it->second) { - for (const auto & read_request : request_queue_it->second) - { - if (server->isLeaderAlive()) - server->putLocalReadRequest(read_request); - else - addErrorResponses({read_request}, Coordination::Error::ZCONNECTIONLOSS); - } - - xid_to_request_queue.erase(request_queue_it); + if (server->isLeaderAlive()) + server->putLocalReadRequest(read_request); + else + addErrorResponses({read_request}, Coordination::Error::ZCONNECTIONLOSS, /*may_have_dependent_reads=*/ false); } + + read_request_queue.erase(it); } } }); @@ -732,14 +744,12 @@ void KeeperDispatcher::finishSession(int64_t session_id) CurrentMetrics::sub(CurrentMetrics::KeeperAliveConnections); } } - { - std::lock_guard lock(read_request_queue_mutex); - read_request_queue.erase(session_id); - } } -void KeeperDispatcher::addErrorResponses(const KeeperRequestsForSessions & requests_for_sessions, Coordination::Error error) +void KeeperDispatcher::addErrorResponses(const KeeperRequestsForSessions & requests_for_sessions, Coordination::Error error, bool may_have_dependent_reads) { + KeeperRequestsForSessions dependent_reads; + for (const auto & request_for_session : requests_for_sessions) { KeeperResponsesForSessions responses; @@ -753,7 +763,25 @@ void KeeperDispatcher::addErrorResponses(const KeeperRequestsForSessions & reque response->xid, response->zxid, error); + + if (may_have_dependent_reads) + { + SessionAndXID key(request_for_session.session_id, request_for_session.request->xid); + std::lock_guard lock(read_request_queue_mutex); + if (auto it = read_request_queue.find(key); it != read_request_queue.end()) + { + dependent_reads.insert(dependent_reads.end(), std::move_iterator(it->second.begin()), std::move_iterator(it->second.end())); + read_request_queue.erase(it); + } + } } + + /// Cancel reads that we piggy-backed to the request that failed. They're innocent bystanders + /// that could otherwise succeed, but we don't have a simple way to run these reads correctly + /// in this situation. In particular, there may be later write requests from their sessions that + /// already completed; in that case we can't do the read at all, our committed state is too new. + if (!dependent_reads.empty()) + addErrorResponses(dependent_reads, error, /*may_have_dependent_reads=*/ false); } nuraft::ptr KeeperDispatcher::forceWaitAndProcessResult( @@ -1023,6 +1051,11 @@ Keeper4LWInfo KeeperDispatcher::getKeeper4LWInfo() const return result; } +uint64_t KeeperDispatcher::SessionAndXIDHash::operator()(std::pair p) const +{ + return CityHash_v1_0_2::Hash128to64({uint64_t(p.first), uint64_t(p.second)}); +} + void KeeperDispatcher::cleanResources() { #if USE_JEMALLOC diff --git a/src/Coordination/KeeperDispatcher.h b/src/Coordination/KeeperDispatcher.h index f2cf75d22a48..0ced1dd4a5e3 100644 --- a/src/Coordination/KeeperDispatcher.h +++ b/src/Coordination/KeeperDispatcher.h @@ -93,7 +93,9 @@ class KeeperDispatcher /// Add error responses for requests to responses queue. /// Clears requests. - void addErrorResponses(const KeeperRequestsForSessions & requests_for_sessions, Coordination::Error error); + /// If may_have_dependent_reads is true, also looks at read_request_queue and adds error + /// responses for any reads that were piggy-backed to these requests. + void addErrorResponses(const KeeperRequestsForSessions & requests_for_sessions, Coordination::Error error, bool may_have_dependent_reads = true); /// Forcefully wait for result and sets errors if something when wrong. /// Clears both arguments @@ -101,10 +103,21 @@ class KeeperDispatcher RaftAppendResult & result, KeeperRequestsForSessions & requests_for_sessions, bool clear_requests_on_success); public: + using SessionAndXID = std::pair; + + struct SessionAndXIDHash + { + uint64_t operator()(std::pair) const; + }; + std::mutex read_request_queue_mutex; - /// queue of read requests that can be processed after a request with specific session ID and XID is committed - std::unordered_map> read_request_queue; + /// Local read requests that are piggy-backed to other raft requests. + /// Map: raft request -> read requests. + /// The read must be executed immediately after the corresponding raft request is committed. + /// Note that the read may belong to a different session than the raft request. + /// (So e.g. we can't remove session ID from this map when the session is closed.) + std::unordered_map read_request_queue; /// Just allocate some objects, real initialization is done by `intialize method` KeeperDispatcher(); diff --git a/tests/integration/test_keeper_read_during_close/__init__.py b/tests/integration/test_keeper_read_during_close/__init__.py new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/tests/integration/test_keeper_read_during_close/configs/enable_keeper.xml b/tests/integration/test_keeper_read_during_close/configs/enable_keeper.xml new file mode 100644 index 000000000000..d171039aedc9 --- /dev/null +++ b/tests/integration/test_keeper_read_during_close/configs/enable_keeper.xml @@ -0,0 +1,30 @@ + + + 9181 + 1 + /var/lib/clickhouse/coordination/log + /var/lib/clickhouse/coordination/snapshots + * + + + 10000 + 3000 + 2000 + 500 + trace + + + 0 + 0 + 0 + + + + + 1 + localhost + 9234 + + + + diff --git a/tests/integration/test_keeper_read_during_close/test.py b/tests/integration/test_keeper_read_during_close/test.py new file mode 100644 index 000000000000..5fc672b9aa2c --- /dev/null +++ b/tests/integration/test_keeper_read_during_close/test.py @@ -0,0 +1,235 @@ +"""Test that read requests from session B are not silently dropped +when the write request they were batched with belongs to session A +and session A expires before the batch commits. + +The bug: read_request_queue keys reads by (sessionA.id, sessionA.xid). +When sessionA expires, finishSession erases read_request_queue[sessionA.id], +silently dropping sessionB's read. SessionB's get() then hangs until timeout. +""" + +import logging +import queue +import socket +import struct +import threading +import time +import traceback +import os + +import pytest +from kazoo.client import KazooClient + +import helpers.keeper_utils as keeper_utils +from helpers.cluster import ClickHouseCluster + +cluster = ClickHouseCluster(__file__) +node = cluster.add_instance( + "node", + main_configs=["configs/enable_keeper.xml"], + stay_alive=True, +) + + +class MicroClient: + @staticmethod + def make_connect_request(timeout_ms=10000): + """ConnectRequest: protocol_version(4) + last_zxid(8) + timeout(4) + session_id(8) + passwd_len(4) + passwd(16) + readonly(1)""" + return struct.pack('>iqiqi 16s', + 0, # protocol version + 0, # last zxid seen + timeout_ms, # requested timeout + 0, # session id (0 = new session) + 16, # passwd length + b'\x00' * 16, # passwd + ) + + @staticmethod + def make_set_request(xid, path: bytes, data: bytes, version=-1): + body = struct.pack('>ii', xid, 5) # xid + opcode 5 = SetData + body += struct.pack('>i', len(path)) + path.encode() + body += struct.pack('>i', len(data)) + data + body += struct.pack('>i', version) + return body + + @staticmethod + def make_frame(payload: bytes) -> bytes: + return struct.pack('>i', len(payload)) + payload + + @staticmethod + def recv_exactly(sock, n): + """Receive exactly n bytes or raise.""" + buf = b'' + while len(buf) < n: + chunk = sock.recv(n - len(buf)) + if not chunk: + raise ConnectionError(f"Connection closed after {len(buf)}/{n} bytes") + buf += chunk + return buf + + @staticmethod + def recv_frame(sock): + """Read a length-prefixed ZK frame.""" + length = struct.unpack('>i', MicroClient.recv_exactly(sock, 4))[0] + return MicroClient.recv_exactly(sock, length) + + @staticmethod + def parse_connect_response(data): + # ConnectResponse: protocol_version(4) + timeout(4) + session_id(8) + passwd_len(4) + passwd(variable) + proto_ver, timeout, session_id = struct.unpack_from('>iiq', data, 0) + passwd_len = struct.unpack_from('>i', data, 16)[0] + passwd = data[20:20 + passwd_len] + return { + 'protocol_version': proto_ver, + 'timeout': timeout, + 'session_id': hex(session_id), + 'passwd': passwd.hex(), + } + + @staticmethod + def parse_reply_header(data): + # ReplyHeader: xid(4) + zxid(8) + err(4) + xid, zxid, err = struct.unpack_from('>iqi', data, 0) + return { + 'xid': xid, + 'zxid': zxid, + 'err': err, + } + + @staticmethod + def parse_stat(data, offset=0): + """Parse a ZK Stat structure (10 fields, 8+8+8+8+4+4+4+8+4+4+8 = 68 bytes).""" + fields = struct.unpack_from('>qqqqiiiqiiq', data, offset) + names = ['czxid', 'mzxid', 'ctime', 'mtime', 'version', 'cversion', + 'aversion', 'ephemeralOwner', 'dataLength', 'numChildren', 'pzxid'] + return dict(zip(names, fields)) + + def __init__(self, hostname, port): + self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + self.sock.settimeout(5.0) + self.sock.connect((hostname, port)) + self.next_xid = 1; + + self.sock.sendall(MicroClient.make_frame(MicroClient.make_connect_request())) + + connect_resp = MicroClient.recv_frame(self.sock) + parsed = MicroClient.parse_connect_response(connect_resp) + + if int(parsed['session_id'], 16) == 0: + raise Exception("Server rejected session (session_id=0)") + + def send_set_request(self, path, data, version=-1): + xid = self.next_xid + self.next_xid += 1 + self.sock.sendall(MicroClient.make_frame(MicroClient.make_set_request(xid, path, data, version))) + return xid + + def recv_set_response(self): + set_resp = MicroClient.recv_frame(self.sock) + header = MicroClient.parse_reply_header(set_resp) + return header + + +@pytest.fixture(scope="module") +def started_cluster(): + try: + cluster.start() + yield cluster + finally: + cluster.shutdown() + + +def get_zk(timeout=30.0): + return keeper_utils.get_fake_zk(cluster, "node", timeout=timeout) + + +def kill_session_socket(zk): + """Forcefully kill the underlying TCP connection without sending Close. + This causes the session to expire after session_timeout_ms.""" + zk._connection._socket.close() + +def test_read_not_dropped_on_session_close(started_cluster): + """Verify that reads from one session are not silently lost + when a concurrent writer session dies.""" + + reader_zk = get_zk() + reader_zk.create("/test_read_close", b"initial") + + # Sanity-check our custom keeper client implementation. + hostname = cluster.get_instance_ip("node") + port = 9181 + temp_zk = MicroClient(hostname, port) + xid = temp_zk.send_set_request("/test_read_close", b"micro") + resp = temp_zk.recv_set_response() + assert resp["xid"] == xid + assert resp["err"] == 0 + + assert reader_zk.get("/test_read_close")[0] == b"micro" + + logging.getLogger('kazoo').setLevel(logging.WARNING) + + fail_event = threading.Event() + stop_event = threading.Event() + errors = queue.Queue() + + def reader_loop(): + """Continuously read /test_read_close. Each get() should complete + within a reasonable time. If it hangs, that's the bug.""" + counter = 0 + try: + zk = get_zk(timeout=10.0) + while not stop_event.is_set(): + zk.get("/test_read_close") + counter += 1 + except: + errors.put(traceback.format_exc()) + fail_event.set() + # This prints around 2200 (on my machine, as of the time of writing, with 10 second test duration). + print(f"sent {counter} read requests") + + def writer_loop(): + """Rapidly create sessions that write and then die (raw socket close). + The intent is that the write and a concurrent read from reader_loop + end up in the same batch, keyed under this writer session's identity.""" + counter = 0 + try: + while not stop_event.is_set(): + counter += 1 + writer_zk = MicroClient(hostname, port) + writer_zk.send_set_request("/test_read_close", f"data_{counter}".encode()) + # Kill the TCP socket without sending Close. + # The session will expire after session_timeout_ms (3s). + writer_zk.sock.close() + + # assert writer_zk.recv_set_response()["err"] == 0 + except: + errors.put(traceback.format_exc()) + fail_event.set() + # This prints around 1800 (on my machine, as of the time of writing, with 10 second test duration). + print(f"sent {counter} write requests") + + + # Run the reader and writer concurrently + reader_thread = threading.Thread(target=reader_loop, daemon=True) + writer_thread = threading.Thread(target=writer_loop, daemon=True) + + reader_thread.start() + writer_thread.start() + + # Run for a few seconds — enough for many session create/expire cycles + # given session_timeout_ms=3000, dead_session_check_period_ms=500. + fail_event.wait(10) + + stop_event.set() + reader_thread.join(timeout=10) + writer_thread.join(timeout=10) + + if fail_event.is_set(): + raise Exception(errors.get(block=False)) + + assert not reader_thread.is_alive(), "Reader thread is stuck" + assert not writer_thread.is_alive(), "Writer thread is stuck" + + # Cleanup + reader_zk.delete("/test_read_close") + reader_zk.stop() + reader_zk.close() From e130c1e26625a4302a33e9aaf74a79a26dcc33a3 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Tue, 7 Apr 2026 10:35:58 +0000 Subject: [PATCH 105/141] Backport #100948 to 25.8: Fix undefined behaviour in DateTimeBestEffort parsing --- src/IO/parseDateTimeBestEffort.cpp | 31 ++++++++++++------- ...st_effort_many_fractional_digits.reference | 9 ++++++ ...ime_best_effort_many_fractional_digits.sql | 23 ++++++++++++++ 3 files changed, 52 insertions(+), 11 deletions(-) create mode 100644 tests/queries/0_stateless/04063_parse_datetime_best_effort_many_fractional_digits.reference create mode 100644 tests/queries/0_stateless/04063_parse_datetime_best_effort_many_fractional_digits.sql diff --git a/src/IO/parseDateTimeBestEffort.cpp b/src/IO/parseDateTimeBestEffort.cpp index 5b2c7ed5a9c7..2b48109804cb 100644 --- a/src/IO/parseDateTimeBestEffort.cpp +++ b/src/IO/parseDateTimeBestEffort.cpp @@ -180,7 +180,7 @@ ReturnType parseDateTimeBestEffortImpl( } if (num_digits == 10 && !year && !has_time) { - if (strict) + if constexpr (strict) return on_error(ErrorCodes::CANNOT_PARSE_DATETIME, "Strict best effort parsing doesn't allow timestamps"); /// This is unix timestamp. @@ -188,14 +188,18 @@ ReturnType parseDateTimeBestEffortImpl( if (fractional && !in.eof() && *in.position() == '.') { ++in.position(); - fractional->digits = readDigits(digits, sizeof(digits), in); + // Prevent numeric overflow + using FractionalType = typename std::decay_tvalue)>; + fractional->digits = static_cast(std::min( + static_cast(std::numeric_limits::digits10), + readDigits(digits, sizeof(digits), in))); readDecimalNumber(fractional->value, fractional->digits, digits); } return ReturnType(true); } if (num_digits == 9 && !year && !has_time) { - if (strict) + if constexpr (strict) return on_error(ErrorCodes::CANNOT_PARSE_DATETIME, "Strict best effort parsing doesn't allow timestamps"); /// This is unix timestamp. @@ -203,14 +207,18 @@ ReturnType parseDateTimeBestEffortImpl( if (fractional && !in.eof() && *in.position() == '.') { ++in.position(); - fractional->digits = readDigits(digits, sizeof(digits), in); + // Prevent numeric overflow + using FractionalType = typename std::decay_tvalue)>; + fractional->digits = static_cast(std::min( + static_cast(std::numeric_limits::digits10), + readDigits(digits, sizeof(digits), in))); readDecimalNumber(fractional->value, fractional->digits, digits); } return ReturnType(true); } if (num_digits == 14 && !year && !has_time) { - if (strict) + if constexpr (strict) return on_error( ErrorCodes::CANNOT_PARSE_DATETIME, "Strict best effort parsing doesn't allow date times without separators"); @@ -225,7 +233,7 @@ ReturnType parseDateTimeBestEffortImpl( } else if (num_digits == 8 && !year) { - if (strict) + if constexpr (strict) return on_error( ErrorCodes::CANNOT_PARSE_DATETIME, "Strict best effort parsing doesn't allow date times without separators"); @@ -236,7 +244,7 @@ ReturnType parseDateTimeBestEffortImpl( } else if (num_digits == 6) { - if (strict) + if constexpr (strict) return on_error( ErrorCodes::CANNOT_PARSE_DATETIME, "Strict best effort parsing doesn't allow date times without separators"); @@ -474,8 +482,9 @@ ReturnType parseDateTimeBestEffortImpl( { if (day_of_month) { - if (strict && hour) - return on_error(ErrorCodes::CANNOT_PARSE_DATETIME, "Cannot read DateTime: hour component is duplicated"); + if constexpr (strict) + if (hour) + return on_error(ErrorCodes::CANNOT_PARSE_DATETIME, "Cannot read DateTime: hour component is duplicated"); hour = hour_or_day_of_month_or_month; } @@ -516,7 +525,7 @@ ReturnType parseDateTimeBestEffortImpl( if (fractional) { using FractionalType = typename std::decay_tvalue)>; - // Reading more decimal digits than fits into FractionalType would case an + // Reading more decimal digits than fits into FractionalType would cause an // overflow, so it is better to skip all digits from the right side that do not // fit into result type. To provide less precise value rather than bogus one. num_digits = std::min(static_cast(std::numeric_limits::digits10), num_digits); @@ -524,7 +533,7 @@ ReturnType parseDateTimeBestEffortImpl( fractional->digits = num_digits; readDecimalNumber(fractional->value, num_digits, digits); } - else if (strict) + else if constexpr (strict) { /// Fractional part is not allowed. return on_error(ErrorCodes::CANNOT_PARSE_DATETIME, "Cannot read DateTime: unexpected fractional part"); diff --git a/tests/queries/0_stateless/04063_parse_datetime_best_effort_many_fractional_digits.reference b/tests/queries/0_stateless/04063_parse_datetime_best_effort_many_fractional_digits.reference new file mode 100644 index 000000000000..afadfedc5ba0 --- /dev/null +++ b/tests/queries/0_stateless/04063_parse_datetime_best_effort_many_fractional_digits.reference @@ -0,0 +1,9 @@ +2020-08-06 22:29:00.123456 +1973-03-03 09:46:40.123456 +2020-08-07 01:29:00.123456 +2020-08-06 22:29:00.999999 +1973-03-03 09:46:40.999999 +2020-08-07 01:29:00.999999 +\N +\N +\N diff --git a/tests/queries/0_stateless/04063_parse_datetime_best_effort_many_fractional_digits.sql b/tests/queries/0_stateless/04063_parse_datetime_best_effort_many_fractional_digits.sql new file mode 100644 index 000000000000..882256ae38d4 --- /dev/null +++ b/tests/queries/0_stateless/04063_parse_datetime_best_effort_many_fractional_digits.sql @@ -0,0 +1,23 @@ +-- Regression test: parsing datetime strings with many fractional digits must not cause +-- signed integer overflow (UB) in readDecimalNumber. Fractional digits are capped at +-- digits10 of the result type (Int64::digits10 = 18). + +-- 18 fractional digits (at the cap) - parses without truncation +SELECT parseDateTime64BestEffort('1596752940.123456789012345678', 6, 'UTC'); +SELECT parseDateTime64BestEffort('100000000.123456789012345678', 6, 'UTC'); +SELECT parseDateTime64BestEffort('2020-08-07 01:29:00.123456789012345678', 6, 'UTC'); + +-- 19 fractional digits with a value that overflows Int64 without the cap: +-- readDecimalNumber processes chunks 4+4+4+4+3; at the last step +-- 9999999999999999 * 1000 overflows Int64, previously causing UB. +-- With the fix the digit count is capped to 18 (chunk 4+4+4+4+2) and the +-- 19th digit is silently dropped. +SELECT parseDateTime64BestEffort('1596752940.9999999999999999999', 6, 'UTC'); +SELECT parseDateTime64BestEffort('100000000.9999999999999999999', 6, 'UTC'); +SELECT parseDateTime64BestEffort('2020-08-07 01:29:00.9999999999999999999', 6, 'UTC'); + +-- 20+ fractional digits: the 20th digit is left in the stream after readDigits +-- exhausts its buffer (UInt64::digits10 = 19), causing a parse error +SELECT parseDateTime64BestEffortOrNull('1596752940.12345678901234567890', 6, 'UTC'); +SELECT parseDateTime64BestEffortOrNull('100000000.12345678901234567890', 6, 'UTC'); +SELECT parseDateTime64BestEffortOrNull('2020-08-07 01:29:00.12345678901234567890', 6, 'UTC'); From d4900e37044ebbc6c931275a0d5cbc33d9feb936 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Tue, 7 Apr 2026 11:31:25 +0000 Subject: [PATCH 106/141] Backport #101658 to 25.8: Bump libarchive from 3.8.5 to 3.8.6 --- contrib/libarchive | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/libarchive b/contrib/libarchive index 7f53fce04e4e..3a9249b4eeb2 160000 --- a/contrib/libarchive +++ b/contrib/libarchive @@ -1 +1 @@ -Subproject commit 7f53fce04e4e672230f4eb80b219af17975e4f83 +Subproject commit 3a9249b4eeb2a101ca4e0d2b12e4007642bac126 From 75457ffe28e5f378d4efc82a00595c341412f259 Mon Sep 17 00:00:00 2001 From: Konstantin Bogdanov Date: Tue, 7 Apr 2026 21:06:47 +0200 Subject: [PATCH 107/141] Fix build --- src/IO/S3/AWSLogger.cpp | 7 +++++++ src/IO/S3/AWSLogger.h | 2 ++ src/IO/S3/Client.cpp | 1 + src/IO/S3/PocoHTTPClient.cpp | 27 +++++++++++++++++++++------ 4 files changed, 31 insertions(+), 6 deletions(-) diff --git a/src/IO/S3/AWSLogger.cpp b/src/IO/S3/AWSLogger.cpp index 254b7aef3d21..71c2ac3f936d 100644 --- a/src/IO/S3/AWSLogger.cpp +++ b/src/IO/S3/AWSLogger.cpp @@ -121,6 +121,13 @@ void AWSLogger::callLogImpl(Aws::Utils::Logging::LogLevel log_level, const char LOG_IMPL(default_logger, level, prio, "{}: {}", tag, message); } +void AWSLogger::vaLog(Aws::Utils::Logging::LogLevel log_level, const char * tag, const char * format_str, va_list) +{ + if (is404Muted(format_str)) + return; + callLogImpl(log_level, tag, format_str); /// FIXME. Variadic arguments? +} + } #endif diff --git a/src/IO/S3/AWSLogger.h b/src/IO/S3/AWSLogger.h index a4987f17c0dd..5bcb1db458f8 100644 --- a/src/IO/S3/AWSLogger.h +++ b/src/IO/S3/AWSLogger.h @@ -29,6 +29,8 @@ class AWSLogger final : public Aws::Utils::Logging::LogSystemInterface void Flush() final {} + void vaLog(Aws::Utils::Logging::LogLevel log_level, const char * tag, const char * format_str, va_list args) final; + private: LoggerPtr default_logger; bool enable_s3_requests_logging; diff --git a/src/IO/S3/Client.cpp b/src/IO/S3/Client.cpp index c46d1456c417..e4f8757d4968 100644 --- a/src/IO/S3/Client.cpp +++ b/src/IO/S3/Client.cpp @@ -10,6 +10,7 @@ #include #include +#include #include #include #include diff --git a/src/IO/S3/PocoHTTPClient.cpp b/src/IO/S3/PocoHTTPClient.cpp index 7b36c5195a34..7f8b374de4f1 100644 --- a/src/IO/S3/PocoHTTPClient.cpp +++ b/src/IO/S3/PocoHTTPClient.cpp @@ -272,6 +272,9 @@ PocoHTTPClient::S3MetricKind PocoHTTPClient::getMetricKind(const Aws::Http::Http { case Aws::Http::HttpMethod::HTTP_GET: case Aws::Http::HttpMethod::HTTP_HEAD: + case Aws::Http::HttpMethod::HTTP_TRACE: + case Aws::Http::HttpMethod::HTTP_OPTIONS: + case Aws::Http::HttpMethod::HTTP_CONNECT: return S3MetricKind::Read; case Aws::Http::HttpMethod::HTTP_POST: case Aws::Http::HttpMethod::HTTP_DELETE: @@ -351,12 +354,15 @@ void PocoHTTPClient::observeLatency(const Aws::Http::HttpRequest & request, S3La { switch (m) { - case Aws::Http::HttpMethod::HTTP_GET: return "GET"; - case Aws::Http::HttpMethod::HTTP_HEAD: return "HEAD"; - case Aws::Http::HttpMethod::HTTP_POST: return "POST"; - case Aws::Http::HttpMethod::HTTP_DELETE: return "DELETE"; - case Aws::Http::HttpMethod::HTTP_PUT: return "PUT"; - case Aws::Http::HttpMethod::HTTP_PATCH: return "PATCH"; + case Aws::Http::HttpMethod::HTTP_GET: return "GET"; + case Aws::Http::HttpMethod::HTTP_HEAD: return "HEAD"; + case Aws::Http::HttpMethod::HTTP_POST: return "POST"; + case Aws::Http::HttpMethod::HTTP_DELETE: return "DELETE"; + case Aws::Http::HttpMethod::HTTP_PUT: return "PUT"; + case Aws::Http::HttpMethod::HTTP_PATCH: return "PATCH"; + case Aws::Http::HttpMethod::HTTP_CONNECT: return "CONNECT"; + case Aws::Http::HttpMethod::HTTP_TRACE: return "TRACE"; + case Aws::Http::HttpMethod::HTTP_OPTIONS: return "OPTIONS"; } }(request.GetMethod()); @@ -417,6 +423,12 @@ String getMethod(const Aws::Http::HttpRequest & request) return Poco::Net::HTTPRequest::HTTP_HEAD; case Aws::Http::HttpMethod::HTTP_PATCH: return Poco::Net::HTTPRequest::HTTP_PATCH; + case Aws::Http::HttpMethod::HTTP_CONNECT: + return Poco::Net::HTTPRequest::HTTP_CONNECT; + case Aws::Http::HttpMethod::HTTP_TRACE: + return Poco::Net::HTTPRequest::HTTP_TRACE; + case Aws::Http::HttpMethod::HTTP_OPTIONS: + return Poco::Net::HTTPRequest::HTTP_OPTIONS; } } @@ -463,6 +475,9 @@ void PocoHTTPClient::makeRequestInternalImpl( { case Aws::Http::HttpMethod::HTTP_GET: case Aws::Http::HttpMethod::HTTP_HEAD: + case Aws::Http::HttpMethod::HTTP_TRACE: + case Aws::Http::HttpMethod::HTTP_OPTIONS: + case Aws::Http::HttpMethod::HTTP_CONNECT: if (get_request_throttler) { Stopwatch sleep_watch; From 4f70d34cc221a616832c5b1c52151200eb3c5d6b Mon Sep 17 00:00:00 2001 From: Konstantin Bogdanov Date: Tue, 7 Apr 2026 23:17:21 +0200 Subject: [PATCH 108/141] poke From 6ff588445a3288091ae0e6fca39e483a61a0d947 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Wed, 8 Apr 2026 14:47:31 +0000 Subject: [PATCH 109/141] Backport #101823 to 25.8: Fix use-after-scope in parallel Object type deserialization --- src/DataTypes/Serializations/SerializationObject.cpp | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/DataTypes/Serializations/SerializationObject.cpp b/src/DataTypes/Serializations/SerializationObject.cpp index b8b7d49bfedb..d597256f993d 100644 --- a/src/DataTypes/Serializations/SerializationObject.cpp +++ b/src/DataTypes/Serializations/SerializationObject.cpp @@ -571,6 +571,16 @@ void SerializationObject::deserializeBinaryBulkStatePrefix( }; size_t task_size = std::max(structure_state_concrete->sorted_dynamic_paths->size() / num_tasks, 1ul); + + /// Ensure all already-scheduled tasks are drained on any exit path (including exceptions), + /// so pool threads do not dereference dangling references to stack locals. + SCOPE_EXIT( + for (const auto & task : tasks) + task->tryExecute(); + for (const auto & task : tasks) + task->wait(); + ); + for (size_t i = 0; i != num_tasks; ++i) { auto cache_copy = cache ? std::make_unique(*cache) : nullptr; From 52c487890943774f44809a68f9886df65d6b960d Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Wed, 8 Apr 2026 15:46:17 +0000 Subject: [PATCH 110/141] Backport #101847 to 25.8: `formatDateTime`: Treat `%W` unconditionally as a variable-length formatter --- src/Functions/formatDateTime.cpp | 16 ++--- ...w_is_a_variable_length_formatter.reference | 64 +++++++++++++++++++ ...etime_w_is_a_variable_length_formatter.sql | 30 +++++++++ 3 files changed, 102 insertions(+), 8 deletions(-) create mode 100644 tests/queries/0_stateless/04077_formatdatetime_w_is_a_variable_length_formatter.reference create mode 100644 tests/queries/0_stateless/04077_formatdatetime_w_is_a_variable_length_formatter.sql diff --git a/src/Functions/formatDateTime.cpp b/src/Functions/formatDateTime.cpp index 5e1a9a210950..be288c8c4b3b 100644 --- a/src/Functions/formatDateTime.cpp +++ b/src/Functions/formatDateTime.cpp @@ -860,7 +860,7 @@ class FunctionFormatDateTimeImpl : public IFunction static bool containsOnlyFixedWidthMySQLFormatters(std::string_view format, bool mysql_M_is_month_name, bool mysql_format_ckl_without_leading_zeros, bool mysql_e_with_space_padding) { static constexpr std::array variable_width_formatter = {'W'}; - static constexpr std::array variable_width_formatter_M_is_month_name = {'W', 'M'}; + static constexpr std::array variable_width_formatter_M_is_month_name = {'M'}; static constexpr std::array variable_width_formatter_leading_zeros = {'c', 'l', 'k'}; static constexpr std::array variable_width_formatter_e_with_space_padding = {'e'}; @@ -871,6 +871,12 @@ class FunctionFormatDateTimeImpl : public IFunction case '%': if (i + 1 >= format.size()) throwLastCharacterIsPercentException(); + + if (std::any_of( + variable_width_formatter.begin(), variable_width_formatter.end(), + [&](char c){ return c == format[i + 1]; })) + return false; + if (mysql_M_is_month_name) { if (std::any_of( @@ -892,13 +898,7 @@ class FunctionFormatDateTimeImpl : public IFunction [&](char c){ return c == format[i + 1]; })) return false; } - else - { - if (std::any_of( - variable_width_formatter.begin(), variable_width_formatter.end(), - [&](char c){ return c == format[i + 1]; })) - return false; - } + i += 1; continue; default: diff --git a/tests/queries/0_stateless/04077_formatdatetime_w_is_a_variable_length_formatter.reference b/tests/queries/0_stateless/04077_formatdatetime_w_is_a_variable_length_formatter.reference new file mode 100644 index 000000000000..cc34d1fc736f --- /dev/null +++ b/tests/queries/0_stateless/04077_formatdatetime_w_is_a_variable_length_formatter.reference @@ -0,0 +1,64 @@ +--- Test with formatdatetime_parsedatetime_m_is_month_name: +Monday 06 +Tuesday 07 +Wednesday 08 +Thursday 09 +Friday 10 +Saturday 11 +Sunday 12 +--- +Monday 06 +Tuesday 07 +Wednesday 08 +Thursday 09 +Friday 10 +Saturday 11 +Sunday 12 +--- Test with formatdatetime_f_prints_single_zero: +Monday 06 +Tuesday 07 +Wednesday 08 +Thursday 09 +Friday 10 +Saturday 11 +Sunday 12 +--- +Monday 06 +Tuesday 07 +Wednesday 08 +Thursday 09 +Friday 10 +Saturday 11 +Sunday 12 +--- Test with formatdatetime_f_prints_scale_number_of_digits: +Monday 06 +Tuesday 07 +Wednesday 08 +Thursday 09 +Friday 10 +Saturday 11 +Sunday 12 +--- +Monday 06 +Tuesday 07 +Wednesday 08 +Thursday 09 +Friday 10 +Saturday 11 +Sunday 12 +--- Test with formatdatetime_format_without_leading_zeros: +Monday 06 +Tuesday 07 +Wednesday 08 +Thursday 09 +Friday 10 +Saturday 11 +Sunday 12 +--- +Monday 06 +Tuesday 07 +Wednesday 08 +Thursday 09 +Friday 10 +Saturday 11 +Sunday 12 diff --git a/tests/queries/0_stateless/04077_formatdatetime_w_is_a_variable_length_formatter.sql b/tests/queries/0_stateless/04077_formatdatetime_w_is_a_variable_length_formatter.sql new file mode 100644 index 000000000000..6f3b612563c7 --- /dev/null +++ b/tests/queries/0_stateless/04077_formatdatetime_w_is_a_variable_length_formatter.sql @@ -0,0 +1,30 @@ +-- Formatter %W in function 'formatDateTime' is a variable-length formatter +-- In Bug 101844, this was the case only for some combinations of extra formatting settings + +DROP TABLE IF EXISTS tab; + +CREATE TABLE tab (d Date) ENGINE = MergeTree ORDER BY d; + +INSERT INTO tab SELECT toDate('2026-04-06') + number FROM numbers(7); + +SELECT '--- Test with formatdatetime_parsedatetime_m_is_month_name:'; +SELECT formatDateTime(d, '%W %d') FROM tab ORDER BY d SETTINGS formatdatetime_parsedatetime_m_is_month_name = 1; +SELECT '---'; +SELECT formatDateTime(d, '%W %d') FROM tab ORDER BY d SETTINGS formatdatetime_parsedatetime_m_is_month_name = 0; + +SELECT '--- Test with formatdatetime_f_prints_single_zero:'; +SELECT formatDateTime(d, '%W %d') FROM tab ORDER BY d SETTINGS formatdatetime_f_prints_single_zero = 0; +SELECT '---'; +SELECT formatDateTime(d, '%W %d') FROM tab ORDER BY d SETTINGS formatdatetime_f_prints_single_zero = 1; + +SELECT '--- Test with formatdatetime_f_prints_scale_number_of_digits:'; +SELECT formatDateTime(d, '%W %d') FROM tab ORDER BY d SETTINGS formatdatetime_f_prints_scale_number_of_digits = 0; +SELECT '---'; +SELECT formatDateTime(d, '%W %d') FROM tab ORDER BY d SETTINGS formatdatetime_f_prints_scale_number_of_digits = 1; + +SELECT '--- Test with formatdatetime_format_without_leading_zeros:'; +SELECT formatDateTime(d, '%W %d') FROM tab ORDER BY d SETTINGS formatdatetime_format_without_leading_zeros = 0; +SELECT '---'; +SELECT formatDateTime(d, '%W %d') FROM tab ORDER BY d SETTINGS formatdatetime_format_without_leading_zeros = 1; + +DROP TABLE tab; From 96658bd7604d90bd96180adcec26b9bcaa7e092e Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Wed, 8 Apr 2026 21:28:49 +0000 Subject: [PATCH 111/141] Backport #101655 to 25.8: Bump MongoDB driver --- contrib/mongo-c-driver | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/mongo-c-driver b/contrib/mongo-c-driver index ba0d1dbf2b74..529d7f0af3b8 160000 --- a/contrib/mongo-c-driver +++ b/contrib/mongo-c-driver @@ -1 +1 @@ -Subproject commit ba0d1dbf2b743a5a96609e7fe6b642876f0900ed +Subproject commit 529d7f0af3b86d7da6ce90562cf9bcd10e8a3a0a From 7bae0d151ff00a7c227155078ce97eeba064d176 Mon Sep 17 00:00:00 2001 From: alesapin Date: Fri, 26 Sep 2025 16:35:33 +0200 Subject: [PATCH 112/141] One more change to adapt to a new SDK --- src/IO/S3/Requests.h | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/src/IO/S3/Requests.h b/src/IO/S3/Requests.h index 6685a1694077..687ab4e9a109 100644 --- a/src/IO/S3/Requests.h +++ b/src/IO/S3/Requests.h @@ -92,6 +92,12 @@ class ExtendedRequest : public BaseRequest return BaseRequest::GetChecksumAlgorithmName(); } + /// TODO Understand what is it. Maybe we need it... + bool IsStreaming() const override + { + return false; + } + std::string getRegionOverride() const { return region_override; @@ -149,6 +155,15 @@ class UploadPartRequest : public ExtendedRequest { public: void SetAdditionalCustomHeaderValue(const Aws::String& headerName, const Aws::String& headerValue) override; + bool RequestChecksumRequired() const override { return is_s3express_bucket; } + bool ShouldComputeContentMd5() const override { return !is_s3express_bucket && checksum; } +}; + +class PutObjectRequest : public ExtendedRequest +{ +public: + bool RequestChecksumRequired() const override { return is_s3express_bucket; } + bool ShouldComputeContentMd5() const override { return !is_s3express_bucket && checksum; } }; class CompleteMultipartUploadRequest : public ExtendedRequest @@ -161,7 +176,6 @@ using CreateMultipartUploadRequest = ExtendedRequest; using UploadPartCopyRequest = ExtendedRequest; -using PutObjectRequest = ExtendedRequest; using DeleteObjectRequest = ExtendedRequest; using DeleteObjectsRequest = ExtendedRequest; From a872767a75c1d35116b05575b95602d0bf37c575 Mon Sep 17 00:00:00 2001 From: alesapin Date: Fri, 26 Sep 2025 22:42:30 +0200 Subject: [PATCH 113/141] Fix Md5 checksums calculation --- src/IO/S3/Requests.h | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/IO/S3/Requests.h b/src/IO/S3/Requests.h index 687ab4e9a109..2a6737d227cb 100644 --- a/src/IO/S3/Requests.h +++ b/src/IO/S3/Requests.h @@ -176,9 +176,19 @@ using CreateMultipartUploadRequest = ExtendedRequest; using UploadPartCopyRequest = ExtendedRequest; -using DeleteObjectRequest = ExtendedRequest; -using DeleteObjectsRequest = ExtendedRequest; +class DeleteObjectRequest : public ExtendedRequest +{ +public: + bool RequestChecksumRequired() const override { return is_s3express_bucket; } + bool ShouldComputeContentMd5() const override { return !is_s3express_bucket && checksum; } +}; +class DeleteObjectsRequest : public ExtendedRequest +{ +public: + bool RequestChecksumRequired() const override { return is_s3express_bucket; } + bool ShouldComputeContentMd5() const override { return !is_s3express_bucket && checksum; } +}; class ComposeObjectRequest : public ExtendedRequest { From 388a5c775616f8a40bf54a87e19ee15585b6781d Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Fri, 10 Apr 2026 03:19:24 +0000 Subject: [PATCH 114/141] Backport #100290 to 25.8: Disable AI SQL generation in embedded client --- src/Client/ClientBase.cpp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/Client/ClientBase.cpp b/src/Client/ClientBase.cpp index 8fe062107fe7..6ced3cd4114c 100644 --- a/src/Client/ClientBase.cpp +++ b/src/Client/ClientBase.cpp @@ -3418,7 +3418,10 @@ void ClientBase::runInteractive() initQueryIdFormats(); #if USE_CLIENT_AI - initAIProvider(); + /// AI SQL generation is disabled for the embedded client (SSH and WebSocket protocols) + /// because it accesses the environment (API keys) which could be a security concern. + if (!isEmbeeddedClient()) + initAIProvider(); #endif /// Initialize DateLUT here to avoid counting time spent here as query execution time. @@ -3669,7 +3672,8 @@ void ClientBase::runNonInteractive() initQueryIdFormats(); #if USE_CLIENT_AI - initAIProvider(); + if (!isEmbeeddedClient()) + initAIProvider(); #endif if (!buzz_house && !queries_files.empty()) From 6f9244ba4e896bad68bd9c3ff20e4a9d3b749288 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Fri, 10 Apr 2026 08:45:39 +0000 Subject: [PATCH 115/141] Backport #101936 to 25.8: Fix SIGSEGV in MergeTreeDataPartWriterWide::cancel during merge cancellation --- src/Common/FailPoint.cpp | 3 +- .../MergeTree/MergeTreeDataPartWriterWide.cpp | 25 +++++++++++++---- ..._part_writer_cancel_on_exception.reference | 1 + ...7_wide_part_writer_cancel_on_exception.sql | 28 +++++++++++++++++++ 4 files changed, 50 insertions(+), 7 deletions(-) create mode 100644 tests/queries/0_stateless/04077_wide_part_writer_cancel_on_exception.reference create mode 100644 tests/queries/0_stateless/04077_wide_part_writer_cancel_on_exception.sql diff --git a/src/Common/FailPoint.cpp b/src/Common/FailPoint.cpp index 216407b8907d..d467b17a2e3c 100644 --- a/src/Common/FailPoint.cpp +++ b/src/Common/FailPoint.cpp @@ -132,7 +132,8 @@ static struct InitFiu REGULAR(patch_parts_reverse_column_order) \ ONCE(smt_commit_exception_before_op) \ ONCE(backup_add_empty_memory_table) \ - REGULAR(refresh_task_stop_racing_for_running_refresh) + REGULAR(refresh_task_stop_racing_for_running_refresh) \ + REGULAR(wide_part_writer_fail_in_add_streams) namespace FailPoints diff --git a/src/Storages/MergeTree/MergeTreeDataPartWriterWide.cpp b/src/Storages/MergeTree/MergeTreeDataPartWriterWide.cpp index 15b555466233..1a786d469330 100644 --- a/src/Storages/MergeTree/MergeTreeDataPartWriterWide.cpp +++ b/src/Storages/MergeTree/MergeTreeDataPartWriterWide.cpp @@ -13,6 +13,7 @@ #include #include #include +#include #include namespace DB @@ -28,6 +29,12 @@ namespace ErrorCodes { extern const int LOGICAL_ERROR; extern const int INCORRECT_FILE_NAME; + extern const int FAULT_INJECTED; +} + +namespace FailPoints +{ + extern const char wide_part_writer_fail_in_add_streams[]; } namespace @@ -191,7 +198,12 @@ void MergeTreeDataPartWriterWide::addStreams( query_write_settings.use_adaptive_write_buffer = settings.use_adaptive_write_buffer_for_dynamic_subcolumns && ISerialization::isDynamicSubcolumn(substream_path, substream_path.size()); query_write_settings.adaptive_write_buffer_initial_size = settings.adaptive_write_buffer_initial_size; - column_streams[stream_name] = std::make_unique>( + fiu_do_on(FailPoints::wide_part_writer_fail_in_add_streams, + { + throw Exception(ErrorCodes::FAULT_INJECTED, "Injected failure in Wide part writer addStreams"); + }); + + column_streams.emplace(stream_name, std::make_unique>( stream_name, data_part_storage, stream_name, DATA_FILE_EXTENSION, @@ -200,7 +212,7 @@ void MergeTreeDataPartWriterWide::addStreams( max_compress_block_size, marks_compression_codec, settings.marks_compress_block_size, - query_write_settings); + query_write_settings)); if (columns_to_load_marks.contains(name_and_type.name)) cached_marks.emplace(stream_name, std::make_unique()); @@ -384,7 +396,7 @@ void MergeTreeDataPartWriterWide::writeSingleMark( void MergeTreeDataPartWriterWide::flushMarkToFile(const StreamNameAndMark & stream_with_mark, size_t rows_in_mark) { - auto & stream = *column_streams[stream_with_mark.stream_name]; + auto & stream = *column_streams.at(stream_with_mark.stream_name); WriteBuffer & marks_out = stream.compress_marks ? stream.marks_compressed_hashing : stream.marks_hashing; writeBinaryLittleEndian(stream_with_mark.mark.offset_in_compressed_file, marks_out); @@ -423,7 +435,7 @@ StreamsWithMarks MergeTreeDataPartWriterWide::getCurrentMarksForColumn( if (is_offsets && offset_columns.contains(stream_name)) return; - auto & stream = *column_streams[stream_name]; + auto & stream = *column_streams.at(stream_name); /// There could already be enough data to compress into the new block. if (stream.compressed_hashing.offset() >= min_compress_block_size) @@ -818,8 +830,9 @@ void MergeTreeDataPartWriterWide::finish(bool sync) void MergeTreeDataPartWriterWide::cancel() noexcept { - for (auto & stream : column_streams) - stream.second->cancel(); + for (auto & stream : column_streams) + if (stream.second) + stream.second->cancel(); column_streams.clear(); serialization_states.clear(); diff --git a/tests/queries/0_stateless/04077_wide_part_writer_cancel_on_exception.reference b/tests/queries/0_stateless/04077_wide_part_writer_cancel_on_exception.reference new file mode 100644 index 000000000000..08839f6bb296 --- /dev/null +++ b/tests/queries/0_stateless/04077_wide_part_writer_cancel_on_exception.reference @@ -0,0 +1 @@ +200 diff --git a/tests/queries/0_stateless/04077_wide_part_writer_cancel_on_exception.sql b/tests/queries/0_stateless/04077_wide_part_writer_cancel_on_exception.sql new file mode 100644 index 000000000000..88a001fc33f0 --- /dev/null +++ b/tests/queries/0_stateless/04077_wide_part_writer_cancel_on_exception.sql @@ -0,0 +1,28 @@ +-- Tags: no-parallel, no-random-merge-tree-settings +-- Regression test: MergeTreeDataPartWriterWide::cancel must not SIGSEGV +-- when addStreams fails mid-way leaving no null entries in column_streams. + +DROP TABLE IF EXISTS t_wide_cancel; + +CREATE TABLE t_wide_cancel (a UInt64, b String, c Float64) +ENGINE = MergeTree ORDER BY a +SETTINGS min_bytes_for_wide_part = 0, min_rows_for_wide_part = 0; + +-- Prevent background merges from racing with the failpoint. +SYSTEM STOP MERGES t_wide_cancel; + +INSERT INTO t_wide_cancel SELECT number, toString(number), number FROM numbers(100); +INSERT INTO t_wide_cancel SELECT number, toString(number), number FROM numbers(100, 100); + +-- Force the Wide writer's addStreams to throw during OPTIMIZE (merge). +SYSTEM ENABLE FAILPOINT wide_part_writer_fail_in_add_streams; +SYSTEM START MERGES t_wide_cancel; + +OPTIMIZE TABLE t_wide_cancel FINAL; -- {serverError FAULT_INJECTED} + +SYSTEM DISABLE FAILPOINT wide_part_writer_fail_in_add_streams; + +-- The server must still be alive and the table readable. +SELECT count() FROM t_wide_cancel; + +DROP TABLE t_wide_cancel; From 0b238762e779a010afaf50d4239765b5655b06b0 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Mon, 13 Apr 2026 21:28:54 +0000 Subject: [PATCH 116/141] Backport #100837 to 25.8: Try fixing use-after-free in RemoteQueryExecutor --- src/Processors/QueryPlan/ReadFromRemote.cpp | 3 ++- src/QueryPipeline/RemoteQueryExecutor.cpp | 9 +++++++-- src/QueryPipeline/RemoteQueryExecutor.h | 5 ++++- src/Storages/IStorageCluster.cpp | 3 ++- src/Storages/StorageDistributed.cpp | 8 ++++++-- 5 files changed, 21 insertions(+), 7 deletions(-) diff --git a/src/Processors/QueryPlan/ReadFromRemote.cpp b/src/Processors/QueryPlan/ReadFromRemote.cpp index 48a412ef781f..4a5502e1562b 100644 --- a/src/Processors/QueryPlan/ReadFromRemote.cpp +++ b/src/Processors/QueryPlan/ReadFromRemote.cpp @@ -602,7 +602,8 @@ void ReadFromRemote::addLazyPipe( my_scalars["_shard_num"] = Block{ {DataTypeUInt32().createColumnConst(1, my_shard.shard_info.shard_num), std::make_shared(), "_shard_num"}}; auto remote_query_executor = std::make_shared( - std::move(connections), query_string, header, my_context, my_throttler, my_scalars, my_external_tables, stage_to_use, my_shard.query_plan); + std::move(connections), query_string, header, my_context, my_throttler, my_scalars, my_external_tables, stage_to_use, + my_shard.query_plan, /*extension=*/std::nullopt, my_shard.shard_info.pool); auto pipe = createRemoteSourcePipe( remote_query_executor, add_agg_info, add_totals, add_extremes, async_read, async_query_sending, parallel_marshalling_threads); diff --git a/src/QueryPipeline/RemoteQueryExecutor.cpp b/src/QueryPipeline/RemoteQueryExecutor.cpp index 8e2e0f0d3079..d2dafcaae6b4 100644 --- a/src/QueryPipeline/RemoteQueryExecutor.cpp +++ b/src/QueryPipeline/RemoteQueryExecutor.cpp @@ -182,10 +182,15 @@ RemoteQueryExecutor::RemoteQueryExecutor( const Tables & external_tables_, QueryProcessingStage::Enum stage_, std::shared_ptr query_plan_, - std::optional extension_) + std::optional extension_, + ConnectionPoolWithFailoverPtr pool) : RemoteQueryExecutor(query_, header_, context_, scalars_, external_tables_, stage_, std::move(query_plan_), extension_) { - create_connections = [this, connections_, throttler, extension_](AsyncCallback) mutable + /// Capture `pool` in the lambda to prevent the connection pool from being destroyed + /// while entries are still in use. The Entry objects hold raw references (via PoolEntryHelper) + /// back to the pool's internal PooledObject and PoolBase structures, so the pool must + /// outlive all Entry objects. + create_connections = [this, connections_, throttler, extension_, pool](AsyncCallback) mutable { auto res = std::make_unique(std::move(connections_), context, throttler); if (extension_ && extension_->replica_info) diff --git a/src/QueryPipeline/RemoteQueryExecutor.h b/src/QueryPipeline/RemoteQueryExecutor.h index d309027d17ff..7464990bf4f2 100644 --- a/src/QueryPipeline/RemoteQueryExecutor.h +++ b/src/QueryPipeline/RemoteQueryExecutor.h @@ -83,6 +83,8 @@ class RemoteQueryExecutor std::optional extension_ = std::nullopt); /// Accepts several connections already taken from pool. + /// The optional `pool` parameter keeps the connection pool alive while entries are in use, + /// preventing use-after-free when the pool would otherwise be destroyed before the entries. RemoteQueryExecutor( std::vector && connections_, const String & query_, @@ -93,7 +95,8 @@ class RemoteQueryExecutor const Tables & external_tables_ = Tables(), QueryProcessingStage::Enum stage_ = QueryProcessingStage::Complete, std::shared_ptr query_plan_ = nullptr, - std::optional extension_ = std::nullopt); + std::optional extension_ = std::nullopt, + ConnectionPoolWithFailoverPtr pool = nullptr); /// Takes a pool and gets one or several connections from it. RemoteQueryExecutor( diff --git a/src/Storages/IStorageCluster.cpp b/src/Storages/IStorageCluster.cpp index 23b73f3d823f..b52c25244ddb 100644 --- a/src/Storages/IStorageCluster.cpp +++ b/src/Storages/IStorageCluster.cpp @@ -232,7 +232,8 @@ void ReadFromCluster::initializePipeline(QueryPipelineBuilder & pipeline, const Tables(), processed_stage, nullptr, - RemoteQueryExecutor::Extension{.task_iterator = extension->task_iterator, .replica_info = std::move(replica_info)}); + RemoteQueryExecutor::Extension{.task_iterator = extension->task_iterator, .replica_info = std::move(replica_info)}, + shard_info.pool); remote_query_executor->setLogger(log); Pipe pipe{std::make_shared( diff --git a/src/Storages/StorageDistributed.cpp b/src/Storages/StorageDistributed.cpp index f5b86d8f783f..895bdd80ac68 100644 --- a/src/Storages/StorageDistributed.cpp +++ b/src/Storages/StorageDistributed.cpp @@ -1241,7 +1241,10 @@ std::optional StorageDistributed::distributedWriteBetweenDistribu /// INSERT SELECT query returns empty block auto remote_query_executor - = std::make_shared(std::move(connections), new_query_str, std::make_shared(Block{}), query_context); + = std::make_shared( + std::move(connections), new_query_str, std::make_shared(Block{}), query_context, + /*throttler=*/nullptr, Scalars{}, Tables{}, QueryProcessingStage::Complete, + /*query_plan=*/nullptr, /*extension=*/std::nullopt, shard_info.pool); QueryPipeline remote_pipeline(std::make_shared( remote_query_executor, false, settings[Setting::async_socket_for_remote], settings[Setting::async_query_sending_for_remote])); remote_pipeline.complete(std::make_shared(remote_query_executor->getSharedHeader())); @@ -1367,7 +1370,8 @@ std::optional StorageDistributed::distributedWriteFromClusterStor Tables{}, QueryProcessingStage::Complete, nullptr, - RemoteQueryExecutor::Extension{.task_iterator = extension.task_iterator, .replica_info = std::move(replica_info)}); + RemoteQueryExecutor::Extension{.task_iterator = extension.task_iterator, .replica_info = std::move(replica_info)}, + replicas.pool); Pipe pipe{std::make_shared( remote_query_executor, From d2249877ff5b3e9439c60416a1aad0661dfcdd64 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Tue, 14 Apr 2026 11:36:55 +0000 Subject: [PATCH 117/141] Backport #99119 to 25.8: Fix LOGICAL_ERROR exception in `ASTColumnsExceptTransformer::transform` --- src/Interpreters/QueryNormalizer.cpp | 15 ++++- src/Parsers/ASTColumnsTransformers.cpp | 7 +- ...33_except_transformer_with_alias.reference | 16 +++++ .../04033_except_transformer_with_alias.sql | 64 +++++++++++++++++++ 4 files changed, 100 insertions(+), 2 deletions(-) create mode 100644 tests/queries/0_stateless/04033_except_transformer_with_alias.reference create mode 100644 tests/queries/0_stateless/04033_except_transformer_with_alias.sql diff --git a/src/Interpreters/QueryNormalizer.cpp b/src/Interpreters/QueryNormalizer.cpp index 55938aab62dd..6c08016e7296 100644 --- a/src/Interpreters/QueryNormalizer.cpp +++ b/src/Interpreters/QueryNormalizer.cpp @@ -10,6 +10,7 @@ #include #include #include +#include #include namespace DB @@ -186,7 +187,19 @@ void QueryNormalizer::visit(ASTTablesInSelectQueryElement & node, const ASTPtr & static bool needVisitChild(const ASTPtr & child) { /// exclude interpolate elements - they are not subject for normalization and will be processed in filling transform - return !(child->as() || child->as() || child->as()); + if (child->as() || child->as() || child->as()) + return false; + + /// Column transformer children (EXCEPT, REPLACE, APPLY) contain column name references + /// that must not be substituted with alias expressions. For example, in + /// `SELECT * EXCEPT (Budget), toFloat64(Budget) AS Budget FROM t`, the `Budget` inside + /// EXCEPT refers to a column name to exclude, not to the alias `Budget`. + /// If the normalizer replaces it, the downstream ASTColumnsExceptTransformer::transform + /// will encounter a non-ASTIdentifier child and throw a LOGICAL_ERROR. + if (child->as()) + return false; + + return true; } /// special visitChildren() for ASTSelectQuery diff --git a/src/Parsers/ASTColumnsTransformers.cpp b/src/Parsers/ASTColumnsTransformers.cpp index 44279c876b05..2696b413fa1b 100644 --- a/src/Parsers/ASTColumnsTransformers.cpp +++ b/src/Parsers/ASTColumnsTransformers.cpp @@ -228,7 +228,12 @@ void ASTColumnsExceptTransformer::transform(ASTs & nodes) const if (!pattern) { for (const auto & child : children) - expected_columns.insert(child->as().name()); + { + if (const auto * identifier = child->as()) + expected_columns.insert(identifier->name()); + else + expected_columns.insert(child->getAliasOrColumnName()); + } for (auto * it = nodes.begin(); it != nodes.end();) { diff --git a/tests/queries/0_stateless/04033_except_transformer_with_alias.reference b/tests/queries/0_stateless/04033_except_transformer_with_alias.reference new file mode 100644 index 000000000000..acc4c297f619 --- /dev/null +++ b/tests/queries/0_stateless/04033_except_transformer_with_alias.reference @@ -0,0 +1,16 @@ +1 x 3 +2 y 5 +1 1.5 +2 2.5 +1 1.5 +2 2.5 +1 X 15 +2 Y 25 +1 x 3 +2 y 5 +1 1.5 +2 2.5 +1 1.5 +2 2.5 +1 X 15 +2 Y 25 diff --git a/tests/queries/0_stateless/04033_except_transformer_with_alias.sql b/tests/queries/0_stateless/04033_except_transformer_with_alias.sql new file mode 100644 index 000000000000..739c252f9ff6 --- /dev/null +++ b/tests/queries/0_stateless/04033_except_transformer_with_alias.sql @@ -0,0 +1,64 @@ +-- Test that SELECT * EXCEPT (col) works when 'col' is also used as an alias in the same SELECT. +-- This used to cause LOGICAL_ERROR "Bad cast from type DB::ASTFunction to DB::ASTIdentifier" +-- because QueryNormalizer could replace the ASTIdentifier inside the EXCEPT transformer +-- with an ASTFunction from the alias before the transformer was expanded. +-- https://github.com/ClickHouse/clickhouse-core-incidents/issues/1433 + +SET allow_experimental_analyzer = 0; + +DROP TABLE IF EXISTS t_except_alias; +CREATE TABLE t_except_alias (a UInt64, b String, c Float64) ENGINE = Memory; +INSERT INTO t_except_alias VALUES (1, 'x', 1.5), (2, 'y', 2.5); + +-- Basic case: EXCEPT column name matches an alias in the same SELECT +SELECT * EXCEPT (c), toFloat64(c) * 2 AS c FROM t_except_alias ORDER BY a; + +-- Same pattern but via subquery in JOIN (triggers interpretSubquery with removeDuplicates) +SELECT t.a, sub.c +FROM t_except_alias AS t +LEFT JOIN ( + SELECT * EXCEPT (c), toString(c) AS c FROM t_except_alias +) AS sub ON t.a = sub.a +ORDER BY t.a; + +-- CTE pattern matching the original incident +WITH data AS ( + SELECT * EXCEPT (c), toFloat64(c) AS c FROM t_except_alias +) +SELECT t.a, d.c +FROM t_except_alias AS t +LEFT JOIN data AS d ON t.a = d.a +ORDER BY t.a; + +-- Multiple columns in EXCEPT with aliases +SELECT * EXCEPT (b, c), upper(b) AS b, toFloat64(c) * 10 AS c FROM t_except_alias ORDER BY a; + +DROP TABLE t_except_alias; + +-- Now test the same with the new analyzer +SET allow_experimental_analyzer = 1; + +DROP TABLE IF EXISTS t_except_alias; +CREATE TABLE t_except_alias (a UInt64, b String, c Float64) ENGINE = Memory; +INSERT INTO t_except_alias VALUES (1, 'x', 1.5), (2, 'y', 2.5); + +SELECT * EXCEPT (c), toFloat64(c) * 2 AS c FROM t_except_alias ORDER BY a; + +SELECT t.a, sub.c +FROM t_except_alias AS t +LEFT JOIN ( + SELECT * EXCEPT (c), toString(c) AS c FROM t_except_alias +) AS sub ON t.a = sub.a +ORDER BY t.a; + +WITH data AS ( + SELECT * EXCEPT (c), toFloat64(c) AS c FROM t_except_alias +) +SELECT t.a, d.c +FROM t_except_alias AS t +LEFT JOIN data AS d ON t.a = d.a +ORDER BY t.a; + +SELECT * EXCEPT (b, c), upper(b) AS b, toFloat64(c) * 10 AS c FROM t_except_alias ORDER BY a; + +DROP TABLE t_except_alias; From 6162314f4d4bcbd13e295d846a90ef037ae489b5 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Tue, 14 Apr 2026 13:47:31 +0000 Subject: [PATCH 118/141] Backport #101761 to 25.8: Fix use-after-free in CPULeaseAllocation wait timer --- src/Common/Scheduler/CPULeaseAllocation.cpp | 10 +++++++++- src/Common/Scheduler/CPULeaseAllocation.h | 9 +++++++++ .../integration/test_scheduler_cpu_preemptive/test.py | 10 ++++++++++ 3 files changed, 28 insertions(+), 1 deletion(-) diff --git a/src/Common/Scheduler/CPULeaseAllocation.cpp b/src/Common/Scheduler/CPULeaseAllocation.cpp index 4fab4be028b8..7a761e1bbdd8 100644 --- a/src/Common/Scheduler/CPULeaseAllocation.cpp +++ b/src/Common/Scheduler/CPULeaseAllocation.cpp @@ -201,6 +201,13 @@ CPULeaseAllocation::CPULeaseAllocation(SlotCount max_threads_, ResourceLink mast , scheduled_increment(CurrentMetrics::ConcurrencyControlScheduled, 0) , lease_id(lease_counter.fetch_add(1, std::memory_order_relaxed)) { + // Capture query-level counters (ThreadGroup) that outlive all worker threads. + // Cannot use CurrentThread::getProfileEvents() in schedule() — it returns the calling + // thread's counters, which may be destroyed before the timer is flushed (UAF). + wait_thread_group = CurrentThread::getGroup(); + if (wait_thread_group) + wait_counters = &wait_thread_group->performance_counters; + std::unique_lock lock{mutex}; if (!schedule(lock)) grantImpl(lock); @@ -220,6 +227,7 @@ void CPULeaseAllocation::free() shutdown = true; acquirable.store(false, std::memory_order_relaxed); + wait_timer.reset(); // Wake up all preempted threads while (true) @@ -593,7 +601,7 @@ bool CPULeaseAllocation::schedule(std::unique_lock &) if (requests.enqueue(cost, requested_ns)) { scheduled_increment.add(); - wait_timer.emplace(CurrentThread::getProfileEvents().timer(ProfileEvents::ConcurrencyControlWaitMicroseconds)); + wait_timer.emplace(wait_counters->timer(ProfileEvents::ConcurrencyControlWaitMicroseconds)); LOG_EVENT(E); return true; } diff --git a/src/Common/Scheduler/CPULeaseAllocation.h b/src/Common/Scheduler/CPULeaseAllocation.h index 687b5709f724..bd2dd59b483f 100644 --- a/src/Common/Scheduler/CPULeaseAllocation.h +++ b/src/Common/Scheduler/CPULeaseAllocation.h @@ -20,6 +20,8 @@ namespace DB { +class ThreadGroup; + struct CPULeaseSettings { static constexpr ResourceCost default_quantum_ns = 10'000'000; @@ -314,6 +316,13 @@ class CPULeaseAllocation final : public ISlotAllocation /// Introspection CurrentMetrics::Increment acquired_increment; CurrentMetrics::Increment scheduled_increment; + /// Stable counters for wait_timer. We cannot use CurrentThread::getProfileEvents() in + /// schedule() because it returns the calling thread's counters, which may be destroyed + /// before the timer is flushed — storing a Timer with a dangling Counters& causes UAF. + /// The ThreadGroupPtr keeps the ThreadGroup (and its performance_counters) alive. + /// Declared before wait_timer so the owner outlives the timer during member destruction. + std::shared_ptr wait_thread_group; + ProfileEvents::Counters * wait_counters = &ProfileEvents::global_counters; std::optional wait_timer; const size_t lease_id; /// Unique identifier for this lease allocation, used for tracing static std::atomic lease_counter; diff --git a/tests/integration/test_scheduler_cpu_preemptive/test.py b/tests/integration/test_scheduler_cpu_preemptive/test.py index a9b57ff34be9..93322653a0f6 100644 --- a/tests/integration/test_scheduler_cpu_preemptive/test.py +++ b/tests/integration/test_scheduler_cpu_preemptive/test.py @@ -185,6 +185,16 @@ def assert_query(node, query_id, slots): "ConcurrencyControlDownscales", lambda x: x == 0, ) + # Verify ConcurrencyControlWaitMicroseconds is populated at query level. + # With independent pools all running concurrently, each query will experience + # scheduler wait time > 0. This serves as a smoke test for the wait timer fix + # (the metric is tracked at ThreadGroup level, not per-thread). + assert_profile_event( + node, + query_id, + "ConcurrencyControlWaitMicroseconds", + lambda x: x > 0, + ) # NOTE: checking thread_ids length is pointless, because query could downscale and then upscale again, gaining more threads than slots assert_query(node, 'test_production', 15) From e84af3582d6e369e59ed1b9ae1247427583d8d37 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Wed, 15 Apr 2026 08:49:02 +0000 Subject: [PATCH 119/141] Backport #102681 to 25.8: Fix SYSTEM WAIT VIEW hanging forever when the view is dropped --- src/Storages/MaterializedView/RefreshTask.cpp | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/Storages/MaterializedView/RefreshTask.cpp b/src/Storages/MaterializedView/RefreshTask.cpp index 15882eae0f88..79925b40c21a 100644 --- a/src/Storages/MaterializedView/RefreshTask.cpp +++ b/src/Storages/MaterializedView/RefreshTask.cpp @@ -223,6 +223,11 @@ void RefreshTask::shutdown() set_handle.reset(); view = nullptr; + + /// Wake up any threads blocked in wait(), so they can see !view and throw TABLE_IS_DROPPED. + /// Without this, wait() would block forever after deactivate() prevents the background task + /// from running (and therefore from ever notifying refresh_cv). + refresh_cv.notify_all(); } void RefreshTask::drop(ContextPtr context) @@ -395,8 +400,10 @@ void RefreshTask::wait() std::unique_lock lock(mutex); refresh_cv.wait(lock, [&] { - return state != RefreshState::Running && state != RefreshState::Scheduling && - state != RefreshState::RunningOnAnotherReplica && (state == RefreshState::Disabled || !scheduling.out_of_schedule_refresh_requested); + return !view + || (state != RefreshState::Running && state != RefreshState::Scheduling + && state != RefreshState::RunningOnAnotherReplica + && (state == RefreshState::Disabled || !scheduling.out_of_schedule_refresh_requested)); }); throw_if_error(); From fb6469fdd2222a4c0dd8c1e80f2dce3b84b045d5 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Wed, 15 Apr 2026 14:49:00 +0000 Subject: [PATCH 120/141] Backport #102606 to 25.8: Use `openssl` 3.5.6 --- contrib/openssl | 2 +- .../darwin_x86_64/include/openssl/cmp.h | 2 ++ .../darwin_x86_64/include/openssl/opensslv.h | 12 ++++++------ tests/integration/test_dictionaries_ddl/test.py | 12 ++++++++++-- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/contrib/openssl b/contrib/openssl index 2aa34c68d677..d0f95dba4cb0 160000 --- a/contrib/openssl +++ b/contrib/openssl @@ -1 +1 @@ -Subproject commit 2aa34c68d677b447fb85c55167d8d1ab98ba4def +Subproject commit d0f95dba4cb06e912c131d64ec77acb20d270fd1 diff --git a/contrib/openssl-cmake/darwin_x86_64/include/openssl/cmp.h b/contrib/openssl-cmake/darwin_x86_64/include/openssl/cmp.h index 60beffd57ef6..1b25211ebb3a 100644 --- a/contrib/openssl-cmake/darwin_x86_64/include/openssl/cmp.h +++ b/contrib/openssl-cmake/darwin_x86_64/include/openssl/cmp.h @@ -194,6 +194,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; * -- CertReqMsg * } */ +# define OSSL_CMP_PKISTATUS_rejected_by_client -5 +# define OSSL_CMP_PKISTATUS_checking_response -4 # define OSSL_CMP_PKISTATUS_request -3 # define OSSL_CMP_PKISTATUS_trans -2 # define OSSL_CMP_PKISTATUS_unspecified -1 diff --git a/contrib/openssl-cmake/darwin_x86_64/include/openssl/opensslv.h b/contrib/openssl-cmake/darwin_x86_64/include/openssl/opensslv.h index b38d64da5930..110c34de0e46 100644 --- a/contrib/openssl-cmake/darwin_x86_64/include/openssl/opensslv.h +++ b/contrib/openssl-cmake/darwin_x86_64/include/openssl/opensslv.h @@ -28,8 +28,8 @@ extern "C" { * These macros express version number MAJOR.MINOR.PATCH exactly */ # define OPENSSL_VERSION_MAJOR 3 -# define OPENSSL_VERSION_MINOR 2 -# define OPENSSL_VERSION_PATCH 1 +# define OPENSSL_VERSION_MINOR 5 +# define OPENSSL_VERSION_PATCH 6 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.2.1" -# define OPENSSL_FULL_VERSION_STR "3.2.1" +# define OPENSSL_VERSION_STR "3.5.6" +# define OPENSSL_FULL_VERSION_STR "3.5.6" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 Jan 2024" +# define OPENSSL_RELEASE_DATE "7 Apr 2026" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.1 30 Jan 2024" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.5.6 7 Apr 2026" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/tests/integration/test_dictionaries_ddl/test.py b/tests/integration/test_dictionaries_ddl/test.py index da69ce619e7e..9d418810bfe4 100644 --- a/tests/integration/test_dictionaries_ddl/test.py +++ b/tests/integration/test_dictionaries_ddl/test.py @@ -586,7 +586,11 @@ def test_secure(started_cluster): ) with pytest.raises(QueryRuntimeException) as excinfo: node1.query("SELECT dictGet('test.clickhouse_secure', 'value', toUInt64(1))") - assert "Unexpected packet from server localhost:9440" in str(excinfo.value) + error = str(excinfo.value) + assert ( + "Unexpected packet from server localhost:9440" in error + or "Connection reset by peer" in error + ) # Secure is set to 0 in named collection node1.query("DROP DICTIONARY IF EXISTS test.clickhouse_secure") @@ -607,7 +611,11 @@ def test_secure(started_cluster): ) with pytest.raises(QueryRuntimeException) as excinfo: node1.query("SELECT dictGet('test.clickhouse_secure', 'value', toUInt64(1))") - assert "Unexpected packet from server localhost:9440" in str(excinfo.value) + error = str(excinfo.value) + assert ( + "Unexpected packet from server localhost:9440" in error + or "Connection reset by peer" in error + ) # Secure is set to 0 in named collection and in 1 in DDL node1.query("DROP DICTIONARY IF EXISTS test.clickhouse_secure") From 879c46afed5e508d3918b10eede8a55af37c975a Mon Sep 17 00:00:00 2001 From: Konstantin Bogdanov Date: Wed, 15 Apr 2026 17:17:28 +0200 Subject: [PATCH 121/141] Pick changes from `bump-openssl-3.5.6` --- contrib/openssl-cmake/CMakeLists.txt | 332 +- .../crypto/aes/aes-riscv64-zvbb-zvkg-zvkned.S | 943 ++ .../asm/crypto/aes/aes-riscv64-zvkb-zvkned.S | 326 + .../asm/crypto/aes/aes-riscv64-zvkned.S | 1401 +++ .../openssl-cmake/asm/crypto/aes/aes-s390x.S | 3 + .../openssl-cmake/asm/crypto/aes/aes-x86_64.s | 2 + .../asm/crypto/aes/aesni-sha1-x86_64.s | 2 + .../asm/crypto/aes/aesni-sha256-x86_64.s | 2 + .../asm/crypto/aes/aesni-x86_64.s | 2 + .../asm/crypto/aes/aesni-xts-avx512.s | 8124 +++++++++++++++++ .../openssl-cmake/asm/crypto/aes/aesv8-armx.S | 729 +- .../asm/crypto/aes/bsaes-armv8.S | 26 +- .../asm/crypto/aes/bsaes-x86_64.s | 5 +- .../asm/crypto/aes/vpaes-armv8.S | 53 +- .../asm/crypto/aes/vpaes-x86_64.s | 3 +- .../openssl-cmake/asm/crypto/bn/armv8-mont.S | 3 + .../asm/crypto/bn/rsaz-2k-avx512.s | 4 +- .../asm/crypto/bn/rsaz-2k-avxifma.s | 1146 +++ .../asm/crypto/bn/rsaz-3k-avx512.s | 4 +- .../asm/crypto/bn/rsaz-3k-avxifma.s | 1747 ++++ .../asm/crypto/bn/rsaz-4k-avx512.s | 4 +- .../asm/crypto/bn/rsaz-4k-avxifma.s | 1901 ++++ .../openssl-cmake/asm/crypto/bn/rsaz-avx2.s | 2 + .../openssl-cmake/asm/crypto/bn/rsaz-x86_64.s | 2 + .../asm/crypto/bn/x86_64-mont5.s | 2 + .../asm/crypto/camellia/cmll-x86_64.s | 2 + .../asm/crypto/chacha/chacha-armv8-sve.S | 464 +- .../asm/crypto/chacha/chacha-armv8.S | 13 +- .../asm/crypto/chacha/chacha-x86_64.s | 2 + .../asm/crypto/ec/ecp_nistz256-armv8.S | 100 +- .../asm/crypto/ec/ecp_nistz256-x86_64.s | 4 +- .../asm/crypto/ec/ecp_sm2p256-armv8.S | 28 +- .../asm/crypto/loongarch64cpuid.S | 4 +- .../asm/crypto/md5/asm/md5-aarch64.S | 128 +- .../openssl-cmake/asm/crypto/md5/md5-x86_64.s | 32 +- .../asm/crypto/modes/aes-gcm-avx512.s | 2 +- .../modes/aes-gcm-riscv64-zvkb-zvkg-zvkned.S | 1540 ++++ .../asm/crypto/modes/aesni-gcm-x86_64.s | 2 + .../asm/crypto/modes/asm/aes-gcm-armv8_64.S | 1 + .../crypto/modes/ghash-riscv64-zvkb-zvbc.S | 268 + .../asm/crypto/modes/ghash-riscv64-zvkg.S | 81 + .../asm/crypto/modes/ghash-x86_64.s | 4 + .../asm/crypto/modes/ghashv8-armx.S | 1 + .../asm/crypto/poly1305/poly1305-armv8.S | 20 +- .../asm/crypto/poly1305/poly1305-x86_64.s | 8 + .../openssl-cmake/asm/crypto/riscv64cpuid.S | 12 + contrib/openssl-cmake/asm/crypto/s390xcpuid.S | 4 +- .../asm/crypto/sha/keccak1600-armv8.S | 14 +- .../asm/crypto/sha/keccak1600-avx2.s | 600 ++ .../asm/crypto/sha/keccak1600-avx512.s | 496 + .../asm/crypto/sha/keccak1600-avx512vl.s | 580 ++ .../asm/crypto/sha/keccak1600-s390x.S | 2 + .../asm/crypto/sha/keccak1600-x86_64.s | 15 +- .../openssl-cmake/asm/crypto/sha/sha1-armv8.S | 6 +- .../asm/crypto/sha/sha1-mb-x86_64.s | 3 +- .../asm/crypto/sha/sha1-x86_64.s | 2 + .../asm/crypto/sha/sha256-armv8.S | 15 +- .../asm/crypto/sha/sha256-mb-x86_64.s | 2 + .../asm/crypto/sha/sha256-x86_64.s | 2 + .../asm/crypto/sha/sha512-armv8.S | 12 +- .../asm/crypto/sha/sha512-x86_64.s | 2 + .../asm/crypto/sm3/asm/sm3-armv8.S | 15 +- .../asm/crypto/sm4/asm/sm4-armv8.S | 191 +- .../asm/crypto/sm4/asm/sm4-riscv64-zvksed.S | 188 + .../asm/crypto/sm4/asm/vpsm4-armv8.S | 59 +- .../asm/crypto/sm4/asm/vpsm4_ex-armv8.S | 135 +- .../asm/crypto/sm4/sm4-riscv64-zvksed.S | 188 + .../asm/crypto/whrlpool/wp-x86_64.s | 1 + .../openssl-cmake/asm/crypto/x86_64cpuid.s | 30 +- contrib/openssl-cmake/asm/generate_asm.sh | 34 +- .../common/include/crypto/bn_conf.h | 29 + .../common/include/crypto/dso_conf.h | 19 + .../common/include/internal/param_names.h | 469 + .../common/include/openssl/asn1.h | 1134 +++ .../common/include/openssl/asn1t.h | 946 ++ .../common/include/openssl/bio.h | 1022 +++ .../common/include/openssl/cmp.h | 729 ++ .../common/include/openssl/cms.h | 511 ++ .../common/include/openssl/comp.h | 98 + .../common/include/openssl/conf.h | 214 + .../common/include/openssl/configuration.h | 185 + .../common/include/openssl/core_names.h | 575 ++ .../common/include/openssl/crmf.h | 278 + .../common/include/openssl/crypto.h | 583 ++ .../openssl-cmake/common/include/openssl/ct.h | 573 ++ .../common/include/openssl/err.h | 512 ++ .../common/include/openssl/ess.h | 128 + .../common/include/openssl/fipskey.h | 41 + .../common/include/openssl/lhash.h | 398 + .../common/include/openssl/ocsp.h | 483 + .../common/include/openssl/opensslv.h | 114 + .../common/include/openssl/pkcs12.h | 366 + .../common/include/openssl/pkcs7.h | 430 + .../common/include/openssl/safestack.h | 297 + .../common/include/openssl/srp.h | 285 + .../common/include/openssl/ssl.h | 2933 ++++++ .../openssl-cmake/common/include/openssl/ui.h | 407 + .../common/include/openssl/x509.h | 1303 +++ .../common/include/openssl/x509_acert.h | 294 + .../common/include/openssl/x509_vfy.h | 903 ++ .../common/include/openssl/x509v3.h | 1968 ++++ .../common/include/prov/der_digests.h | 160 + .../common/include/prov/der_dsa.h | 94 + .../common/include/prov/der_ec.h | 286 + .../common/include/prov/der_ecx.h | 50 + .../common/include/prov/der_ml_dsa.h | 40 + .../common/include/prov/der_rsa.h | 187 + .../common/include/prov/der_slh_dsa.h | 103 + .../common/include/prov/der_sm2.h | 37 + .../common/include/prov/der_wrap.h | 46 + contrib/openssl-cmake/common/params_idx.c | 3366 +++++++ .../common/providers/der_digests_gen.c | 160 + .../common/providers/der_dsa_gen.c | 94 + .../common/providers/der_ec_gen.c | 279 + .../common/providers/der_ecx_gen.c | 44 + .../common/providers/der_ml_dsa_gen.c | 37 + .../common/providers/der_rsa_gen.c | 174 + .../common/providers/der_slh_dsa_gen.c | 100 + .../common/providers/der_sm2_gen.c | 30 + .../common/providers/der_wrap_gen.c | 46 + .../darwin_aarch64/include/openssl/cmp.h | 2 + .../darwin_aarch64/include/openssl/opensslv.h | 12 +- .../darwin_aarch64/include_private/buildinf.h | 23 +- .../darwin_x86_64/include_private/buildinf.h | 24 +- .../linux_aarch64/include/openssl/cmp.h | 2 + .../linux_aarch64/include/openssl/opensslv.h | 12 +- .../linux_aarch64/include_private/buildinf.h | 24 +- .../linux_loongarch64/include/openssl/cmp.h | 2 + .../include/openssl/opensslv.h | 12 +- .../include_private/buildinf.h | 23 +- .../linux_ppc64le/include/openssl/cmp.h | 2 + .../linux_ppc64le/include/openssl/opensslv.h | 12 +- .../linux_ppc64le/include_private/buildinf.h | 24 +- .../linux_riscv64/include/openssl/cmp.h | 2 + .../linux_riscv64/include/openssl/opensslv.h | 12 +- .../linux_riscv64/include_private/buildinf.h | 22 +- .../linux_s390x/include/openssl/cmp.h | 2 + .../linux_s390x/include/openssl/opensslv.h | 12 +- .../linux_s390x/include_private/buildinf.h | 26 +- .../linux_x86_64/include/openssl/cmp.h | 2 + .../linux_x86_64/include/openssl/opensslv.h | 12 +- .../linux_x86_64/include_private/buildinf.h | 28 +- 142 files changed, 44906 insertions(+), 1026 deletions(-) create mode 100644 contrib/openssl-cmake/asm/crypto/aes/aes-riscv64-zvbb-zvkg-zvkned.S create mode 100644 contrib/openssl-cmake/asm/crypto/aes/aes-riscv64-zvkb-zvkned.S create mode 100644 contrib/openssl-cmake/asm/crypto/aes/aes-riscv64-zvkned.S create mode 100644 contrib/openssl-cmake/asm/crypto/aes/aesni-xts-avx512.s create mode 100644 contrib/openssl-cmake/asm/crypto/bn/rsaz-2k-avxifma.s create mode 100644 contrib/openssl-cmake/asm/crypto/bn/rsaz-3k-avxifma.s create mode 100644 contrib/openssl-cmake/asm/crypto/bn/rsaz-4k-avxifma.s create mode 100644 contrib/openssl-cmake/asm/crypto/modes/aes-gcm-riscv64-zvkb-zvkg-zvkned.S create mode 100644 contrib/openssl-cmake/asm/crypto/modes/ghash-riscv64-zvkb-zvbc.S create mode 100644 contrib/openssl-cmake/asm/crypto/modes/ghash-riscv64-zvkg.S create mode 100644 contrib/openssl-cmake/asm/crypto/sha/keccak1600-avx2.s create mode 100644 contrib/openssl-cmake/asm/crypto/sha/keccak1600-avx512.s create mode 100644 contrib/openssl-cmake/asm/crypto/sha/keccak1600-avx512vl.s create mode 100644 contrib/openssl-cmake/asm/crypto/sm4/asm/sm4-riscv64-zvksed.S create mode 100644 contrib/openssl-cmake/asm/crypto/sm4/sm4-riscv64-zvksed.S create mode 100644 contrib/openssl-cmake/common/include/crypto/bn_conf.h create mode 100644 contrib/openssl-cmake/common/include/crypto/dso_conf.h create mode 100644 contrib/openssl-cmake/common/include/internal/param_names.h create mode 100644 contrib/openssl-cmake/common/include/openssl/asn1.h create mode 100644 contrib/openssl-cmake/common/include/openssl/asn1t.h create mode 100644 contrib/openssl-cmake/common/include/openssl/bio.h create mode 100644 contrib/openssl-cmake/common/include/openssl/cmp.h create mode 100644 contrib/openssl-cmake/common/include/openssl/cms.h create mode 100644 contrib/openssl-cmake/common/include/openssl/comp.h create mode 100644 contrib/openssl-cmake/common/include/openssl/conf.h create mode 100644 contrib/openssl-cmake/common/include/openssl/configuration.h create mode 100644 contrib/openssl-cmake/common/include/openssl/core_names.h create mode 100644 contrib/openssl-cmake/common/include/openssl/crmf.h create mode 100644 contrib/openssl-cmake/common/include/openssl/crypto.h create mode 100644 contrib/openssl-cmake/common/include/openssl/ct.h create mode 100644 contrib/openssl-cmake/common/include/openssl/err.h create mode 100644 contrib/openssl-cmake/common/include/openssl/ess.h create mode 100644 contrib/openssl-cmake/common/include/openssl/fipskey.h create mode 100644 contrib/openssl-cmake/common/include/openssl/lhash.h create mode 100644 contrib/openssl-cmake/common/include/openssl/ocsp.h create mode 100644 contrib/openssl-cmake/common/include/openssl/opensslv.h create mode 100644 contrib/openssl-cmake/common/include/openssl/pkcs12.h create mode 100644 contrib/openssl-cmake/common/include/openssl/pkcs7.h create mode 100644 contrib/openssl-cmake/common/include/openssl/safestack.h create mode 100644 contrib/openssl-cmake/common/include/openssl/srp.h create mode 100644 contrib/openssl-cmake/common/include/openssl/ssl.h create mode 100644 contrib/openssl-cmake/common/include/openssl/ui.h create mode 100644 contrib/openssl-cmake/common/include/openssl/x509.h create mode 100644 contrib/openssl-cmake/common/include/openssl/x509_acert.h create mode 100644 contrib/openssl-cmake/common/include/openssl/x509_vfy.h create mode 100644 contrib/openssl-cmake/common/include/openssl/x509v3.h create mode 100644 contrib/openssl-cmake/common/include/prov/der_digests.h create mode 100644 contrib/openssl-cmake/common/include/prov/der_dsa.h create mode 100644 contrib/openssl-cmake/common/include/prov/der_ec.h create mode 100644 contrib/openssl-cmake/common/include/prov/der_ecx.h create mode 100644 contrib/openssl-cmake/common/include/prov/der_ml_dsa.h create mode 100644 contrib/openssl-cmake/common/include/prov/der_rsa.h create mode 100644 contrib/openssl-cmake/common/include/prov/der_slh_dsa.h create mode 100644 contrib/openssl-cmake/common/include/prov/der_sm2.h create mode 100644 contrib/openssl-cmake/common/include/prov/der_wrap.h create mode 100644 contrib/openssl-cmake/common/params_idx.c create mode 100644 contrib/openssl-cmake/common/providers/der_digests_gen.c create mode 100644 contrib/openssl-cmake/common/providers/der_dsa_gen.c create mode 100644 contrib/openssl-cmake/common/providers/der_ec_gen.c create mode 100644 contrib/openssl-cmake/common/providers/der_ecx_gen.c create mode 100644 contrib/openssl-cmake/common/providers/der_ml_dsa_gen.c create mode 100644 contrib/openssl-cmake/common/providers/der_rsa_gen.c create mode 100644 contrib/openssl-cmake/common/providers/der_slh_dsa_gen.c create mode 100644 contrib/openssl-cmake/common/providers/der_sm2_gen.c create mode 100644 contrib/openssl-cmake/common/providers/der_wrap_gen.c diff --git a/contrib/openssl-cmake/CMakeLists.txt b/contrib/openssl-cmake/CMakeLists.txt index dac059587392..e5fa8e641c9f 100644 --- a/contrib/openssl-cmake/CMakeLists.txt +++ b/contrib/openssl-cmake/CMakeLists.txt @@ -33,16 +33,7 @@ set(OPENSSLDIR "/etc/ssl" CACHE PATH "Set the default openssl directory") set(OPENSSL_ENGINESDIR "/usr/local/lib/engines-3" CACHE PATH "Set the default openssl directory for engines") set(OPENSSL_MODULESDIR "/usr/local/lib/ossl-modules" CACHE PATH "Set the default openssl directory for modules") -# special type of build during cross-compilation -if(OPENSSL_AUX_BUILD_FOR_CROSS_COMPILATION) - add_definitions(-DOPENSSL_NO_KTLS -DOPENSSLDIR="\\\"${OPENSSLDIR}\\\"" -DENGINESDIR="\\\"${OPENSSL_ENGINESDIR}\\\"" -DMODULESDIR="\\\"${OPENSSL_MODULESDIR}\\\"" -DOPENSSL_USE_NODELETE -DOPENSSL_PIC) - add_compile_options("-Wno-deprecated-declarations") - add_compile_options("-Wno-poison-system-directories") -else() - add_definitions(-DOPENSSL_NO_KTLS -DOPENSSLDIR="${OPENSSLDIR}" -DENGINESDIR="${OPENSSL_ENGINESDIR}" -DMODULESDIR="${OPENSSL_MODULESDIR}" -DOPENSSL_USE_NODELETE -DOPENSSL_PIC) - target_compile_options(global-group INTERFACE "-Wno-deprecated-declarations") - target_compile_options(global-group INTERFACE "-Wno-poison-system-directories") -endif() +add_definitions(-DOPENSSL_NO_KTLS -DOPENSSLDIR="${OPENSSLDIR}" -DENGINESDIR="${OPENSSL_ENGINESDIR}" -DMODULESDIR="${OPENSSL_MODULESDIR}" -DOPENSSL_USE_NODELETE -DOPENSSL_PIC) if(ARCH_AMD64) if(OS_DARWIN) @@ -74,7 +65,7 @@ elseif(ARCH_LOONGARCH64) add_definitions(-DOPENSSL_CPUID_OBJ -DL_ENDIAN) endif() -file(STRINGS "${PLATFORM_DIRECTORY}/include/openssl/opensslv.h" OPENSSL_VERSION_STR +file(STRINGS "common/include/openssl/opensslv.h" OPENSSL_VERSION_STR REGEX "^#[\t ]*define[\t ]+OPENSSL_VERSION_STR[\t ]+\"([0-9])+\\.([0-9])+\\.([0-9])+\".*") string(REGEX REPLACE "^.*OPENSSL_VERSION_STR[\t ]+\"([0-9]+\\.[0-9]+\\.[0-9]+)\".*$" "\\1" OPENSSL_VERSION_STR "${OPENSSL_VERSION_STR}") @@ -110,15 +101,17 @@ if(NOT ARCH_S390X) endif() set(CRYPTO_SRC - der_digests_gen.c - der_dsa_gen.c - der_ec_gen.c - der_ecx_gen.c - der_rsa_gen.c - der_wrap_gen.c - der_sm2_gen.c + common/providers/der_digests_gen.c + common/providers/der_dsa_gen.c + common/providers/der_ec_gen.c + common/providers/der_ecx_gen.c + common/providers/der_ml_dsa_gen.c + common/providers/der_rsa_gen.c + common/providers/der_slh_dsa_gen.c + common/providers/der_sm2_gen.c + common/providers/der_wrap_gen.c - ${PLATFORM_DIRECTORY}/params_idx.c + common/params_idx.c ${OPENSSL_SOURCE_DIR}/crypto/aes/aes_cfb.c ${OPENSSL_SOURCE_DIR}/crypto/aes/aes_ecb.c @@ -311,6 +304,7 @@ set(CRYPTO_SRC ${OPENSSL_SOURCE_DIR}/crypto/comp/c_zstd.c ${OPENSSL_SOURCE_DIR}/crypto/comp/comp_err.c ${OPENSSL_SOURCE_DIR}/crypto/comp/comp_lib.c + ${OPENSSL_SOURCE_DIR}/crypto/comp_methods.c ${OPENSSL_SOURCE_DIR}/crypto/conf/conf_api.c ${OPENSSL_SOURCE_DIR}/crypto/conf/conf_def.c ${OPENSSL_SOURCE_DIR}/crypto/conf/conf_err.c @@ -342,6 +336,7 @@ set(CRYPTO_SRC ${OPENSSL_SOURCE_DIR}/crypto/ct/ct_x509v3.c ${OPENSSL_SOURCE_DIR}/crypto/ctype.c ${OPENSSL_SOURCE_DIR}/crypto/cversion.c + ${OPENSSL_SOURCE_DIR}/crypto/defaults.c ${OPENSSL_SOURCE_DIR}/crypto/der_writer.c ${OPENSSL_SOURCE_DIR}/crypto/des/cbc_cksm.c ${OPENSSL_SOURCE_DIR}/crypto/des/cbc_enc.c @@ -465,11 +460,6 @@ set(CRYPTO_SRC ${OPENSSL_SOURCE_DIR}/crypto/evp/c_allc.c ${OPENSSL_SOURCE_DIR}/crypto/evp/c_alld.c ${OPENSSL_SOURCE_DIR}/crypto/evp/cmeth_lib.c - ${OPENSSL_SOURCE_DIR}/crypto/evp/pmeth_lib.c - ${OPENSSL_SOURCE_DIR}/crypto/evp/pmeth_gn.c - ${OPENSSL_SOURCE_DIR}/crypto/evp/pmeth_check.c - ${OPENSSL_SOURCE_DIR}/crypto/evp/pbe_scrypt.c - ${OPENSSL_SOURCE_DIR}/crypto/evp/signature.c ${OPENSSL_SOURCE_DIR}/crypto/evp/ctrl_params_translate.c ${OPENSSL_SOURCE_DIR}/crypto/evp/dh_ctrl.c ${OPENSSL_SOURCE_DIR}/crypto/evp/dh_support.c @@ -535,6 +525,13 @@ set(CRYPTO_SRC ${OPENSSL_SOURCE_DIR}/crypto/evp/p_seal.c ${OPENSSL_SOURCE_DIR}/crypto/evp/p_sign.c ${OPENSSL_SOURCE_DIR}/crypto/evp/p_verify.c + ${OPENSSL_SOURCE_DIR}/crypto/evp/pbe_scrypt.c + ${OPENSSL_SOURCE_DIR}/crypto/evp/pmeth_check.c + ${OPENSSL_SOURCE_DIR}/crypto/evp/pmeth_gn.c + ${OPENSSL_SOURCE_DIR}/crypto/evp/pmeth_lib.c + ${OPENSSL_SOURCE_DIR}/crypto/evp/s_lib.c + ${OPENSSL_SOURCE_DIR}/crypto/evp/signature.c + ${OPENSSL_SOURCE_DIR}/crypto/evp/skeymgmt_meth.c ${OPENSSL_SOURCE_DIR}/crypto/ex_data.c ${OPENSSL_SOURCE_DIR}/crypto/ffc/ffc_backend.c ${OPENSSL_SOURCE_DIR}/crypto/ffc/ffc_dh.c @@ -544,6 +541,8 @@ set(CRYPTO_SRC ${OPENSSL_SOURCE_DIR}/crypto/ffc/ffc_params_generate.c ${OPENSSL_SOURCE_DIR}/crypto/ffc/ffc_params_validate.c ${OPENSSL_SOURCE_DIR}/crypto/getenv.c + ${OPENSSL_SOURCE_DIR}/crypto/hashtable/hashfunc.c + ${OPENSSL_SOURCE_DIR}/crypto/hashtable/hashtable.c ${OPENSSL_SOURCE_DIR}/crypto/hmac/hmac.c ${OPENSSL_SOURCE_DIR}/crypto/hpke/hpke.c ${OPENSSL_SOURCE_DIR}/crypto/hpke/hpke_util.c @@ -555,6 +554,7 @@ set(CRYPTO_SRC ${OPENSSL_SOURCE_DIR}/crypto/idea/i_ecb.c ${OPENSSL_SOURCE_DIR}/crypto/idea/i_ofb64.c ${OPENSSL_SOURCE_DIR}/crypto/idea/i_skey.c + ${OPENSSL_SOURCE_DIR}/crypto/indicator_core.c ${OPENSSL_SOURCE_DIR}/crypto/info.c ${OPENSSL_SOURCE_DIR}/crypto/init.c ${OPENSSL_SOURCE_DIR}/crypto/initthread.c @@ -570,6 +570,15 @@ set(CRYPTO_SRC ${OPENSSL_SOURCE_DIR}/crypto/mdc2/mdc2dgst.c ${OPENSSL_SOURCE_DIR}/crypto/mem.c ${OPENSSL_SOURCE_DIR}/crypto/mem_sec.c + ${OPENSSL_SOURCE_DIR}/crypto/ml_dsa/ml_dsa_encoders.c + ${OPENSSL_SOURCE_DIR}/crypto/ml_dsa/ml_dsa_key.c + ${OPENSSL_SOURCE_DIR}/crypto/ml_dsa/ml_dsa_key_compress.c + ${OPENSSL_SOURCE_DIR}/crypto/ml_dsa/ml_dsa_matrix.c + ${OPENSSL_SOURCE_DIR}/crypto/ml_dsa/ml_dsa_ntt.c + ${OPENSSL_SOURCE_DIR}/crypto/ml_dsa/ml_dsa_params.c + ${OPENSSL_SOURCE_DIR}/crypto/ml_dsa/ml_dsa_sample.c + ${OPENSSL_SOURCE_DIR}/crypto/ml_dsa/ml_dsa_sign.c + ${OPENSSL_SOURCE_DIR}/crypto/ml_kem/ml_kem.c ${OPENSSL_SOURCE_DIR}/crypto/modes/cbc128.c ${OPENSSL_SOURCE_DIR}/crypto/modes/ccm128.c ${OPENSSL_SOURCE_DIR}/crypto/modes/cfb128.c @@ -602,6 +611,7 @@ set(CRYPTO_SRC ${OPENSSL_SOURCE_DIR}/crypto/ocsp/ocsp_srv.c ${OPENSSL_SOURCE_DIR}/crypto/ocsp/ocsp_vfy.c ${OPENSSL_SOURCE_DIR}/crypto/ocsp/v3_ocsp.c + ${OPENSSL_SOURCE_DIR}/crypto/ocsp/v3_ocsp.c ${OPENSSL_SOURCE_DIR}/crypto/packet.c ${OPENSSL_SOURCE_DIR}/crypto/param_build.c ${OPENSSL_SOURCE_DIR}/crypto/param_build_set.c @@ -658,13 +668,13 @@ set(CRYPTO_SRC ${OPENSSL_SOURCE_DIR}/crypto/provider_predefined.c ${OPENSSL_SOURCE_DIR}/crypto/punycode.c ${OPENSSL_SOURCE_DIR}/crypto/quic_vlint.c + ${OPENSSL_SOURCE_DIR}/crypto/rand/prov_seed.c ${OPENSSL_SOURCE_DIR}/crypto/rand/rand_deprecated.c ${OPENSSL_SOURCE_DIR}/crypto/rand/rand_err.c ${OPENSSL_SOURCE_DIR}/crypto/rand/rand_lib.c ${OPENSSL_SOURCE_DIR}/crypto/rand/rand_pool.c ${OPENSSL_SOURCE_DIR}/crypto/rand/rand_uniform.c ${OPENSSL_SOURCE_DIR}/crypto/rand/randfile.c - ${OPENSSL_SOURCE_DIR}/crypto/rand/prov_seed.c ${OPENSSL_SOURCE_DIR}/crypto/rc2/rc2_cbc.c ${OPENSSL_SOURCE_DIR}/crypto/rc2/rc2_ecb.c ${OPENSSL_SOURCE_DIR}/crypto/rc2/rc2_skey.c @@ -710,6 +720,16 @@ set(CRYPTO_SRC ${OPENSSL_SOURCE_DIR}/crypto/sha/sha512.c ${OPENSSL_SOURCE_DIR}/crypto/siphash/siphash.c ${OPENSSL_SOURCE_DIR}/crypto/sleep.c + ${OPENSSL_SOURCE_DIR}/crypto/slh_dsa/slh_adrs.c + ${OPENSSL_SOURCE_DIR}/crypto/slh_dsa/slh_dsa.c + ${OPENSSL_SOURCE_DIR}/crypto/slh_dsa/slh_dsa_hash_ctx.c + ${OPENSSL_SOURCE_DIR}/crypto/slh_dsa/slh_dsa_key.c + ${OPENSSL_SOURCE_DIR}/crypto/slh_dsa/slh_fors.c + ${OPENSSL_SOURCE_DIR}/crypto/slh_dsa/slh_hash.c + ${OPENSSL_SOURCE_DIR}/crypto/slh_dsa/slh_hypertree.c + ${OPENSSL_SOURCE_DIR}/crypto/slh_dsa/slh_params.c + ${OPENSSL_SOURCE_DIR}/crypto/slh_dsa/slh_wots.c + ${OPENSSL_SOURCE_DIR}/crypto/slh_dsa/slh_xmss.c ${OPENSSL_SOURCE_DIR}/crypto/sm2/sm2_crypt.c ${OPENSSL_SOURCE_DIR}/crypto/sm2/sm2_err.c ${OPENSSL_SOURCE_DIR}/crypto/sm2/sm2_key.c @@ -718,6 +738,7 @@ set(CRYPTO_SRC ${OPENSSL_SOURCE_DIR}/crypto/sm3/sm3.c ${OPENSSL_SOURCE_DIR}/crypto/sm4/sm4.c ${OPENSSL_SOURCE_DIR}/crypto/sparse_array.c + ${OPENSSL_SOURCE_DIR}/crypto/ssl_err.c ${OPENSSL_SOURCE_DIR}/crypto/stack/stack.c ${OPENSSL_SOURCE_DIR}/crypto/store/store_err.c ${OPENSSL_SOURCE_DIR}/crypto/store/store_lib.c @@ -764,14 +785,24 @@ set(CRYPTO_SRC ${OPENSSL_SOURCE_DIR}/crypto/x509/pcy_map.c ${OPENSSL_SOURCE_DIR}/crypto/x509/pcy_node.c ${OPENSSL_SOURCE_DIR}/crypto/x509/pcy_tree.c + ${OPENSSL_SOURCE_DIR}/crypto/x509/t_acert.c ${OPENSSL_SOURCE_DIR}/crypto/x509/t_crl.c ${OPENSSL_SOURCE_DIR}/crypto/x509/t_req.c ${OPENSSL_SOURCE_DIR}/crypto/x509/t_x509.c + ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_aaa.c + ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_ac_tgt.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_addr.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_admis.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_akeya.c + ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_akeya.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_akid.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_asid.c + ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_attrdesc.c + ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_attrmap.c + ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_audit_id.c + ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_authattid.c + ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_battcons.c + ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_battcons.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_bcons.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_bitst.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_conf.c @@ -785,6 +816,7 @@ set(CRYPTO_SRC ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_ind_iss.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_info.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_int.c + ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_iobo.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_ist.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_lib.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_ncons.c @@ -797,15 +829,20 @@ set(CRYPTO_SRC ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_pmaps.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_prn.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_purp.c + ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_rolespec.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_san.c + ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_sda.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_single_use.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_skid.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_soa_id.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_sxnet.c + ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_timespec.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_tlsf.c + ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_usernotice.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_utf8.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3_utl.c ${OPENSSL_SOURCE_DIR}/crypto/x509/v3err.c + ${OPENSSL_SOURCE_DIR}/crypto/x509/x509_acert.c ${OPENSSL_SOURCE_DIR}/crypto/x509/x509_att.c ${OPENSSL_SOURCE_DIR}/crypto/x509/x509_cmp.c ${OPENSSL_SOURCE_DIR}/crypto/x509/x509_d2.c @@ -844,8 +881,11 @@ set(CRYPTO_SRC ${OPENSSL_SOURCE_DIR}/providers/common/der/der_ec_key.c ${OPENSSL_SOURCE_DIR}/providers/common/der/der_ec_sig.c ${OPENSSL_SOURCE_DIR}/providers/common/der/der_ecx_key.c + ${OPENSSL_SOURCE_DIR}/providers/common/der/der_ml_dsa_key.c ${OPENSSL_SOURCE_DIR}/providers/common/der/der_rsa_key.c ${OPENSSL_SOURCE_DIR}/providers/common/der/der_rsa_sig.c + ${OPENSSL_SOURCE_DIR}/providers/common/der/der_slh_dsa_key.c + ${OPENSSL_SOURCE_DIR}/providers/common/der/der_slh_dsa_key.c ${OPENSSL_SOURCE_DIR}/providers/common/der/der_sm2_key.c ${OPENSSL_SOURCE_DIR}/providers/common/der/der_sm2_sig.c ${OPENSSL_SOURCE_DIR}/providers/common/digest_to_nid.c @@ -878,6 +918,7 @@ set(CRYPTO_SRC ${OPENSSL_SOURCE_DIR}/providers/implementations/ciphers/cipher_aes_xts.c ${OPENSSL_SOURCE_DIR}/providers/implementations/ciphers/cipher_aes_xts_fips.c ${OPENSSL_SOURCE_DIR}/providers/implementations/ciphers/cipher_aes_xts_hw.c + ${OPENSSL_SOURCE_DIR}/providers/implementations/ciphers/cipher_aes_xts_hw.c ${OPENSSL_SOURCE_DIR}/providers/implementations/ciphers/cipher_aria.c ${OPENSSL_SOURCE_DIR}/providers/implementations/ciphers/cipher_aria_ccm.c ${OPENSSL_SOURCE_DIR}/providers/implementations/ciphers/cipher_aria_ccm_hw.c @@ -957,6 +998,9 @@ set(CRYPTO_SRC ${OPENSSL_SOURCE_DIR}/providers/implementations/encode_decode/encode_key2ms.c ${OPENSSL_SOURCE_DIR}/providers/implementations/encode_decode/encode_key2text.c ${OPENSSL_SOURCE_DIR}/providers/implementations/encode_decode/endecoder_common.c + ${OPENSSL_SOURCE_DIR}/providers/implementations/encode_decode/ml_common_codecs.c + ${OPENSSL_SOURCE_DIR}/providers/implementations/encode_decode/ml_dsa_codecs.c + ${OPENSSL_SOURCE_DIR}/providers/implementations/encode_decode/ml_kem_codecs.c ${OPENSSL_SOURCE_DIR}/providers/implementations/exchange/dh_exch.c ${OPENSSL_SOURCE_DIR}/providers/implementations/exchange/ecdh_exch.c ${OPENSSL_SOURCE_DIR}/providers/implementations/exchange/ecx_exch.c @@ -977,16 +1021,27 @@ set(CRYPTO_SRC ${OPENSSL_SOURCE_DIR}/providers/implementations/kdfs/tls1_prf.c ${OPENSSL_SOURCE_DIR}/providers/implementations/kdfs/x942kdf.c ${OPENSSL_SOURCE_DIR}/providers/implementations/kem/ec_kem.c + ${OPENSSL_SOURCE_DIR}/providers/implementations/kem/ec_kem.c ${OPENSSL_SOURCE_DIR}/providers/implementations/kem/ecx_kem.c + ${OPENSSL_SOURCE_DIR}/providers/implementations/kem/ecx_kem.c + ${OPENSSL_SOURCE_DIR}/providers/implementations/kem/kem_util.c ${OPENSSL_SOURCE_DIR}/providers/implementations/kem/kem_util.c + ${OPENSSL_SOURCE_DIR}/providers/implementations/kem/ml_kem_kem.c + ${OPENSSL_SOURCE_DIR}/providers/implementations/kem/mlx_kem.c + ${OPENSSL_SOURCE_DIR}/providers/implementations/kem/rsa_kem.c ${OPENSSL_SOURCE_DIR}/providers/implementations/kem/rsa_kem.c + ${OPENSSL_SOURCE_DIR}/providers/implementations/kem/template_kem.c ${OPENSSL_SOURCE_DIR}/providers/implementations/keymgmt/dh_kmgmt.c ${OPENSSL_SOURCE_DIR}/providers/implementations/keymgmt/dsa_kmgmt.c ${OPENSSL_SOURCE_DIR}/providers/implementations/keymgmt/ec_kmgmt.c ${OPENSSL_SOURCE_DIR}/providers/implementations/keymgmt/ecx_kmgmt.c ${OPENSSL_SOURCE_DIR}/providers/implementations/keymgmt/kdf_legacy_kmgmt.c ${OPENSSL_SOURCE_DIR}/providers/implementations/keymgmt/mac_legacy_kmgmt.c + ${OPENSSL_SOURCE_DIR}/providers/implementations/keymgmt/ml_dsa_kmgmt.c + ${OPENSSL_SOURCE_DIR}/providers/implementations/keymgmt/ml_kem_kmgmt.c + ${OPENSSL_SOURCE_DIR}/providers/implementations/keymgmt/mlx_kmgmt.c ${OPENSSL_SOURCE_DIR}/providers/implementations/keymgmt/rsa_kmgmt.c + ${OPENSSL_SOURCE_DIR}/providers/implementations/keymgmt/slh_dsa_kmgmt.c ${OPENSSL_SOURCE_DIR}/providers/implementations/macs/blake2b_mac.c ${OPENSSL_SOURCE_DIR}/providers/implementations/macs/blake2s_mac.c ${OPENSSL_SOURCE_DIR}/providers/implementations/macs/cmac_prov.c @@ -995,7 +1050,6 @@ set(CRYPTO_SRC ${OPENSSL_SOURCE_DIR}/providers/implementations/macs/kmac_prov.c ${OPENSSL_SOURCE_DIR}/providers/implementations/macs/poly1305_prov.c ${OPENSSL_SOURCE_DIR}/providers/implementations/macs/siphash_prov.c - ${OPENSSL_SOURCE_DIR}/providers/implementations/rands/crngt.c ${OPENSSL_SOURCE_DIR}/providers/implementations/rands/drbg.c ${OPENSSL_SOURCE_DIR}/providers/implementations/rands/drbg_ctr.c ${OPENSSL_SOURCE_DIR}/providers/implementations/rands/drbg_hash.c @@ -1010,23 +1064,26 @@ set(CRYPTO_SRC ${OPENSSL_SOURCE_DIR}/providers/implementations/signature/ecdsa_sig.c ${OPENSSL_SOURCE_DIR}/providers/implementations/signature/eddsa_sig.c ${OPENSSL_SOURCE_DIR}/providers/implementations/signature/mac_legacy_sig.c + ${OPENSSL_SOURCE_DIR}/providers/implementations/signature/ml_dsa_sig.c ${OPENSSL_SOURCE_DIR}/providers/implementations/signature/rsa_sig.c + ${OPENSSL_SOURCE_DIR}/providers/implementations/signature/slh_dsa_sig.c ${OPENSSL_SOURCE_DIR}/providers/implementations/signature/sm2_sig.c + ${OPENSSL_SOURCE_DIR}/providers/implementations/skeymgmt/aes_skmgmt.c + ${OPENSSL_SOURCE_DIR}/providers/implementations/skeymgmt/generic.c ${OPENSSL_SOURCE_DIR}/providers/implementations/storemgmt/file_store.c ${OPENSSL_SOURCE_DIR}/providers/implementations/storemgmt/file_store_any2obj.c ${OPENSSL_SOURCE_DIR}/providers/nullprov.c ${OPENSSL_SOURCE_DIR}/providers/prov_running.c - ${OPENSSL_SOURCE_DIR}/ssl/record/methods/tls_pad.c ${OPENSSL_SOURCE_DIR}/ssl/record/methods/ssl3_cbc.c + ${OPENSSL_SOURCE_DIR}/ssl/record/methods/tls_pad.c +) + + +set(CRYPTO_SRC ${CRYPTO_SRC} + ${OPENSSL_SOURCE_DIR}/providers/legacyprov.c + ${OPENSSL_SOURCE_DIR}/providers/defltprov.c ) -if(NOT ENABLE_OPENSSL_DYNAMIC) - set(CRYPTO_SRC ${CRYPTO_SRC} - ${OPENSSL_SOURCE_DIR}/providers/fips/fips_entry.c - ${OPENSSL_SOURCE_DIR}/providers/fips/fipsprov.c - ${OPENSSL_SOURCE_DIR}/providers/legacyprov.c - ) -endif() if(ARCH_AMD64) if (OS_DARWIN) @@ -1034,44 +1091,43 @@ if(ARCH_AMD64) ${OPENSSL_SOURCE_DIR}/crypto/aes/aes_cbc.c ${OPENSSL_SOURCE_DIR}/crypto/aes/aes_core.c ${OPENSSL_SOURCE_DIR}/crypto/bn/bn_asm.c - ${OPENSSL_SOURCE_DIR}/crypto/chacha/chacha_enc.c - ${OPENSSL_SOURCE_DIR}/crypto/sha/keccak1600.c - ${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_block.c ${OPENSSL_SOURCE_DIR}/crypto/camellia/camellia.c ${OPENSSL_SOURCE_DIR}/crypto/camellia/cmll_cbc.c + ${OPENSSL_SOURCE_DIR}/crypto/chacha/chacha_enc.c ${OPENSSL_SOURCE_DIR}/crypto/mem_clr.c ${OPENSSL_SOURCE_DIR}/crypto/rc4/rc4_enc.c ${OPENSSL_SOURCE_DIR}/crypto/rc4/rc4_skey.c + ${OPENSSL_SOURCE_DIR}/crypto/sha/keccak1600.c + ${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_block.c ) else() set(CRYPTO_SRC ${CRYPTO_SRC} - ${OPENSSL_SOURCE_DIR}/crypto/bn/asm/x86_64-gcc.c - ${OPENSSL_SOURCE_DIR}/crypto/bn/rsaz_exp.c asm/crypto/aes/aes-x86_64.s asm/crypto/aes/aesni-mb-x86_64.s asm/crypto/aes/aesni-sha1-x86_64.s asm/crypto/aes/aesni-sha256-x86_64.s asm/crypto/aes/aesni-x86_64.s + asm/crypto/aes/aesni-xts-avx512.s asm/crypto/aes/bsaes-x86_64.s asm/crypto/aes/vpaes-x86_64.s asm/crypto/bn/rsaz-2k-avx512.s + asm/crypto/bn/rsaz-2k-avxifma.s asm/crypto/bn/rsaz-3k-avx512.s + asm/crypto/bn/rsaz-3k-avxifma.s asm/crypto/bn/rsaz-4k-avx512.s + asm/crypto/bn/rsaz-4k-avxifma.s asm/crypto/bn/rsaz-avx2.s asm/crypto/bn/rsaz-x86_64.s - ${OPENSSL_SOURCE_DIR}/crypto/bn/rsaz_exp_x2.c asm/crypto/bn/x86_64-gf2m.s asm/crypto/bn/x86_64-mont.s asm/crypto/bn/x86_64-mont5.s asm/crypto/camellia/cmll-x86_64.s asm/crypto/chacha/chacha-x86_64.s asm/crypto/ec/ecp_nistz256-x86_64.s - ${OPENSSL_SOURCE_DIR}/crypto/ec/ecp_nistz256.c asm/crypto/ec/x25519-x86_64.s - asm/crypto/x86_64cpuid.s asm/crypto/md5/md5-x86_64.s - asm/crypto/modes/aesni-gcm-x86_64.s asm/crypto/modes/aes-gcm-avx512.s + asm/crypto/modes/aesni-gcm-x86_64.s asm/crypto/modes/ghash-x86_64.s asm/crypto/poly1305/poly1305-x86_64.s asm/crypto/rc4/rc4-md5-x86_64.s @@ -1083,6 +1139,11 @@ if(ARCH_AMD64) asm/crypto/sha/sha256-x86_64.s asm/crypto/sha/sha512-x86_64.s asm/crypto/whrlpool/wp-x86_64.s + asm/crypto/x86_64cpuid.s + ${OPENSSL_SOURCE_DIR}/crypto/bn/asm/x86_64-gcc.c + ${OPENSSL_SOURCE_DIR}/crypto/bn/rsaz_exp.c + ${OPENSSL_SOURCE_DIR}/crypto/bn/rsaz_exp_x2.c + ${OPENSSL_SOURCE_DIR}/crypto/ec/ecp_nistz256.c ) endif() elseif(ARCH_AARCH64) @@ -1091,109 +1152,116 @@ elseif(ARCH_AARCH64) ${OPENSSL_SOURCE_DIR}/crypto/aes/aes_cbc.c ${OPENSSL_SOURCE_DIR}/crypto/aes/aes_core.c ${OPENSSL_SOURCE_DIR}/crypto/bn/bn_asm.c - ${OPENSSL_SOURCE_DIR}/crypto/chacha/chacha_enc.c - ${OPENSSL_SOURCE_DIR}/crypto/sha/keccak1600.c - ${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_block.c ${OPENSSL_SOURCE_DIR}/crypto/camellia/camellia.c ${OPENSSL_SOURCE_DIR}/crypto/camellia/cmll_cbc.c + ${OPENSSL_SOURCE_DIR}/crypto/chacha/chacha_enc.c ${OPENSSL_SOURCE_DIR}/crypto/mem_clr.c ${OPENSSL_SOURCE_DIR}/crypto/rc4/rc4_enc.c ${OPENSSL_SOURCE_DIR}/crypto/rc4/rc4_skey.c + ${OPENSSL_SOURCE_DIR}/crypto/sha/keccak1600.c + ${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_block.c ) else() set(CRYPTO_SRC ${CRYPTO_SRC} - ${OPENSSL_SOURCE_DIR}/crypto/aes/aes_cbc.c - ${OPENSSL_SOURCE_DIR}/crypto/aes/aes_core.c - ${OPENSSL_SOURCE_DIR}/crypto/bn/bn_asm.c - ${OPENSSL_SOURCE_DIR}/crypto/bn/rsaz_exp.c - ${OPENSSL_SOURCE_DIR}/crypto/bn/rsaz_exp_x2.c - ${OPENSSL_SOURCE_DIR}/crypto/camellia/camellia.c - ${OPENSSL_SOURCE_DIR}/crypto/camellia/cmll_cbc.c - ${OPENSSL_SOURCE_DIR}/crypto/armcap.c - ${OPENSSL_SOURCE_DIR}/crypto/rc4/rc4_enc.c - ${OPENSSL_SOURCE_DIR}/crypto/rc4/rc4_skey.c - ${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_block.c + common/params_idx.c + asm/crypto/aes/aesv8-armx.S + asm/crypto/aes/bsaes-armv8.S asm/crypto/aes/vpaes-armv8.S + asm/crypto/arm64cpuid.S asm/crypto/bn/armv8-mont.S + asm/crypto/chacha/chacha-armv8-sve.S asm/crypto/chacha/chacha-armv8.S asm/crypto/ec/ecp_nistz256-armv8.S - ${OPENSSL_SOURCE_DIR}/crypto/ec/ecp_nistz256.c - ${OPENSSL_SOURCE_DIR}/crypto/ec/ecp_sm2p256.c - ${OPENSSL_SOURCE_DIR}/crypto/ec/ecp_sm2p256_table.c - asm/crypto/arm64cpuid.S + asm/crypto/ec/ecp_sm2p256-armv8.S + asm/crypto/md5/asm/md5-aarch64.S + asm/crypto/modes/asm/aes-gcm-armv8-unroll8_64.S + asm/crypto/modes/asm/aes-gcm-armv8_64.S asm/crypto/modes/ghashv8-armx.S asm/crypto/poly1305/poly1305-armv8.S asm/crypto/sha/keccak1600-armv8.S asm/crypto/sha/sha1-armv8.S asm/crypto/sha/sha256-armv8.S asm/crypto/sha/sha512-armv8.S - asm/crypto/modes/asm/aes-gcm-armv8_64.S + asm/crypto/sm3/asm/sm3-armv8.S asm/crypto/sm4/asm/sm4-armv8.S asm/crypto/sm4/asm/vpsm4-armv8.S - asm/crypto/md5/asm/md5-aarch64.S - asm/crypto/aes/bsaes-armv8.S - asm/crypto/chacha/chacha-armv8-sve.S - asm/crypto/ec/ecp_sm2p256-armv8.S - asm/crypto/modes/asm/aes-gcm-armv8-unroll8_64.S - asm/crypto/sm3/asm/sm3-armv8.S asm/crypto/sm4/asm/vpsm4_ex-armv8.S - - ${PLATFORM_DIRECTORY}/params_idx.c + ${OPENSSL_SOURCE_DIR}/crypto/aes/aes_cbc.c + ${OPENSSL_SOURCE_DIR}/crypto/aes/aes_core.c + ${OPENSSL_SOURCE_DIR}/crypto/armcap.c + ${OPENSSL_SOURCE_DIR}/crypto/bn/bn_asm.c + ${OPENSSL_SOURCE_DIR}/crypto/bn/rsaz_exp.c + ${OPENSSL_SOURCE_DIR}/crypto/bn/rsaz_exp_x2.c + ${OPENSSL_SOURCE_DIR}/crypto/camellia/camellia.c + ${OPENSSL_SOURCE_DIR}/crypto/camellia/cmll_cbc.c + ${OPENSSL_SOURCE_DIR}/crypto/ec/ecp_nistz256.c + ${OPENSSL_SOURCE_DIR}/crypto/ec/ecp_sm2p256.c + ${OPENSSL_SOURCE_DIR}/crypto/ec/ecp_sm2p256_table.c + ${OPENSSL_SOURCE_DIR}/crypto/rc4/rc4_enc.c + ${OPENSSL_SOURCE_DIR}/crypto/rc4/rc4_skey.c + ${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_block.c ) endif() elseif(ARCH_PPC64LE) set(CRYPTO_SRC ${CRYPTO_SRC} - asm/crypto/modes/ghashp8-ppc.s asm/crypto/aes/aesp8-ppc.s + asm/crypto/modes/aes-gcm-ppc.s + asm/crypto/modes/ghashp8-ppc.s asm/crypto/ppccpuid.s - ${OPENSSL_SOURCE_DIR}/crypto/aes/aes_core.c ${OPENSSL_SOURCE_DIR}/crypto/aes/aes_cbc.c + ${OPENSSL_SOURCE_DIR}/crypto/aes/aes_core.c ${OPENSSL_SOURCE_DIR}/crypto/bn/bn_asm.c ${OPENSSL_SOURCE_DIR}/crypto/camellia/camellia.c ${OPENSSL_SOURCE_DIR}/crypto/camellia/cmll_cbc.c ${OPENSSL_SOURCE_DIR}/crypto/chacha/chacha_enc.c + ${OPENSSL_SOURCE_DIR}/crypto/ppccap.c ${OPENSSL_SOURCE_DIR}/crypto/rc4/rc4_enc.c ${OPENSSL_SOURCE_DIR}/crypto/rc4/rc4_skey.c ${OPENSSL_SOURCE_DIR}/crypto/sha/keccak1600.c ${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_block.c ${OPENSSL_SOURCE_DIR}/engines/e_afalg.c - ${OPENSSL_SOURCE_DIR}/crypto/ppccap.c - asm/crypto/modes/aes-gcm-ppc.s ) elseif(ARCH_S390X) set(CRYPTO_SRC ${CRYPTO_SRC} asm/crypto/aes/aes-s390x.S + asm/crypto/chacha/chacha-s390x.S + asm/crypto/rc4/rc4-s390x.S asm/crypto/s390xcpuid.S + asm/crypto/sha/keccak1600-s390x.S ${OPENSSL_SOURCE_DIR}/crypto/bn/asm/s390x.S - ${OPENSSL_SOURCE_DIR}/crypto/s390xcap.c ${OPENSSL_SOURCE_DIR}/crypto/bn/bn_s390x.c ${OPENSSL_SOURCE_DIR}/crypto/camellia/camellia.c ${OPENSSL_SOURCE_DIR}/crypto/camellia/cmll_cbc.c - asm/crypto/chacha/chacha-s390x.S - asm/crypto/rc4/rc4-s390x.S - asm/crypto/sha/keccak1600-s390x.S + ${OPENSSL_SOURCE_DIR}/crypto/s390xcap.c ${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_block.c ) elseif(ARCH_RISCV64) set(CRYPTO_SRC ${CRYPTO_SRC} asm/crypto/aes/aes-riscv64-zkn.S + asm/crypto/aes/aes-riscv64-zvbb-zvkg-zvkned.S + asm/crypto/aes/aes-riscv64-zvkb-zvkned.S + asm/crypto/aes/aes-riscv64-zvkned.S + asm/crypto/modes/aes-gcm-riscv64-zvkb-zvkg-zvkned.S + asm/crypto/modes/ghash-riscv64-zvkb-zvbc.S + asm/crypto/modes/ghash-riscv64-zvkg.S asm/crypto/modes/ghash-riscv64.S asm/crypto/riscv64cpuid.S + asm/crypto/sm4/sm4-riscv64-zvksed.S ${OPENSSL_SOURCE_DIR}/crypto/aes/aes_cbc.c ${OPENSSL_SOURCE_DIR}/crypto/aes/aes_core.c ${OPENSSL_SOURCE_DIR}/crypto/bn/bn_asm.c - ${OPENSSL_SOURCE_DIR}/crypto/chacha/chacha_enc.c - ${OPENSSL_SOURCE_DIR}/crypto/sha/keccak1600.c - ${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_block.c - ${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_dgst.c - ${OPENSSL_SOURCE_DIR}/crypto/ec/ecp_nistz256.c ${OPENSSL_SOURCE_DIR}/crypto/camellia/camellia.c ${OPENSSL_SOURCE_DIR}/crypto/camellia/cmll_cbc.c + ${OPENSSL_SOURCE_DIR}/crypto/chacha/chacha_enc.c + ${OPENSSL_SOURCE_DIR}/crypto/ec/ecp_nistz256.c ${OPENSSL_SOURCE_DIR}/crypto/mem_clr.c ${OPENSSL_SOURCE_DIR}/crypto/rc4/rc4_enc.c ${OPENSSL_SOURCE_DIR}/crypto/rc4/rc4_skey.c ${OPENSSL_SOURCE_DIR}/crypto/riscvcap.c + ${OPENSSL_SOURCE_DIR}/crypto/sha/keccak1600.c + ${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_block.c + ${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_dgst.c ) elseif(ARCH_LOONGARCH64) set(CRYPTO_SRC ${CRYPTO_SRC} @@ -1201,17 +1269,17 @@ elseif(ARCH_LOONGARCH64) ${OPENSSL_SOURCE_DIR}/crypto/aes/aes_cbc.c ${OPENSSL_SOURCE_DIR}/crypto/aes/aes_core.c ${OPENSSL_SOURCE_DIR}/crypto/bn/bn_asm.c - ${OPENSSL_SOURCE_DIR}/crypto/chacha/chacha_enc.c - ${OPENSSL_SOURCE_DIR}/crypto/sha/keccak1600.c - ${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_block.c - ${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_dgst.c - ${OPENSSL_SOURCE_DIR}/crypto/ec/ecp_nistz256.c ${OPENSSL_SOURCE_DIR}/crypto/camellia/camellia.c ${OPENSSL_SOURCE_DIR}/crypto/camellia/cmll_cbc.c + ${OPENSSL_SOURCE_DIR}/crypto/chacha/chacha_enc.c + ${OPENSSL_SOURCE_DIR}/crypto/ec/ecp_nistz256.c + ${OPENSSL_SOURCE_DIR}/crypto/loongarchcap.c ${OPENSSL_SOURCE_DIR}/crypto/mem_clr.c ${OPENSSL_SOURCE_DIR}/crypto/rc4/rc4_enc.c ${OPENSSL_SOURCE_DIR}/crypto/rc4/rc4_skey.c - ${OPENSSL_SOURCE_DIR}/crypto/loongarchcap.c + ${OPENSSL_SOURCE_DIR}/crypto/sha/keccak1600.c + ${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_block.c + ${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_dgst.c ) endif() @@ -1220,43 +1288,28 @@ set(SSL_SRC ${OPENSSL_SOURCE_DIR}/ssl/d1_lib.c ${OPENSSL_SOURCE_DIR}/ssl/d1_msg.c ${OPENSSL_SOURCE_DIR}/ssl/d1_srtp.c - ${OPENSSL_SOURCE_DIR}/ssl/event_queue.c ${OPENSSL_SOURCE_DIR}/ssl/methods.c ${OPENSSL_SOURCE_DIR}/ssl/pqueue.c ${OPENSSL_SOURCE_DIR}/ssl/priority_queue.c - ${OPENSSL_SOURCE_DIR}/ssl/s3_enc.c - ${OPENSSL_SOURCE_DIR}/ssl/s3_lib.c - ${OPENSSL_SOURCE_DIR}/ssl/s3_msg.c - ${OPENSSL_SOURCE_DIR}/ssl/ssl_asn1.c - ${OPENSSL_SOURCE_DIR}/ssl/ssl_cert.c - ${OPENSSL_SOURCE_DIR}/ssl/ssl_cert_comp.c - ${OPENSSL_SOURCE_DIR}/ssl/ssl_ciph.c - ${OPENSSL_SOURCE_DIR}/ssl/ssl_conf.c - ${OPENSSL_SOURCE_DIR}/ssl/ssl_err.c - ${OPENSSL_SOURCE_DIR}/ssl/ssl_err_legacy.c - ${OPENSSL_SOURCE_DIR}/ssl/ssl_init.c - ${OPENSSL_SOURCE_DIR}/ssl/ssl_lib.c - ${OPENSSL_SOURCE_DIR}/ssl/ssl_mcnf.c - ${OPENSSL_SOURCE_DIR}/ssl/ssl_rsa.c - ${OPENSSL_SOURCE_DIR}/ssl/ssl_sess.c - ${OPENSSL_SOURCE_DIR}/ssl/ssl_stat.c - ${OPENSSL_SOURCE_DIR}/ssl/ssl_txt.c - ${OPENSSL_SOURCE_DIR}/ssl/ssl_utst.c - ${OPENSSL_SOURCE_DIR}/ssl/t1_enc.c - ${OPENSSL_SOURCE_DIR}/ssl/t1_lib.c - ${OPENSSL_SOURCE_DIR}/ssl/t1_trce.c - ${OPENSSL_SOURCE_DIR}/ssl/tls13_enc.c - ${OPENSSL_SOURCE_DIR}/ssl/tls_depr.c ${OPENSSL_SOURCE_DIR}/ssl/quic/cc_newreno.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/json_enc.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/qlog.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/qlog_event_helpers.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_ackm.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_cfq.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_channel.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_demux.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_engine.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_fc.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_fifd.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_impl.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_lcidm.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_method.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_obj.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_port.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_rcidm.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_reactor.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_reactor_wait_ctx.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_record_rx.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_record_shared.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_record_tx.c @@ -1264,20 +1317,24 @@ set(SSL_SRC ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_rstream.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_rx_depack.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_sf_list.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_srt_gen.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_srtm.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_sstream.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_sstream.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_statm.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_statm.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_stream_map.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_thread_assist.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_tls.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_tls_api.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_trace.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_tserver.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_txp.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_txpim.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_types.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_wire.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_wire_pkt.c ${OPENSSL_SOURCE_DIR}/ssl/quic/uint_set.c - ${OPENSSL_SOURCE_DIR}/ssl/record/rec_layer_d1.c - ${OPENSSL_SOURCE_DIR}/ssl/record/rec_layer_s3.c ${OPENSSL_SOURCE_DIR}/ssl/record/methods/dtls_meth.c ${OPENSSL_SOURCE_DIR}/ssl/record/methods/ssl3_meth.c ${OPENSSL_SOURCE_DIR}/ssl/record/methods/tls13_meth.c @@ -1285,6 +1342,28 @@ set(SSL_SRC ${OPENSSL_SOURCE_DIR}/ssl/record/methods/tls_common.c ${OPENSSL_SOURCE_DIR}/ssl/record/methods/tls_multib.c ${OPENSSL_SOURCE_DIR}/ssl/record/methods/tlsany_meth.c + ${OPENSSL_SOURCE_DIR}/ssl/record/rec_layer_d1.c + ${OPENSSL_SOURCE_DIR}/ssl/record/rec_layer_s3.c + ${OPENSSL_SOURCE_DIR}/ssl/rio/poll_builder.c + ${OPENSSL_SOURCE_DIR}/ssl/rio/poll_immediate.c + ${OPENSSL_SOURCE_DIR}/ssl/rio/rio_notifier.c + ${OPENSSL_SOURCE_DIR}/ssl/s3_enc.c + ${OPENSSL_SOURCE_DIR}/ssl/s3_lib.c + ${OPENSSL_SOURCE_DIR}/ssl/s3_msg.c + ${OPENSSL_SOURCE_DIR}/ssl/ssl_asn1.c + ${OPENSSL_SOURCE_DIR}/ssl/ssl_cert.c + ${OPENSSL_SOURCE_DIR}/ssl/ssl_cert_comp.c + ${OPENSSL_SOURCE_DIR}/ssl/ssl_ciph.c + ${OPENSSL_SOURCE_DIR}/ssl/ssl_conf.c + ${OPENSSL_SOURCE_DIR}/ssl/ssl_err_legacy.c + ${OPENSSL_SOURCE_DIR}/ssl/ssl_init.c + ${OPENSSL_SOURCE_DIR}/ssl/ssl_lib.c + ${OPENSSL_SOURCE_DIR}/ssl/ssl_mcnf.c + ${OPENSSL_SOURCE_DIR}/ssl/ssl_rsa.c + ${OPENSSL_SOURCE_DIR}/ssl/ssl_sess.c + ${OPENSSL_SOURCE_DIR}/ssl/ssl_stat.c + ${OPENSSL_SOURCE_DIR}/ssl/ssl_txt.c + ${OPENSSL_SOURCE_DIR}/ssl/ssl_utst.c ${OPENSSL_SOURCE_DIR}/ssl/statem/extensions.c ${OPENSSL_SOURCE_DIR}/ssl/statem/extensions_clnt.c ${OPENSSL_SOURCE_DIR}/ssl/statem/extensions_cust.c @@ -1294,6 +1373,11 @@ set(SSL_SRC ${OPENSSL_SOURCE_DIR}/ssl/statem/statem_dtls.c ${OPENSSL_SOURCE_DIR}/ssl/statem/statem_lib.c ${OPENSSL_SOURCE_DIR}/ssl/statem/statem_srvr.c + ${OPENSSL_SOURCE_DIR}/ssl/t1_enc.c + ${OPENSSL_SOURCE_DIR}/ssl/t1_lib.c + ${OPENSSL_SOURCE_DIR}/ssl/t1_trce.c + ${OPENSSL_SOURCE_DIR}/ssl/tls13_enc.c + ${OPENSSL_SOURCE_DIR}/ssl/tls_depr.c ) # Disable all deprecated API @@ -1316,22 +1400,21 @@ if(ENABLE_OPENSSL_DYNAMIC) set_target_properties(ssl PROPERTIES VERSION "${LIB_VERSION}" SOVERSION "${LIB_SOVERSION}") set_target_properties(ssl PROPERTIES LIBRARY_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/programs) else() - # Enable legacy crypto support for OpenSSL 3.+ - # to avoid `dlopen(legacy.so)`. - add_definitions(-DSTATIC_LEGACY) - add_library(crypto ${CRYPTO_SRC}) add_library(ssl ${SSL_SRC}) endif() - +# Enable legacy crypto support for OpenSSL 3.+ +# to avoid runtime `dlopen(legacy.so)` in both static and dynamic builds. +add_definitions(-DSTATIC_LEGACY) target_include_directories(crypto - SYSTEM PUBLIC "${PLATFORM_DIRECTORY}/include" + SYSTEM PUBLIC "common/include" PRIVATE "${PLATFORM_DIRECTORY}/include_private") target_include_directories(crypto SYSTEM PUBLIC ${OPENSSL_SOURCE_DIR}/include PRIVATE ${OPENSSL_SOURCE_DIR}/providers/common/include + PRIVATE ${OPENSSL_SOURCE_DIR}/providers/fips/include PRIVATE ${OPENSSL_SOURCE_DIR}/providers/implementations/include PRIVATE ${OPENSSL_SOURCE_DIR}/crypto PRIVATE ${OPENSSL_SOURCE_DIR}/crypto/include @@ -1348,9 +1431,4 @@ target_link_libraries(ssl crypto) add_library(OpenSSL::Crypto ALIAS crypto) add_library(OpenSSL::SSL ALIAS ssl) -if(OPENSSL_AUX_BUILD_FOR_CROSS_COMPILATION) - install(DIRECTORY "${PLATFORM_DIRECTORY}/include" DESTINATION "${CMAKE_BINARY_DIR}") - install(DIRECTORY "${OPENSSL_SOURCE_DIR}/include" DESTINATION "${CMAKE_BINARY_DIR}") -else() - install(FILES openssl.conf fipsmodule.conf DESTINATION "${CLICKHOUSE_ETC_DIR}/clickhouse-server" COMPONENT clickhouse) -endif() +install(FILES openssl.conf fipsmodule.conf DESTINATION "${CLICKHOUSE_ETC_DIR}/clickhouse-server" COMPONENT clickhouse) diff --git a/contrib/openssl-cmake/asm/crypto/aes/aes-riscv64-zvbb-zvkg-zvkned.S b/contrib/openssl-cmake/asm/crypto/aes/aes-riscv64-zvbb-zvkg-zvkned.S new file mode 100644 index 000000000000..f8a68e7c42dd --- /dev/null +++ b/contrib/openssl-cmake/asm/crypto/aes/aes-riscv64-zvbb-zvkg-zvkned.S @@ -0,0 +1,943 @@ +.text +.p2align 3 +.globl rv64i_zvbb_zvkg_zvkned_aes_xts_encrypt +.type rv64i_zvbb_zvkg_zvkned_aes_xts_encrypt,@function +rv64i_zvbb_zvkg_zvkned_aes_xts_encrypt: + # Load number of rounds + lwu t0, 240(a4) + .word 3439489111 + .word 34074119 + .word 34041479 + .word 2815667831 + addi t0, t0, -1 + addi a4, a4, 16 +1: + .word 34041479 + .word 2815503991 + addi t0, t0, -1 + addi a4, a4, 16 + bnez t0, 1b + .word 34041479 + .word 2815536759 + + + # aes block size is 16 + andi a6, a2, 15 + mv t3, a2 + beqz a6, 1f + sub a2, a2, a6 + addi t3, a2, -16 +1: + # We make the `LENGTH` become e32 length here. + srli t4, a2, 2 + srli t3, t3, 2 + + # Load number of rounds + lwu t0, 240(a3) + li t1, 14 + li t2, 10 + beq t0, t1, aes_xts_enc_256 + beq t0, t2, aes_xts_enc_128 +.size rv64i_zvbb_zvkg_zvkned_aes_xts_encrypt,.-rv64i_zvbb_zvkg_zvkned_aes_xts_encrypt +.p2align 3 +aes_xts_enc_128: + # load input + .word 221182167 + .word 33909767 + + li t0, 5 + # We could simplify the initialization steps if we have `block<=1`. + blt t4, t0, 1f + + # Note: We use `vgmul` for GF(2^128) multiplication. The `vgmul` uses + # different order of coefficients. We should use`vbrev8` to reverse the + # data when we use `vgmul`. + .word 3439489111 + .word 1271144535 + .word 221179991 + .word 1577072727 + # v16: [r-IV0, r-IV0, ...] + .word 2785257591 + + # Prepare GF(2^128) multiplier [1, x, x^2, x^3, ...] in v8. + slli t0, t4, 2 + .word 218296407 + # v2: [`1`, `1`, `1`, `1`, ...] + .word 1577103703 + # v3: [`0`, `1`, `2`, `3`, ...] + .word 1376297431 + .word 227733591 + # v4: [`1`, 0, `1`, 0, `1`, 0, `1`, 0, ...] + .word 1243816535 + # v6: [`0`, 0, `1`, 0, `2`, 0, `3`, 0, ...] + .word 1244865367 + slli t0, t4, 1 + .word 219344983 + # v8: [1<<0=1, 0, 0, 0, 1<<1=x, 0, 0, 0, 1<<2=x^2, 0, 0, 0, ...] + .word 3594716247 + + # Compute [r-IV0*1, r-IV0*x, r-IV0*x^2, r-IV0*x^3, ...] in v16 + .word 221179991 + .word 1250174039 + .word 2726865015 + + # Compute [IV0*1, IV0*x, IV0*x^2, IV0*x^3, ...] in v28. + # Reverse the bits order back. + .word 1258565207 + + # Prepare the x^n multiplier in v20. The `n` is the aes-xts block number + # in a LMUL=4 register group. + # n = ((VLEN*LMUL)/(32*4)) = ((VLEN*4)/(32*4)) + # = (VLEN/32) + # We could use vsetvli with `e32, m1` to compute the `n` number. + .word 218133207 + li t1, 1 + sll t0, t1, t0 + .word 3447812183 + .word 1577070679 + .word 3380670551 + .word 1577238615 + .word 3447812183 + .word 1241784407 + .word 221179991 + .word 1577073239 + .word 2785258103 + + j 2f +1: + .word 3439489111 + .word 1271146583 +2: + + .word 3439489111 + .word 34005127 + addi a3, a3, 16 + .word 34005255 + addi a3, a3, 16 + .word 34005383 + addi a3, a3, 16 + .word 34005511 + addi a3, a3, 16 + .word 34005639 + addi a3, a3, 16 + .word 34005767 + addi a3, a3, 16 + .word 34005895 + addi a3, a3, 16 + .word 34006023 + addi a3, a3, 16 + .word 34006151 + addi a3, a3, 16 + .word 34006279 + addi a3, a3, 16 + .word 34006407 + + + .word 221182167 + j 1f + +.Lenc_blocks_128: + .word 221182167 + # load plaintext into v24 + .word 33909767 + # update iv + .word 2739447927 + # reverse the iv's bits order back + .word 1258565207 +1: + .word 797838423 + slli t0, a7, 2 + sub t4, t4, a7 + add a0, a0, t0 + .word 2786307191 + .word 2787191927 + .word 2788240503 + .word 2789289079 + .word 2790337655 + .word 2791386231 + .word 2792434807 + .word 2793483383 + .word 2794531959 + .word 2795580535 + .word 2796661879 + + .word 797838423 + + # store ciphertext + .word 221147223 + .word 33942567 + add a1, a1, t0 + sub t3, t3, a7 + + bnez t4, .Lenc_blocks_128 + + bnez a6, 1f + ret +1: + # slidedown second to last block + addi a7, a7, -4 + .word 3441586263 + # ciphertext + .word 1065929815 + # multiplier + .word 1057540183 + + .word 3439489111 + .word 1577848023 + + # load last block into v24 + # note: We should load the last block before store the second to last block + # for in-place operation. + .word 134770775 + .word 33885191 + + # setup `x` multiplier with byte-reversed order + # 0b00000010 => 0b01000000 (0x40) + li t0, 0x40 + .word 3439489111 + .word 1577074263 + .word 3355504727 + .word 1577242199 + + # compute IV for last block + .word 3439489111 + .word 2747836535 + .word 1258565207 + + # store second to last block + .word 201879639 + .word 33918119 + + + # xts last block + .word 3439489111 + .word 797838423 + .word 2786307191 + .word 2787191927 + .word 2788240503 + .word 2789289079 + .word 2790337655 + .word 2791386231 + .word 2792434807 + .word 2793483383 + .word 2794531959 + .word 2795580535 + .word 2796661879 + + .word 797838423 + + # store last block ciphertext + addi a1, a1, -16 + .word 33942567 + + ret +.size aes_xts_enc_128,.-aes_xts_enc_128 +.p2align 3 +aes_xts_enc_256: + # load input + .word 221182167 + .word 33909767 + + li t0, 5 + # We could simplify the initialization steps if we have `block<=1`. + blt t4, t0, 1f + + # Note: We use `vgmul` for GF(2^128) multiplication. The `vgmul` uses + # different order of coefficients. We should use`vbrev8` to reverse the + # data when we use `vgmul`. + .word 3439489111 + .word 1271144535 + .word 221179991 + .word 1577072727 + # v16: [r-IV0, r-IV0, ...] + .word 2785257591 + + # Prepare GF(2^128) multiplier [1, x, x^2, x^3, ...] in v8. + slli t0, t4, 2 + .word 218296407 + # v2: [`1`, `1`, `1`, `1`, ...] + .word 1577103703 + # v3: [`0`, `1`, `2`, `3`, ...] + .word 1376297431 + .word 227733591 + # v4: [`1`, 0, `1`, 0, `1`, 0, `1`, 0, ...] + .word 1243816535 + # v6: [`0`, 0, `1`, 0, `2`, 0, `3`, 0, ...] + .word 1244865367 + slli t0, t4, 1 + .word 219344983 + # v8: [1<<0=1, 0, 0, 0, 1<<1=x, 0, 0, 0, 1<<2=x^2, 0, 0, 0, ...] + .word 3594716247 + + # Compute [r-IV0*1, r-IV0*x, r-IV0*x^2, r-IV0*x^3, ...] in v16 + .word 221179991 + .word 1250174039 + .word 2726865015 + + # Compute [IV0*1, IV0*x, IV0*x^2, IV0*x^3, ...] in v28. + # Reverse the bits order back. + .word 1258565207 + + # Prepare the x^n multiplier in v20. The `n` is the aes-xts block number + # in a LMUL=4 register group. + # n = ((VLEN*LMUL)/(32*4)) = ((VLEN*4)/(32*4)) + # = (VLEN/32) + # We could use vsetvli with `e32, m1` to compute the `n` number. + .word 218133207 + li t1, 1 + sll t0, t1, t0 + .word 3447812183 + .word 1577070679 + .word 3380670551 + .word 1577238615 + .word 3447812183 + .word 1241784407 + .word 221179991 + .word 1577073239 + .word 2785258103 + + j 2f +1: + .word 3439489111 + .word 1271146583 +2: + + .word 3439489111 + .word 34005127 + addi a3, a3, 16 + .word 34005255 + addi a3, a3, 16 + .word 34005383 + addi a3, a3, 16 + .word 34005511 + addi a3, a3, 16 + .word 34005639 + addi a3, a3, 16 + .word 34005767 + addi a3, a3, 16 + .word 34005895 + addi a3, a3, 16 + .word 34006023 + addi a3, a3, 16 + .word 34006151 + addi a3, a3, 16 + .word 34006279 + addi a3, a3, 16 + .word 34006407 + addi a3, a3, 16 + .word 34006535 + addi a3, a3, 16 + .word 34006663 + addi a3, a3, 16 + .word 34006791 + addi a3, a3, 16 + .word 34006919 + + + .word 221182167 + j 1f + +.Lenc_blocks_256: + .word 221182167 + # load plaintext into v24 + .word 33909767 + # update iv + .word 2739447927 + # reverse the iv's bits order back + .word 1258565207 +1: + .word 797838423 + slli t0, a7, 2 + sub t4, t4, a7 + add a0, a0, t0 + .word 2786307191 + .word 2787191927 + .word 2788240503 + .word 2789289079 + .word 2790337655 + .word 2791386231 + .word 2792434807 + .word 2793483383 + .word 2794531959 + .word 2795580535 + .word 2796629111 + .word 2797677687 + .word 2798726263 + .word 2799774839 + .word 2800856183 + + .word 797838423 + + # store ciphertext + .word 221147223 + .word 33942567 + add a1, a1, t0 + sub t3, t3, a7 + + bnez t4, .Lenc_blocks_256 + + bnez a6, 1f + ret +1: + # slidedown second to last block + addi a7, a7, -4 + .word 3441586263 + # ciphertext + .word 1065929815 + # multiplier + .word 1057540183 + + .word 3439489111 + .word 1577848023 + + # load last block into v24 + # note: We should load the last block before store the second to last block + # for in-place operation. + .word 134770775 + .word 33885191 + + # setup `x` multiplier with byte-reversed order + # 0b00000010 => 0b01000000 (0x40) + li t0, 0x40 + .word 3439489111 + .word 1577074263 + .word 3355504727 + .word 1577242199 + + # compute IV for last block + .word 3439489111 + .word 2747836535 + .word 1258565207 + + # store second to last block + .word 201879639 + .word 33918119 + + + # xts last block + .word 3439489111 + .word 797838423 + .word 2786307191 + .word 2787191927 + .word 2788240503 + .word 2789289079 + .word 2790337655 + .word 2791386231 + .word 2792434807 + .word 2793483383 + .word 2794531959 + .word 2795580535 + .word 2796629111 + .word 2797677687 + .word 2798726263 + .word 2799774839 + .word 2800856183 + + .word 797838423 + + # store last block ciphertext + addi a1, a1, -16 + .word 33942567 + + ret +.size aes_xts_enc_256,.-aes_xts_enc_256 +.p2align 3 +.globl rv64i_zvbb_zvkg_zvkned_aes_xts_decrypt +.type rv64i_zvbb_zvkg_zvkned_aes_xts_decrypt,@function +rv64i_zvbb_zvkg_zvkned_aes_xts_decrypt: + # Load number of rounds + lwu t0, 240(a4) + .word 3439489111 + .word 34074119 + .word 34041479 + .word 2815667831 + addi t0, t0, -1 + addi a4, a4, 16 +1: + .word 34041479 + .word 2815503991 + addi t0, t0, -1 + addi a4, a4, 16 + bnez t0, 1b + .word 34041479 + .word 2815536759 + + + # aes block size is 16 + andi a6, a2, 15 + beqz a6, 1f + sub a2, a2, a6 + addi a2, a2, -16 +1: + # We make the `LENGTH` become e32 length here. + srli t4, a2, 2 + + # Load number of rounds + lwu t0, 240(a3) + li t1, 14 + li t2, 10 + beq t0, t1, aes_xts_dec_256 + beq t0, t2, aes_xts_dec_128 +.size rv64i_zvbb_zvkg_zvkned_aes_xts_decrypt,.-rv64i_zvbb_zvkg_zvkned_aes_xts_decrypt +.p2align 3 +aes_xts_dec_128: + # load input + .word 221182167 + .word 33909767 + + li t0, 5 + # We could simplify the initialization steps if we have `block<=1`. + blt t4, t0, 1f + + # Note: We use `vgmul` for GF(2^128) multiplication. The `vgmul` uses + # different order of coefficients. We should use`vbrev8` to reverse the + # data when we use `vgmul`. + .word 3439489111 + .word 1271144535 + .word 221179991 + .word 1577072727 + # v16: [r-IV0, r-IV0, ...] + .word 2785257591 + + # Prepare GF(2^128) multiplier [1, x, x^2, x^3, ...] in v8. + slli t0, t4, 2 + .word 218296407 + # v2: [`1`, `1`, `1`, `1`, ...] + .word 1577103703 + # v3: [`0`, `1`, `2`, `3`, ...] + .word 1376297431 + .word 227733591 + # v4: [`1`, 0, `1`, 0, `1`, 0, `1`, 0, ...] + .word 1243816535 + # v6: [`0`, 0, `1`, 0, `2`, 0, `3`, 0, ...] + .word 1244865367 + slli t0, t4, 1 + .word 219344983 + # v8: [1<<0=1, 0, 0, 0, 1<<1=x, 0, 0, 0, 1<<2=x^2, 0, 0, 0, ...] + .word 3594716247 + + # Compute [r-IV0*1, r-IV0*x, r-IV0*x^2, r-IV0*x^3, ...] in v16 + .word 221179991 + .word 1250174039 + .word 2726865015 + + # Compute [IV0*1, IV0*x, IV0*x^2, IV0*x^3, ...] in v28. + # Reverse the bits order back. + .word 1258565207 + + # Prepare the x^n multiplier in v20. The `n` is the aes-xts block number + # in a LMUL=4 register group. + # n = ((VLEN*LMUL)/(32*4)) = ((VLEN*4)/(32*4)) + # = (VLEN/32) + # We could use vsetvli with `e32, m1` to compute the `n` number. + .word 218133207 + li t1, 1 + sll t0, t1, t0 + .word 3447812183 + .word 1577070679 + .word 3380670551 + .word 1577238615 + .word 3447812183 + .word 1241784407 + .word 221179991 + .word 1577073239 + .word 2785258103 + + j 2f +1: + .word 3439489111 + .word 1271146583 +2: + + .word 3439489111 + .word 34005127 + addi a3, a3, 16 + .word 34005255 + addi a3, a3, 16 + .word 34005383 + addi a3, a3, 16 + .word 34005511 + addi a3, a3, 16 + .word 34005639 + addi a3, a3, 16 + .word 34005767 + addi a3, a3, 16 + .word 34005895 + addi a3, a3, 16 + .word 34006023 + addi a3, a3, 16 + .word 34006151 + addi a3, a3, 16 + .word 34006279 + addi a3, a3, 16 + .word 34006407 + + + beqz t4, 2f + + .word 221182167 + j 1f + +.Ldec_blocks_128: + .word 221182167 + # load ciphertext into v24 + .word 33909767 + # update iv + .word 2739447927 + # reverse the iv's bits order back + .word 1258565207 +1: + .word 797838423 + slli t0, a7, 2 + sub t4, t4, a7 + add a0, a0, t0 + .word 2796792951 + .word 2795514999 + .word 2794466423 + .word 2793417847 + .word 2792369271 + .word 2791320695 + .word 2790272119 + .word 2789223543 + .word 2788174967 + .word 2787126391 + .word 2786110583 + + .word 797838423 + + # store plaintext + .word 33942567 + add a1, a1, t0 + + bnez t4, .Ldec_blocks_128 + +2: + bnez a6, 1f + ret +1: + # load second to last block's ciphertext + .word 3439489111 + .word 33909767 + addi a0, a0, 16 + + # setup `x` multiplier with byte-reversed order + # 0b00000010 => 0b01000000 (0x40) + li t0, 0x40 + .word 3439489111 + .word 1577073239 + .word 3355504727 + .word 1577241175 + + beqz a2, 1f + # slidedown third to last block + addi a7, a7, -4 + .word 3441586263 + # multiplier + .word 1057540183 + + # compute IV for last block + .word 3439489111 + .word 2739447927 + .word 1258565207 + + # compute IV for second to last block + .word 2739447927 + .word 1258565335 + j 2f +1: + # compute IV for second to last block + .word 3439489111 + .word 2739447927 + .word 1258565335 +2: + + + ## xts second to last block + .word 3439489111 + .word 797871191 + .word 2796792951 + .word 2795514999 + .word 2794466423 + .word 2793417847 + .word 2792369271 + .word 2791320695 + .word 2790272119 + .word 2789223543 + .word 2788174967 + .word 2787126391 + .word 2786110583 + + .word 797871191 + .word 1577848023 + + # load last block ciphertext + .word 134770775 + .word 33885191 + + # store second to last block plaintext + addi t0, a1, 16 + .word 33721511 + + ## xts last block + .word 3439489111 + .word 797838423 + .word 2796792951 + .word 2795514999 + .word 2794466423 + .word 2793417847 + .word 2792369271 + .word 2791320695 + .word 2790272119 + .word 2789223543 + .word 2788174967 + .word 2787126391 + .word 2786110583 + + .word 797838423 + + # store second to last block plaintext + .word 33942567 + + ret +.size aes_xts_dec_128,.-aes_xts_dec_128 +.p2align 3 +aes_xts_dec_256: + # load input + .word 221182167 + .word 33909767 + + li t0, 5 + # We could simplify the initialization steps if we have `block<=1`. + blt t4, t0, 1f + + # Note: We use `vgmul` for GF(2^128) multiplication. The `vgmul` uses + # different order of coefficients. We should use`vbrev8` to reverse the + # data when we use `vgmul`. + .word 3439489111 + .word 1271144535 + .word 221179991 + .word 1577072727 + # v16: [r-IV0, r-IV0, ...] + .word 2785257591 + + # Prepare GF(2^128) multiplier [1, x, x^2, x^3, ...] in v8. + slli t0, t4, 2 + .word 218296407 + # v2: [`1`, `1`, `1`, `1`, ...] + .word 1577103703 + # v3: [`0`, `1`, `2`, `3`, ...] + .word 1376297431 + .word 227733591 + # v4: [`1`, 0, `1`, 0, `1`, 0, `1`, 0, ...] + .word 1243816535 + # v6: [`0`, 0, `1`, 0, `2`, 0, `3`, 0, ...] + .word 1244865367 + slli t0, t4, 1 + .word 219344983 + # v8: [1<<0=1, 0, 0, 0, 1<<1=x, 0, 0, 0, 1<<2=x^2, 0, 0, 0, ...] + .word 3594716247 + + # Compute [r-IV0*1, r-IV0*x, r-IV0*x^2, r-IV0*x^3, ...] in v16 + .word 221179991 + .word 1250174039 + .word 2726865015 + + # Compute [IV0*1, IV0*x, IV0*x^2, IV0*x^3, ...] in v28. + # Reverse the bits order back. + .word 1258565207 + + # Prepare the x^n multiplier in v20. The `n` is the aes-xts block number + # in a LMUL=4 register group. + # n = ((VLEN*LMUL)/(32*4)) = ((VLEN*4)/(32*4)) + # = (VLEN/32) + # We could use vsetvli with `e32, m1` to compute the `n` number. + .word 218133207 + li t1, 1 + sll t0, t1, t0 + .word 3447812183 + .word 1577070679 + .word 3380670551 + .word 1577238615 + .word 3447812183 + .word 1241784407 + .word 221179991 + .word 1577073239 + .word 2785258103 + + j 2f +1: + .word 3439489111 + .word 1271146583 +2: + + .word 3439489111 + .word 34005127 + addi a3, a3, 16 + .word 34005255 + addi a3, a3, 16 + .word 34005383 + addi a3, a3, 16 + .word 34005511 + addi a3, a3, 16 + .word 34005639 + addi a3, a3, 16 + .word 34005767 + addi a3, a3, 16 + .word 34005895 + addi a3, a3, 16 + .word 34006023 + addi a3, a3, 16 + .word 34006151 + addi a3, a3, 16 + .word 34006279 + addi a3, a3, 16 + .word 34006407 + addi a3, a3, 16 + .word 34006535 + addi a3, a3, 16 + .word 34006663 + addi a3, a3, 16 + .word 34006791 + addi a3, a3, 16 + .word 34006919 + + + beqz t4, 2f + + .word 221182167 + j 1f + +.Ldec_blocks_256: + .word 221182167 + # load ciphertext into v24 + .word 33909767 + # update iv + .word 2739447927 + # reverse the iv's bits order back + .word 1258565207 +1: + .word 797838423 + slli t0, a7, 2 + sub t4, t4, a7 + add a0, a0, t0 + .word 2800987255 + .word 2799709303 + .word 2798660727 + .word 2797612151 + .word 2796563575 + .word 2795514999 + .word 2794466423 + .word 2793417847 + .word 2792369271 + .word 2791320695 + .word 2790272119 + .word 2789223543 + .word 2788174967 + .word 2787126391 + .word 2786110583 + + .word 797838423 + + # store plaintext + .word 33942567 + add a1, a1, t0 + + bnez t4, .Ldec_blocks_256 + +2: + bnez a6, 1f + ret +1: + # load second to last block's ciphertext + .word 3439489111 + .word 33909767 + addi a0, a0, 16 + + # setup `x` multiplier with byte-reversed order + # 0b00000010 => 0b01000000 (0x40) + li t0, 0x40 + .word 3439489111 + .word 1577073239 + .word 3355504727 + .word 1577241175 + + beqz a2, 1f + # slidedown third to last block + addi a7, a7, -4 + .word 3441586263 + # multiplier + .word 1057540183 + + # compute IV for last block + .word 3439489111 + .word 2739447927 + .word 1258565207 + + # compute IV for second to last block + .word 2739447927 + .word 1258565335 + j 2f +1: + # compute IV for second to last block + .word 3439489111 + .word 2739447927 + .word 1258565335 +2: + + + ## xts second to last block + .word 3439489111 + .word 797871191 + .word 2800987255 + .word 2799709303 + .word 2798660727 + .word 2797612151 + .word 2796563575 + .word 2795514999 + .word 2794466423 + .word 2793417847 + .word 2792369271 + .word 2791320695 + .word 2790272119 + .word 2789223543 + .word 2788174967 + .word 2787126391 + .word 2786110583 + + .word 797871191 + .word 1577848023 + + # load last block ciphertext + .word 134770775 + .word 33885191 + + # store second to last block plaintext + addi t0, a1, 16 + .word 33721511 + + ## xts last block + .word 3439489111 + .word 797838423 + .word 2800987255 + .word 2799709303 + .word 2798660727 + .word 2797612151 + .word 2796563575 + .word 2795514999 + .word 2794466423 + .word 2793417847 + .word 2792369271 + .word 2791320695 + .word 2790272119 + .word 2789223543 + .word 2788174967 + .word 2787126391 + .word 2786110583 + + .word 797838423 + + # store second to last block plaintext + .word 33942567 + + ret +.size aes_xts_dec_256,.-aes_xts_dec_256 diff --git a/contrib/openssl-cmake/asm/crypto/aes/aes-riscv64-zvkb-zvkned.S b/contrib/openssl-cmake/asm/crypto/aes/aes-riscv64-zvkb-zvkned.S new file mode 100644 index 000000000000..2d6a71e355eb --- /dev/null +++ b/contrib/openssl-cmake/asm/crypto/aes/aes-riscv64-zvkb-zvkned.S @@ -0,0 +1,326 @@ +.text +.p2align 3 +.globl rv64i_zvkb_zvkned_ctr32_encrypt_blocks +.type rv64i_zvkb_zvkned_ctr32_encrypt_blocks,@function +rv64i_zvkb_zvkned_ctr32_encrypt_blocks: + beqz a2, 1f + + # Load number of rounds + lwu t0, 240(a3) + li t1, 14 + li t2, 12 + li t3, 10 + + slli t5, a2, 2 + + beq t0, t1, ctr32_encrypt_blocks_256 + beq t0, t2, ctr32_encrypt_blocks_192 + beq t0, t3, ctr32_encrypt_blocks_128 + +1: + ret + +.size rv64i_zvkb_zvkned_ctr32_encrypt_blocks,.-rv64i_zvkb_zvkned_ctr32_encrypt_blocks +.p2align 3 +ctr32_encrypt_blocks_128: + # Load all 11 round keys to v1-v11 registers. + .word 3439489111 + .word 34005127 + addi a3, a3, 16 + .word 34005255 + addi a3, a3, 16 + .word 34005383 + addi a3, a3, 16 + .word 34005511 + addi a3, a3, 16 + .word 34005639 + addi a3, a3, 16 + .word 34005767 + addi a3, a3, 16 + .word 34005895 + addi a3, a3, 16 + .word 34006023 + addi a3, a3, 16 + .word 34006151 + addi a3, a3, 16 + .word 34006279 + addi a3, a3, 16 + .word 34006407 + + # Setup mask into v0 + # The mask pattern for 4*N-th elements + # mask v0: [000100010001....] + # Note: + # We could setup the mask just for the maximum element length instead of + # the VLMAX. + li t0, 0b10001000 + .word 201356247 + .word 1577238615 + # Load IV. + # v31:[IV0, IV1, IV2, big-endian count] + .word 3439489111 + .word 34041735 + # Convert the big-endian counter into little-endian. + .word 3305271383 + .word 1240772567 + # Splat the IV to v16 + .word 221212759 + .word 1577072727 + .word 2817763447 + # Prepare the ctr pattern into v20 + # v20: [x, x, x, 0, x, x, x, 1, x, x, x, 2, ...] + .word 1342712407 + # v16:[IV0, IV1, IV2, count+0, IV0, IV1, IV2, count+1, ...] + .word 86998743 + .word 17434711 + + + ##### AES body + j 2f +1: + .word 86998743 + # Increase ctr in v16. + .word 17811543 +2: + # Load plaintext into v20 + .word 33909255 + slli t0, t4, 2 + srli t6, t4, 2 + sub t5, t5, t4 + add a0, a0, t0 + # Prepare the AES ctr input into v24. + # The ctr data uses big-endian form. + .word 1577585751 + .word 1233431639 + + .word 2786307191 + .word 2787191927 + .word 2788240503 + .word 2789289079 + .word 2790337655 + .word 2791386231 + .word 2792434807 + .word 2793483383 + .word 2794531959 + .word 2795580535 + .word 2796661879 + + # ciphertext + .word 797576279 + + # Store the ciphertext. + .word 33942567 + add a1, a1, t0 + + bnez t5, 1b + + ret +.size ctr32_encrypt_blocks_128,.-ctr32_encrypt_blocks_128 +.p2align 3 +ctr32_encrypt_blocks_192: + # Load all 13 round keys to v1-v13 registers. + .word 3439489111 + .word 34005127 + addi a3, a3, 16 + .word 34005255 + addi a3, a3, 16 + .word 34005383 + addi a3, a3, 16 + .word 34005511 + addi a3, a3, 16 + .word 34005639 + addi a3, a3, 16 + .word 34005767 + addi a3, a3, 16 + .word 34005895 + addi a3, a3, 16 + .word 34006023 + addi a3, a3, 16 + .word 34006151 + addi a3, a3, 16 + .word 34006279 + addi a3, a3, 16 + .word 34006407 + addi a3, a3, 16 + .word 34006535 + addi a3, a3, 16 + .word 34006663 + + # Setup mask into v0 + # The mask pattern for 4*N-th elements + # mask v0: [000100010001....] + # Note: + # We could setup the mask just for the maximum element length instead of + # the VLMAX. + li t0, 0b10001000 + .word 201356247 + .word 1577238615 + # Load IV. + # v31:[IV0, IV1, IV2, big-endian count] + .word 3439489111 + .word 34041735 + # Convert the big-endian counter into little-endian. + .word 3305271383 + .word 1240772567 + # Splat the IV to v16 + .word 221212759 + .word 1577072727 + .word 2817763447 + # Prepare the ctr pattern into v20 + # v20: [x, x, x, 0, x, x, x, 1, x, x, x, 2, ...] + .word 1342712407 + # v16:[IV0, IV1, IV2, count+0, IV0, IV1, IV2, count+1, ...] + .word 86998743 + .word 17434711 + + + ##### AES body + j 2f +1: + .word 86998743 + # Increase ctr in v16. + .word 17811543 +2: + # Load plaintext into v20 + .word 33909255 + slli t0, t4, 2 + srli t6, t4, 2 + sub t5, t5, t4 + add a0, a0, t0 + # Prepare the AES ctr input into v24. + # The ctr data uses big-endian form. + .word 1577585751 + .word 1233431639 + + .word 2786307191 + .word 2787191927 + .word 2788240503 + .word 2789289079 + .word 2790337655 + .word 2791386231 + .word 2792434807 + .word 2793483383 + .word 2794531959 + .word 2795580535 + .word 2796629111 + .word 2797677687 + .word 2798759031 + + # ciphertext + .word 797576279 + + # Store the ciphertext. + .word 33942567 + add a1, a1, t0 + + bnez t5, 1b + + ret +.size ctr32_encrypt_blocks_192,.-ctr32_encrypt_blocks_192 +.p2align 3 +ctr32_encrypt_blocks_256: + # Load all 15 round keys to v1-v15 registers. + .word 3439489111 + .word 34005127 + addi a3, a3, 16 + .word 34005255 + addi a3, a3, 16 + .word 34005383 + addi a3, a3, 16 + .word 34005511 + addi a3, a3, 16 + .word 34005639 + addi a3, a3, 16 + .word 34005767 + addi a3, a3, 16 + .word 34005895 + addi a3, a3, 16 + .word 34006023 + addi a3, a3, 16 + .word 34006151 + addi a3, a3, 16 + .word 34006279 + addi a3, a3, 16 + .word 34006407 + addi a3, a3, 16 + .word 34006535 + addi a3, a3, 16 + .word 34006663 + addi a3, a3, 16 + .word 34006791 + addi a3, a3, 16 + .word 34006919 + + # Setup mask into v0 + # The mask pattern for 4*N-th elements + # mask v0: [000100010001....] + # Note: + # We could setup the mask just for the maximum element length instead of + # the VLMAX. + li t0, 0b10001000 + .word 201356247 + .word 1577238615 + # Load IV. + # v31:[IV0, IV1, IV2, big-endian count] + .word 3439489111 + .word 34041735 + # Convert the big-endian counter into little-endian. + .word 3305271383 + .word 1240772567 + # Splat the IV to v16 + .word 221212759 + .word 1577072727 + .word 2817763447 + # Prepare the ctr pattern into v20 + # v20: [x, x, x, 0, x, x, x, 1, x, x, x, 2, ...] + .word 1342712407 + # v16:[IV0, IV1, IV2, count+0, IV0, IV1, IV2, count+1, ...] + .word 86998743 + .word 17434711 + + + ##### AES body + j 2f +1: + .word 86998743 + # Increase ctr in v16. + .word 17811543 +2: + # Load plaintext into v20 + .word 33909255 + slli t0, t4, 2 + srli t6, t4, 2 + sub t5, t5, t4 + add a0, a0, t0 + # Prepare the AES ctr input into v24. + # The ctr data uses big-endian form. + .word 1577585751 + .word 1233431639 + + .word 2786307191 + .word 2787191927 + .word 2788240503 + .word 2789289079 + .word 2790337655 + .word 2791386231 + .word 2792434807 + .word 2793483383 + .word 2794531959 + .word 2795580535 + .word 2796629111 + .word 2797677687 + .word 2798726263 + .word 2799774839 + .word 2800856183 + + # ciphertext + .word 797576279 + + # Store the ciphertext. + .word 33942567 + add a1, a1, t0 + + bnez t5, 1b + + ret +.size ctr32_encrypt_blocks_256,.-ctr32_encrypt_blocks_256 diff --git a/contrib/openssl-cmake/asm/crypto/aes/aes-riscv64-zvkned.S b/contrib/openssl-cmake/asm/crypto/aes/aes-riscv64-zvkned.S new file mode 100644 index 000000000000..91d1f13940ff --- /dev/null +++ b/contrib/openssl-cmake/asm/crypto/aes/aes-riscv64-zvkned.S @@ -0,0 +1,1401 @@ +.text +.p2align 3 +.globl rv64i_zvkned_cbc_encrypt +.type rv64i_zvkned_cbc_encrypt,@function +rv64i_zvkned_cbc_encrypt: + # check whether the length is a multiple of 16 and >= 16 + li t1, 16 + blt a2, t1, L_end + andi t1, a2, 15 + bnez t1, L_end + + # Load number of rounds + lwu t2, 240(a3) + + # Get proper routine for key size + li t0, 10 + beq t2, t0, L_cbc_enc_128 + + li t0, 12 + beq t2, t0, L_cbc_enc_192 + + li t0, 14 + beq t2, t0, L_cbc_enc_256 + + ret +.size rv64i_zvkned_cbc_encrypt,.-rv64i_zvkned_cbc_encrypt +.p2align 3 +L_cbc_enc_128: + # Load all 11 round keys to v1-v11 registers. + .word 3439489111 + .word 34005127 + addi a3, a3, 16 + .word 34005255 + addi a3, a3, 16 + .word 34005383 + addi a3, a3, 16 + .word 34005511 + addi a3, a3, 16 + .word 34005639 + addi a3, a3, 16 + .word 34005767 + addi a3, a3, 16 + .word 34005895 + addi a3, a3, 16 + .word 34006023 + addi a3, a3, 16 + .word 34006151 + addi a3, a3, 16 + .word 34006279 + addi a3, a3, 16 + .word 34006407 + + + # Load IV. + .word 34039815 + + .word 33909767 + .word 797445207 + j 2f + +1: + .word 33908871 + .word 797477975 + +2: + # AES body + .word 2786307191 # with round key w[ 0, 3] + .word 2787191927 # with round key w[ 4, 7] + .word 2788240503 # with round key w[ 8,11] + .word 2789289079 # with round key w[12,15] + .word 2790337655 # with round key w[16,19] + .word 2791386231 # with round key w[20,23] + .word 2792434807 # with round key w[24,27] + .word 2793483383 # with round key w[28,31] + .word 2794531959 # with round key w[32,35] + .word 2795580535 # with round key w[36,39] + .word 2796661879 # with round key w[40,43] + + + .word 33942567 + + addi a0, a0, 16 + addi a1, a1, 16 + addi a2, a2, -16 + + bnez a2, 1b + + .word 34040871 + + ret +.size L_cbc_enc_128,.-L_cbc_enc_128 +.p2align 3 +L_cbc_enc_192: + # Load all 13 round keys to v1-v13 registers. + .word 3439489111 + .word 34005127 + addi a3, a3, 16 + .word 34005255 + addi a3, a3, 16 + .word 34005383 + addi a3, a3, 16 + .word 34005511 + addi a3, a3, 16 + .word 34005639 + addi a3, a3, 16 + .word 34005767 + addi a3, a3, 16 + .word 34005895 + addi a3, a3, 16 + .word 34006023 + addi a3, a3, 16 + .word 34006151 + addi a3, a3, 16 + .word 34006279 + addi a3, a3, 16 + .word 34006407 + addi a3, a3, 16 + .word 34006535 + addi a3, a3, 16 + .word 34006663 + + + # Load IV. + .word 34039815 + + .word 33909767 + .word 797445207 + j 2f + +1: + .word 33908871 + .word 797477975 + +2: + # AES body + .word 2786307191 # with round key w[ 0, 3] + .word 2787191927 # with round key w[ 4, 7] + .word 2788240503 # with round key w[ 8,11] + .word 2789289079 # with round key w[12,15] + .word 2790337655 # with round key w[16,19] + .word 2791386231 # with round key w[20,23] + .word 2792434807 # with round key w[24,27] + .word 2793483383 # with round key w[28,31] + .word 2794531959 # with round key w[32,35] + .word 2795580535 # with round key w[36,39] + .word 2796629111 # with round key w[40,43] + .word 2797677687 # with round key w[44,47] + .word 2798759031 # with round key w[48,51] + + + .word 33942567 + + addi a0, a0, 16 + addi a1, a1, 16 + addi a2, a2, -16 + + bnez a2, 1b + + .word 34040871 + + ret +.size L_cbc_enc_192,.-L_cbc_enc_192 +.p2align 3 +L_cbc_enc_256: + # Load all 15 round keys to v1-v15 registers. + .word 3439489111 + .word 34005127 + addi a3, a3, 16 + .word 34005255 + addi a3, a3, 16 + .word 34005383 + addi a3, a3, 16 + .word 34005511 + addi a3, a3, 16 + .word 34005639 + addi a3, a3, 16 + .word 34005767 + addi a3, a3, 16 + .word 34005895 + addi a3, a3, 16 + .word 34006023 + addi a3, a3, 16 + .word 34006151 + addi a3, a3, 16 + .word 34006279 + addi a3, a3, 16 + .word 34006407 + addi a3, a3, 16 + .word 34006535 + addi a3, a3, 16 + .word 34006663 + addi a3, a3, 16 + .word 34006791 + addi a3, a3, 16 + .word 34006919 + + + # Load IV. + .word 34039815 + + .word 33909767 + .word 797445207 + j 2f + +1: + .word 33908871 + .word 797477975 + +2: + # AES body + .word 2786307191 # with round key w[ 0, 3] + .word 2787191927 # with round key w[ 4, 7] + .word 2788240503 # with round key w[ 8,11] + .word 2789289079 # with round key w[12,15] + .word 2790337655 # with round key w[16,19] + .word 2791386231 # with round key w[20,23] + .word 2792434807 # with round key w[24,27] + .word 2793483383 # with round key w[28,31] + .word 2794531959 # with round key w[32,35] + .word 2795580535 # with round key w[36,39] + .word 2796629111 # with round key w[40,43] + .word 2797677687 # with round key w[44,47] + .word 2798726263 # with round key w[48,51] + .word 2799774839 # with round key w[52,55] + .word 2800856183 # with round key w[56,59] + + + .word 33942567 + + addi a0, a0, 16 + addi a1, a1, 16 + addi a2, a2, -16 + + bnez a2, 1b + + .word 34040871 + + ret +.size L_cbc_enc_256,.-L_cbc_enc_256 +.p2align 3 +.globl rv64i_zvkned_cbc_decrypt +.type rv64i_zvkned_cbc_decrypt,@function +rv64i_zvkned_cbc_decrypt: + # check whether the length is a multiple of 16 and >= 16 + li t1, 16 + blt a2, t1, L_end + andi t1, a2, 15 + bnez t1, L_end + + # Load number of rounds + lwu t2, 240(a3) + + # Get proper routine for key size + li t0, 10 + beq t2, t0, L_cbc_dec_128 + + li t0, 12 + beq t2, t0, L_cbc_dec_192 + + li t0, 14 + beq t2, t0, L_cbc_dec_256 + + ret +.size rv64i_zvkned_cbc_decrypt,.-rv64i_zvkned_cbc_decrypt +.p2align 3 +L_cbc_dec_128: + # Load all 11 round keys to v1-v11 registers. + .word 3439489111 + .word 34005127 + addi a3, a3, 16 + .word 34005255 + addi a3, a3, 16 + .word 34005383 + addi a3, a3, 16 + .word 34005511 + addi a3, a3, 16 + .word 34005639 + addi a3, a3, 16 + .word 34005767 + addi a3, a3, 16 + .word 34005895 + addi a3, a3, 16 + .word 34006023 + addi a3, a3, 16 + .word 34006151 + addi a3, a3, 16 + .word 34006279 + addi a3, a3, 16 + .word 34006407 + + + # Load IV. + .word 34039815 + + .word 33909767 + .word 1577846999 + j 2f + +1: + .word 33909767 + .word 1577846999 + addi a1, a1, 16 + +2: + # AES body + .word 2796792951 # with round key w[40,43] + .word 2795514999 # with round key w[36,39] + .word 2794466423 # with round key w[32,35] + .word 2793417847 # with round key w[28,31] + .word 2792369271 # with round key w[24,27] + .word 2791320695 # with round key w[20,23] + .word 2790272119 # with round key w[16,19] + .word 2789223543 # with round key w[12,15] + .word 2788174967 # with round key w[ 8,11] + .word 2787126391 # with round key w[ 4, 7] + .word 2786110583 # with round key w[ 0, 3] + + + .word 797445207 + .word 33942567 + .word 1577617495 + + addi a2, a2, -16 + addi a0, a0, 16 + + bnez a2, 1b + + .word 34039847 + + ret +.size L_cbc_dec_128,.-L_cbc_dec_128 +.p2align 3 +L_cbc_dec_192: + # Load all 13 round keys to v1-v13 registers. + .word 3439489111 + .word 34005127 + addi a3, a3, 16 + .word 34005255 + addi a3, a3, 16 + .word 34005383 + addi a3, a3, 16 + .word 34005511 + addi a3, a3, 16 + .word 34005639 + addi a3, a3, 16 + .word 34005767 + addi a3, a3, 16 + .word 34005895 + addi a3, a3, 16 + .word 34006023 + addi a3, a3, 16 + .word 34006151 + addi a3, a3, 16 + .word 34006279 + addi a3, a3, 16 + .word 34006407 + addi a3, a3, 16 + .word 34006535 + addi a3, a3, 16 + .word 34006663 + + + # Load IV. + .word 34039815 + + .word 33909767 + .word 1577846999 + j 2f + +1: + .word 33909767 + .word 1577846999 + addi a1, a1, 16 + +2: + # AES body + .word 2798890103 # with round key w[48,51] + .word 2797612151 # with round key w[44,47] + .word 2796563575 # with round key w[40,43] + .word 2795514999 # with round key w[36,39] + .word 2794466423 # with round key w[32,35] + .word 2793417847 # with round key w[28,31] + .word 2792369271 # with round key w[24,27] + .word 2791320695 # with round key w[20,23] + .word 2790272119 # with round key w[16,19] + .word 2789223543 # with round key w[12,15] + .word 2788174967 # with round key w[ 8,11] + .word 2787126391 # with round key w[ 4, 7] + .word 2786110583 # with round key w[ 0, 3] + + + .word 797445207 + .word 33942567 + .word 1577617495 + + addi a2, a2, -16 + addi a0, a0, 16 + + bnez a2, 1b + + .word 34039847 + + ret +.size L_cbc_dec_192,.-L_cbc_dec_192 +.p2align 3 +L_cbc_dec_256: + # Load all 15 round keys to v1-v15 registers. + .word 3439489111 + .word 34005127 + addi a3, a3, 16 + .word 34005255 + addi a3, a3, 16 + .word 34005383 + addi a3, a3, 16 + .word 34005511 + addi a3, a3, 16 + .word 34005639 + addi a3, a3, 16 + .word 34005767 + addi a3, a3, 16 + .word 34005895 + addi a3, a3, 16 + .word 34006023 + addi a3, a3, 16 + .word 34006151 + addi a3, a3, 16 + .word 34006279 + addi a3, a3, 16 + .word 34006407 + addi a3, a3, 16 + .word 34006535 + addi a3, a3, 16 + .word 34006663 + addi a3, a3, 16 + .word 34006791 + addi a3, a3, 16 + .word 34006919 + + + # Load IV. + .word 34039815 + + .word 33909767 + .word 1577846999 + j 2f + +1: + .word 33909767 + .word 1577846999 + addi a1, a1, 16 + +2: + # AES body + .word 2800987255 # with round key w[56,59] + .word 2799709303 # with round key w[52,55] + .word 2798660727 # with round key w[48,51] + .word 2797612151 # with round key w[44,47] + .word 2796563575 # with round key w[40,43] + .word 2795514999 # with round key w[36,39] + .word 2794466423 # with round key w[32,35] + .word 2793417847 # with round key w[28,31] + .word 2792369271 # with round key w[24,27] + .word 2791320695 # with round key w[20,23] + .word 2790272119 # with round key w[16,19] + .word 2789223543 # with round key w[12,15] + .word 2788174967 # with round key w[ 8,11] + .word 2787126391 # with round key w[ 4, 7] + .word 2786110583 # with round key w[ 0, 3] + + + .word 797445207 + .word 33942567 + .word 1577617495 + + addi a2, a2, -16 + addi a0, a0, 16 + + bnez a2, 1b + + .word 34039847 + + ret +.size L_cbc_dec_256,.-L_cbc_dec_256 +.p2align 3 +.globl rv64i_zvkned_ecb_encrypt +.type rv64i_zvkned_ecb_encrypt,@function +rv64i_zvkned_ecb_encrypt: + # Make the LEN become e32 length. + srli t3, a2, 2 + + # Load number of rounds + lwu t2, 240(a3) + + # Get proper routine for key size + li t0, 10 + beq t2, t0, L_ecb_enc_128 + + li t0, 12 + beq t2, t0, L_ecb_enc_192 + + li t0, 14 + beq t2, t0, L_ecb_enc_256 + + ret +.size rv64i_zvkned_ecb_encrypt,.-rv64i_zvkned_ecb_encrypt +.p2align 3 +L_ecb_enc_128: + # Load all 11 round keys to v1-v11 registers. + .word 3439489111 + .word 34005127 + addi a3, a3, 16 + .word 34005255 + addi a3, a3, 16 + .word 34005383 + addi a3, a3, 16 + .word 34005511 + addi a3, a3, 16 + .word 34005639 + addi a3, a3, 16 + .word 34005767 + addi a3, a3, 16 + .word 34005895 + addi a3, a3, 16 + .word 34006023 + addi a3, a3, 16 + .word 34006151 + addi a3, a3, 16 + .word 34006279 + addi a3, a3, 16 + .word 34006407 + + +1: + .word 221149271 + slli t0, a6, 2 + sub t3, t3, a6 + + .word 33909767 + + # AES body + .word 2786307191 # with round key w[ 0, 3] + .word 2787191927 # with round key w[ 4, 7] + .word 2788240503 # with round key w[ 8,11] + .word 2789289079 # with round key w[12,15] + .word 2790337655 # with round key w[16,19] + .word 2791386231 # with round key w[20,23] + .word 2792434807 # with round key w[24,27] + .word 2793483383 # with round key w[28,31] + .word 2794531959 # with round key w[32,35] + .word 2795580535 # with round key w[36,39] + .word 2796661879 # with round key w[40,43] + + + .word 33942567 + + add a0, a0, t0 + add a1, a1, t0 + + bnez t3, 1b + + ret +.size L_ecb_enc_128,.-L_ecb_enc_128 +.p2align 3 +L_ecb_enc_192: + # Load all 13 round keys to v1-v13 registers. + .word 3439489111 + .word 34005127 + addi a3, a3, 16 + .word 34005255 + addi a3, a3, 16 + .word 34005383 + addi a3, a3, 16 + .word 34005511 + addi a3, a3, 16 + .word 34005639 + addi a3, a3, 16 + .word 34005767 + addi a3, a3, 16 + .word 34005895 + addi a3, a3, 16 + .word 34006023 + addi a3, a3, 16 + .word 34006151 + addi a3, a3, 16 + .word 34006279 + addi a3, a3, 16 + .word 34006407 + addi a3, a3, 16 + .word 34006535 + addi a3, a3, 16 + .word 34006663 + + +1: + .word 221149271 + slli t0, a6, 2 + sub t3, t3, a6 + + .word 33909767 + + # AES body + .word 2786307191 # with round key w[ 0, 3] + .word 2787191927 # with round key w[ 4, 7] + .word 2788240503 # with round key w[ 8,11] + .word 2789289079 # with round key w[12,15] + .word 2790337655 # with round key w[16,19] + .word 2791386231 # with round key w[20,23] + .word 2792434807 # with round key w[24,27] + .word 2793483383 # with round key w[28,31] + .word 2794531959 # with round key w[32,35] + .word 2795580535 # with round key w[36,39] + .word 2796629111 # with round key w[40,43] + .word 2797677687 # with round key w[44,47] + .word 2798759031 # with round key w[48,51] + + + .word 33942567 + + add a0, a0, t0 + add a1, a1, t0 + + bnez t3, 1b + + ret +.size L_ecb_enc_192,.-L_ecb_enc_192 +.p2align 3 +L_ecb_enc_256: + # Load all 15 round keys to v1-v15 registers. + .word 3439489111 + .word 34005127 + addi a3, a3, 16 + .word 34005255 + addi a3, a3, 16 + .word 34005383 + addi a3, a3, 16 + .word 34005511 + addi a3, a3, 16 + .word 34005639 + addi a3, a3, 16 + .word 34005767 + addi a3, a3, 16 + .word 34005895 + addi a3, a3, 16 + .word 34006023 + addi a3, a3, 16 + .word 34006151 + addi a3, a3, 16 + .word 34006279 + addi a3, a3, 16 + .word 34006407 + addi a3, a3, 16 + .word 34006535 + addi a3, a3, 16 + .word 34006663 + addi a3, a3, 16 + .word 34006791 + addi a3, a3, 16 + .word 34006919 + + +1: + .word 221149271 + slli t0, a6, 2 + sub t3, t3, a6 + + .word 33909767 + + # AES body + .word 2786307191 # with round key w[ 0, 3] + .word 2787191927 # with round key w[ 4, 7] + .word 2788240503 # with round key w[ 8,11] + .word 2789289079 # with round key w[12,15] + .word 2790337655 # with round key w[16,19] + .word 2791386231 # with round key w[20,23] + .word 2792434807 # with round key w[24,27] + .word 2793483383 # with round key w[28,31] + .word 2794531959 # with round key w[32,35] + .word 2795580535 # with round key w[36,39] + .word 2796629111 # with round key w[40,43] + .word 2797677687 # with round key w[44,47] + .word 2798726263 # with round key w[48,51] + .word 2799774839 # with round key w[52,55] + .word 2800856183 # with round key w[56,59] + + + .word 33942567 + + add a0, a0, t0 + add a1, a1, t0 + + bnez t3, 1b + + ret +.size L_ecb_enc_256,.-L_ecb_enc_256 +.p2align 3 +.globl rv64i_zvkned_ecb_decrypt +.type rv64i_zvkned_ecb_decrypt,@function +rv64i_zvkned_ecb_decrypt: + # Make the LEN become e32 length. + srli t3, a2, 2 + + # Load number of rounds + lwu t2, 240(a3) + + # Get proper routine for key size + li t0, 10 + beq t2, t0, L_ecb_dec_128 + + li t0, 12 + beq t2, t0, L_ecb_dec_192 + + li t0, 14 + beq t2, t0, L_ecb_dec_256 + + ret +.size rv64i_zvkned_ecb_decrypt,.-rv64i_zvkned_ecb_decrypt +.p2align 3 +L_ecb_dec_128: + # Load all 11 round keys to v1-v11 registers. + .word 3439489111 + .word 34005127 + addi a3, a3, 16 + .word 34005255 + addi a3, a3, 16 + .word 34005383 + addi a3, a3, 16 + .word 34005511 + addi a3, a3, 16 + .word 34005639 + addi a3, a3, 16 + .word 34005767 + addi a3, a3, 16 + .word 34005895 + addi a3, a3, 16 + .word 34006023 + addi a3, a3, 16 + .word 34006151 + addi a3, a3, 16 + .word 34006279 + addi a3, a3, 16 + .word 34006407 + + +1: + .word 221149271 + slli t0, a6, 2 + sub t3, t3, a6 + + .word 33909767 + + # AES body + .word 2796792951 # with round key w[40,43] + .word 2795514999 # with round key w[36,39] + .word 2794466423 # with round key w[32,35] + .word 2793417847 # with round key w[28,31] + .word 2792369271 # with round key w[24,27] + .word 2791320695 # with round key w[20,23] + .word 2790272119 # with round key w[16,19] + .word 2789223543 # with round key w[12,15] + .word 2788174967 # with round key w[ 8,11] + .word 2787126391 # with round key w[ 4, 7] + .word 2786110583 # with round key w[ 0, 3] + + + .word 33942567 + + add a0, a0, t0 + add a1, a1, t0 + + bnez t3, 1b + + ret +.size L_ecb_dec_128,.-L_ecb_dec_128 +.p2align 3 +L_ecb_dec_192: + # Load all 13 round keys to v1-v13 registers. + .word 3439489111 + .word 34005127 + addi a3, a3, 16 + .word 34005255 + addi a3, a3, 16 + .word 34005383 + addi a3, a3, 16 + .word 34005511 + addi a3, a3, 16 + .word 34005639 + addi a3, a3, 16 + .word 34005767 + addi a3, a3, 16 + .word 34005895 + addi a3, a3, 16 + .word 34006023 + addi a3, a3, 16 + .word 34006151 + addi a3, a3, 16 + .word 34006279 + addi a3, a3, 16 + .word 34006407 + addi a3, a3, 16 + .word 34006535 + addi a3, a3, 16 + .word 34006663 + + +1: + .word 221149271 + slli t0, a6, 2 + sub t3, t3, a6 + + .word 33909767 + + # AES body + .word 2798890103 # with round key w[48,51] + .word 2797612151 # with round key w[44,47] + .word 2796563575 # with round key w[40,43] + .word 2795514999 # with round key w[36,39] + .word 2794466423 # with round key w[32,35] + .word 2793417847 # with round key w[28,31] + .word 2792369271 # with round key w[24,27] + .word 2791320695 # with round key w[20,23] + .word 2790272119 # with round key w[16,19] + .word 2789223543 # with round key w[12,15] + .word 2788174967 # with round key w[ 8,11] + .word 2787126391 # with round key w[ 4, 7] + .word 2786110583 # with round key w[ 0, 3] + + + .word 33942567 + + add a0, a0, t0 + add a1, a1, t0 + + bnez t3, 1b + + ret +.size L_ecb_dec_192,.-L_ecb_dec_192 +.p2align 3 +L_ecb_dec_256: + # Load all 15 round keys to v1-v15 registers. + .word 3439489111 + .word 34005127 + addi a3, a3, 16 + .word 34005255 + addi a3, a3, 16 + .word 34005383 + addi a3, a3, 16 + .word 34005511 + addi a3, a3, 16 + .word 34005639 + addi a3, a3, 16 + .word 34005767 + addi a3, a3, 16 + .word 34005895 + addi a3, a3, 16 + .word 34006023 + addi a3, a3, 16 + .word 34006151 + addi a3, a3, 16 + .word 34006279 + addi a3, a3, 16 + .word 34006407 + addi a3, a3, 16 + .word 34006535 + addi a3, a3, 16 + .word 34006663 + addi a3, a3, 16 + .word 34006791 + addi a3, a3, 16 + .word 34006919 + + +1: + .word 221149271 + slli t0, a6, 2 + sub t3, t3, a6 + + .word 33909767 + + # AES body + .word 2800987255 # with round key w[56,59] + .word 2799709303 # with round key w[52,55] + .word 2798660727 # with round key w[48,51] + .word 2797612151 # with round key w[44,47] + .word 2796563575 # with round key w[40,43] + .word 2795514999 # with round key w[36,39] + .word 2794466423 # with round key w[32,35] + .word 2793417847 # with round key w[28,31] + .word 2792369271 # with round key w[24,27] + .word 2791320695 # with round key w[20,23] + .word 2790272119 # with round key w[16,19] + .word 2789223543 # with round key w[12,15] + .word 2788174967 # with round key w[ 8,11] + .word 2787126391 # with round key w[ 4, 7] + .word 2786110583 # with round key w[ 0, 3] + + + .word 33942567 + + add a0, a0, t0 + add a1, a1, t0 + + bnez t3, 1b + + ret +.size L_ecb_dec_256,.-L_ecb_dec_256 +.p2align 3 +.globl rv64i_zvkned_set_encrypt_key +.type rv64i_zvkned_set_encrypt_key,@function +rv64i_zvkned_set_encrypt_key: + beqz a0, L_fail_m1 + beqz a2, L_fail_m1 + + # Get proper routine for key size + li t1, 256 + beq a1, t1, L_set_key_256 + li t1, 128 + beq a1, t1, L_set_key_128 + + j L_fail_m2 + +.size rv64i_zvkned_set_encrypt_key,.-rv64i_zvkned_set_encrypt_key +.p2align 3 +.globl rv64i_zvkned_set_decrypt_key +.type rv64i_zvkned_set_decrypt_key,@function +rv64i_zvkned_set_decrypt_key: + beqz a0, L_fail_m1 + beqz a2, L_fail_m1 + + # Get proper routine for key size + li t1, 256 + beq a1, t1, L_set_key_256 + li t1, 128 + beq a1, t1, L_set_key_128 + + j L_fail_m2 + +.size rv64i_zvkned_set_decrypt_key,.-rv64i_zvkned_set_decrypt_key +.p2align 3 +L_set_key_128: + # Store the number of rounds + li t2, 10 + sw t2, 240(a2) + + .word 0xc1027057 + + # Load the key + .word 33907975 + + # Generate keys for round 2-11 into registers v11-v20. + .word 2325784055 # v11 <- rk2 (w[ 4, 7]) + .word 2326865527 # v12 <- rk3 (w[ 8,11]) + .word 2327946999 # v13 <- rk4 (w[12,15]) + .word 2329028471 # v14 <- rk5 (w[16,19]) + .word 2330109943 # v15 <- rk6 (w[20,23]) + .word 2331191415 # v16 <- rk7 (w[24,27]) + .word 2332272887 # v17 <- rk8 (w[28,31]) + .word 2333354359 # v18 <- rk9 (w[32,35]) + .word 2334435831 # v19 <- rk10 (w[36,39]) + .word 2335517303 # v20 <- rk11 (w[40,43]) + + # Store the round keys + .word 33973543 + addi a2, a2, 16 + .word 33973671 + addi a2, a2, 16 + .word 33973799 + addi a2, a2, 16 + .word 33973927 + addi a2, a2, 16 + .word 33974055 + addi a2, a2, 16 + .word 33974183 + addi a2, a2, 16 + .word 33974311 + addi a2, a2, 16 + .word 33974439 + addi a2, a2, 16 + .word 33974567 + addi a2, a2, 16 + .word 33974695 + addi a2, a2, 16 + .word 33974823 + + li a0, 1 + ret +.size L_set_key_128,.-L_set_key_128 +.p2align 3 +L_set_key_256: + # Store the number of rounds + li t2, 14 + sw t2, 240(a2) + + .word 0xc1027057 + + # Load the key + .word 33907975 + addi a0, a0, 16 + .word 33908103 + + .word 1577387607 + .word 2863736439 + .word 1577420503 + .word 2864817911 + .word 1577453399 + .word 2865899383 + .word 1577486295 + .word 2866980855 + .word 1577519191 + .word 2868062327 + .word 1577552087 + .word 2869143799 + .word 1577584983 + .word 2870225271 + .word 1577617879 + .word 2871306743 + .word 1577650775 + .word 2872388215 + .word 1577683671 + .word 2873469687 + .word 1577716567 + .word 2874551159 + .word 1577749463 + .word 2875632631 + .word 1577782359 + .word 2876714103 + + .word 33973543 + addi a2, a2, 16 + .word 33973671 + addi a2, a2, 16 + .word 33973799 + addi a2, a2, 16 + .word 33973927 + addi a2, a2, 16 + .word 33974055 + addi a2, a2, 16 + .word 33974183 + addi a2, a2, 16 + .word 33974311 + addi a2, a2, 16 + .word 33974439 + addi a2, a2, 16 + .word 33974567 + addi a2, a2, 16 + .word 33974695 + addi a2, a2, 16 + .word 33974823 + addi a2, a2, 16 + .word 33974951 + addi a2, a2, 16 + .word 33975079 + addi a2, a2, 16 + .word 33975207 + addi a2, a2, 16 + .word 33975335 + + li a0, 1 + ret +.size L_set_key_256,.-L_set_key_256 +.p2align 3 +.globl rv64i_zvkned_encrypt +.type rv64i_zvkned_encrypt,@function +rv64i_zvkned_encrypt: + # Load number of rounds + lwu t5, 240(a2) + + # Get proper routine for key size + li t6, 14 + beq t5, t6, L_enc_256 + li t6, 10 + beq t5, t6, L_enc_128 + li t6, 12 + beq t5, t6, L_enc_192 + + j L_fail_m2 +.size rv64i_zvkned_encrypt,.-rv64i_zvkned_encrypt +.p2align 3 +L_enc_128: + .word 3439489111 + + .word 33906823 + + .word 33973511 + .word 2795741431 # with round key w[ 0, 3] + addi a2, a2, 16 + .word 33973639 + .word 2796626167 # with round key w[ 4, 7] + addi a2, a2, 16 + .word 33973767 + .word 2797674743 # with round key w[ 8,11] + addi a2, a2, 16 + .word 33973895 + .word 2798723319 # with round key w[12,15] + addi a2, a2, 16 + .word 33974023 + .word 2799771895 # with round key w[16,19] + addi a2, a2, 16 + .word 33974151 + .word 2800820471 # with round key w[20,23] + addi a2, a2, 16 + .word 33974279 + .word 2801869047 # with round key w[24,27] + addi a2, a2, 16 + .word 33974407 + .word 2802917623 # with round key w[28,31] + addi a2, a2, 16 + .word 33974535 + .word 2803966199 # with round key w[32,35] + addi a2, a2, 16 + .word 33974663 + .word 2805014775 # with round key w[36,39] + addi a2, a2, 16 + .word 33974791 + .word 2806096119 # with round key w[40,43] + + .word 33939623 + + ret +.size L_enc_128,.-L_enc_128 +.p2align 3 +L_enc_192: + .word 3439489111 + + .word 33906823 + + .word 33973511 + .word 2795741431 # with round key w[ 0, 3] + addi a2, a2, 16 + .word 33973639 + .word 2796626167 + addi a2, a2, 16 + .word 33973767 + .word 2797674743 + addi a2, a2, 16 + .word 33973895 + .word 2798723319 + addi a2, a2, 16 + .word 33974023 + .word 2799771895 + addi a2, a2, 16 + .word 33974151 + .word 2800820471 + addi a2, a2, 16 + .word 33974279 + .word 2801869047 + addi a2, a2, 16 + .word 33974407 + .word 2802917623 + addi a2, a2, 16 + .word 33974535 + .word 2803966199 + addi a2, a2, 16 + .word 33974663 + .word 2805014775 + addi a2, a2, 16 + .word 33974791 + .word 2806063351 + addi a2, a2, 16 + .word 33974919 + .word 2807111927 + addi a2, a2, 16 + .word 33975047 + .word 2808193271 + + .word 33939623 + ret +.size L_enc_192,.-L_enc_192 +.p2align 3 +L_enc_256: + .word 3439489111 + + .word 33906823 + + .word 33973511 + .word 2795741431 # with round key w[ 0, 3] + addi a2, a2, 16 + .word 33973639 + .word 2796626167 + addi a2, a2, 16 + .word 33973767 + .word 2797674743 + addi a2, a2, 16 + .word 33973895 + .word 2798723319 + addi a2, a2, 16 + .word 33974023 + .word 2799771895 + addi a2, a2, 16 + .word 33974151 + .word 2800820471 + addi a2, a2, 16 + .word 33974279 + .word 2801869047 + addi a2, a2, 16 + .word 33974407 + .word 2802917623 + addi a2, a2, 16 + .word 33974535 + .word 2803966199 + addi a2, a2, 16 + .word 33974663 + .word 2805014775 + addi a2, a2, 16 + .word 33974791 + .word 2806063351 + addi a2, a2, 16 + .word 33974919 + .word 2807111927 + addi a2, a2, 16 + .word 33975047 + .word 2808160503 + addi a2, a2, 16 + .word 33975175 + .word 2809209079 + addi a2, a2, 16 + .word 33975303 + .word 2810290423 + + .word 33939623 + ret +.size L_enc_256,.-L_enc_256 +.p2align 3 +.globl rv64i_zvkned_decrypt +.type rv64i_zvkned_decrypt,@function +rv64i_zvkned_decrypt: + # Load number of rounds + lwu t5, 240(a2) + + # Get proper routine for key size + li t6, 14 + beq t5, t6, L_dec_256 + li t6, 10 + beq t5, t6, L_dec_128 + li t6, 12 + beq t5, t6, L_dec_192 + + j L_fail_m2 +.size rv64i_zvkned_decrypt,.-rv64i_zvkned_decrypt +.p2align 3 +L_dec_128: + .word 3439489111 + + .word 33906823 + + addi a2, a2, 160 + .word 33974791 + .word 2806227191 # with round key w[40,43] + addi a2, a2, -16 + .word 33974663 + .word 2804949239 # with round key w[36,39] + addi a2, a2, -16 + .word 33974535 + .word 2803900663 # with round key w[32,35] + addi a2, a2, -16 + .word 33974407 + .word 2802852087 # with round key w[28,31] + addi a2, a2, -16 + .word 33974279 + .word 2801803511 # with round key w[24,27] + addi a2, a2, -16 + .word 33974151 + .word 2800754935 # with round key w[20,23] + addi a2, a2, -16 + .word 33974023 + .word 2799706359 # with round key w[16,19] + addi a2, a2, -16 + .word 33973895 + .word 2798657783 # with round key w[12,15] + addi a2, a2, -16 + .word 33973767 + .word 2797609207 # with round key w[ 8,11] + addi a2, a2, -16 + .word 33973639 + .word 2796560631 # with round key w[ 4, 7] + addi a2, a2, -16 + .word 33973511 + .word 2795544823 # with round key w[ 0, 3] + + .word 33939623 + + ret +.size L_dec_128,.-L_dec_128 +.p2align 3 +L_dec_192: + .word 3439489111 + + .word 33906823 + + addi a2, a2, 192 + .word 33975047 + .word 2808324343 # with round key w[48,51] + addi a2, a2, -16 + .word 33974919 + .word 2807046391 # with round key w[44,47] + addi a2, a2, -16 + .word 33974791 + .word 2805997815 # with round key w[40,43] + addi a2, a2, -16 + .word 33974663 + .word 2804949239 # with round key w[36,39] + addi a2, a2, -16 + .word 33974535 + .word 2803900663 # with round key w[32,35] + addi a2, a2, -16 + .word 33974407 + .word 2802852087 # with round key w[28,31] + addi a2, a2, -16 + .word 33974279 + .word 2801803511 # with round key w[24,27] + addi a2, a2, -16 + .word 33974151 + .word 2800754935 # with round key w[20,23] + addi a2, a2, -16 + .word 33974023 + .word 2799706359 # with round key w[16,19] + addi a2, a2, -16 + .word 33973895 + .word 2798657783 # with round key w[12,15] + addi a2, a2, -16 + .word 33973767 + .word 2797609207 # with round key w[ 8,11] + addi a2, a2, -16 + .word 33973639 + .word 2796560631 # with round key w[ 4, 7] + addi a2, a2, -16 + .word 33973511 + .word 2795544823 # with round key w[ 0, 3] + + .word 33939623 + + ret +.size L_dec_192,.-L_dec_192 +.p2align 3 +L_dec_256: + .word 3439489111 + + .word 33906823 + + addi a2, a2, 224 + .word 33975303 + .word 2810421495 # with round key w[56,59] + addi a2, a2, -16 + .word 33975175 + .word 2809143543 # with round key w[52,55] + addi a2, a2, -16 + .word 33975047 + .word 2808094967 # with round key w[48,51] + addi a2, a2, -16 + .word 33974919 + .word 2807046391 # with round key w[44,47] + addi a2, a2, -16 + .word 33974791 + .word 2805997815 # with round key w[40,43] + addi a2, a2, -16 + .word 33974663 + .word 2804949239 # with round key w[36,39] + addi a2, a2, -16 + .word 33974535 + .word 2803900663 # with round key w[32,35] + addi a2, a2, -16 + .word 33974407 + .word 2802852087 # with round key w[28,31] + addi a2, a2, -16 + .word 33974279 + .word 2801803511 # with round key w[24,27] + addi a2, a2, -16 + .word 33974151 + .word 2800754935 # with round key w[20,23] + addi a2, a2, -16 + .word 33974023 + .word 2799706359 # with round key w[16,19] + addi a2, a2, -16 + .word 33973895 + .word 2798657783 # with round key w[12,15] + addi a2, a2, -16 + .word 33973767 + .word 2797609207 # with round key w[ 8,11] + addi a2, a2, -16 + .word 33973639 + .word 2796560631 # with round key w[ 4, 7] + addi a2, a2, -16 + .word 33973511 + .word 2795544823 # with round key w[ 0, 3] + + .word 33939623 + + ret +.size L_dec_256,.-L_dec_256 +L_fail_m1: + li a0, -1 + ret +.size L_fail_m1,.-L_fail_m1 + +L_fail_m2: + li a0, -2 + ret +.size L_fail_m2,.-L_fail_m2 + +L_end: + ret +.size L_end,.-L_end diff --git a/contrib/openssl-cmake/asm/crypto/aes/aes-s390x.S b/contrib/openssl-cmake/asm/crypto/aes/aes-s390x.S index c432d017beb3..db245d308c49 100644 --- a/contrib/openssl-cmake/asm/crypto/aes/aes-s390x.S +++ b/contrib/openssl-cmake/asm/crypto/aes/aes-s390x.S @@ -1614,6 +1614,9 @@ AES_ctr32_encrypt: stg %r11,0(%r15) # backchain la %r1,160(%r15) + xc 160+0(64,%r15),160+0(%r15) # clear reserved/unused + # in parameter block + lmg %r10,%r11,0(%r5) # copy key stg %r10,160+80(%r15) stg %r11,160+88(%r15) diff --git a/contrib/openssl-cmake/asm/crypto/aes/aes-x86_64.s b/contrib/openssl-cmake/asm/crypto/aes/aes-x86_64.s index 22a6481f84b9..b210921d7753 100644 --- a/contrib/openssl-cmake/asm/crypto/aes/aes-x86_64.s +++ b/contrib/openssl-cmake/asm/crypto/aes/aes-x86_64.s @@ -1870,6 +1870,7 @@ AES_cbc_encrypt: .byte 0xf3,0xc3 .cfi_endproc .size AES_cbc_encrypt,.-AES_cbc_encrypt +.section .rodata .align 64 .LAES_Te: .long 0xa56363c6,0xa56363c6 @@ -2656,3 +2657,4 @@ AES_cbc_encrypt: .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 .byte 65,69,83,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 64 +.previous diff --git a/contrib/openssl-cmake/asm/crypto/aes/aesni-sha1-x86_64.s b/contrib/openssl-cmake/asm/crypto/aes/aesni-sha1-x86_64.s index a38e21f0484e..bb8105cef0c0 100644 --- a/contrib/openssl-cmake/asm/crypto/aes/aesni-sha1-x86_64.s +++ b/contrib/openssl-cmake/asm/crypto/aes/aesni-sha1-x86_64.s @@ -2718,6 +2718,7 @@ aesni_cbc_sha1_enc_avx: .byte 0xf3,0xc3 .cfi_endproc .size aesni_cbc_sha1_enc_avx,.-aesni_cbc_sha1_enc_avx +.section .rodata .align 64 K_XX_XX: .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 @@ -2729,6 +2730,7 @@ K_XX_XX: .byte 65,69,83,78,73,45,67,66,67,43,83,72,65,49,32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 64 +.previous .type aesni_cbc_sha1_enc_shaext,@function .align 32 aesni_cbc_sha1_enc_shaext: diff --git a/contrib/openssl-cmake/asm/crypto/aes/aesni-sha256-x86_64.s b/contrib/openssl-cmake/asm/crypto/aes/aesni-sha256-x86_64.s index 3e56a82578a3..fb156de5edae 100644 --- a/contrib/openssl-cmake/asm/crypto/aes/aesni-sha256-x86_64.s +++ b/contrib/openssl-cmake/asm/crypto/aes/aesni-sha256-x86_64.s @@ -34,6 +34,7 @@ aesni_cbc_sha256_enc: .cfi_endproc .size aesni_cbc_sha256_enc,.-aesni_cbc_sha256_enc +.section .rodata .align 64 .type K256,@object K256: @@ -76,6 +77,7 @@ K256: .long 0,0,0,0, 0,0,0,0 .byte 65,69,83,78,73,45,67,66,67,43,83,72,65,50,53,54,32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 64 +.previous .type aesni_cbc_sha256_enc_xop,@function .align 64 aesni_cbc_sha256_enc_xop: diff --git a/contrib/openssl-cmake/asm/crypto/aes/aesni-x86_64.s b/contrib/openssl-cmake/asm/crypto/aes/aesni-x86_64.s index df38c807abcd..6f79d526a264 100644 --- a/contrib/openssl-cmake/asm/crypto/aes/aesni-x86_64.s +++ b/contrib/openssl-cmake/asm/crypto/aes/aesni-x86_64.s @@ -4461,6 +4461,7 @@ __aesni_set_encrypt_key: .cfi_endproc .size aesni_set_encrypt_key,.-aesni_set_encrypt_key .size __aesni_set_encrypt_key,.-__aesni_set_encrypt_key +.section .rodata .align 64 .Lbswap_mask: .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 @@ -4483,3 +4484,4 @@ __aesni_set_encrypt_key: .byte 65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 64 +.previous diff --git a/contrib/openssl-cmake/asm/crypto/aes/aesni-xts-avx512.s b/contrib/openssl-cmake/asm/crypto/aes/aesni-xts-avx512.s new file mode 100644 index 000000000000..aede66622e76 --- /dev/null +++ b/contrib/openssl-cmake/asm/crypto/aes/aesni-xts-avx512.s @@ -0,0 +1,8124 @@ +.text + +.globl aesni_xts_avx512_eligible +.type aesni_xts_avx512_eligible,@function +.align 32 +aesni_xts_avx512_eligible: + movl OPENSSL_ia32cap_P+8(%rip),%ecx + xorl %eax,%eax + + andl $0xc0030000,%ecx + cmpl $0xc0030000,%ecx + jne .L_done + movl OPENSSL_ia32cap_P+12(%rip),%ecx + + andl $0x640,%ecx + cmpl $0x640,%ecx + cmovel %ecx,%eax +.L_done: + .byte 0xf3,0xc3 +.size aesni_xts_avx512_eligible, .-aesni_xts_avx512_eligible +.globl aesni_xts_128_encrypt_avx512 +.hidden aesni_xts_128_encrypt_avx512 +.type aesni_xts_128_encrypt_avx512,@function +.align 32 +aesni_xts_128_encrypt_avx512: +.cfi_startproc +.byte 243,15,30,250 + pushq %rbp + movq %rsp,%rbp + subq $136,%rsp + andq $0xffffffffffffffc0,%rsp + movq %rbx,128(%rsp) + movq $0x87,%r10 + vmovdqu (%r9),%xmm1 + vpxor (%r8),%xmm1,%xmm1 + vaesenc 16(%r8),%xmm1,%xmm1 + vaesenc 32(%r8),%xmm1,%xmm1 + vaesenc 48(%r8),%xmm1,%xmm1 + vaesenc 64(%r8),%xmm1,%xmm1 + vaesenc 80(%r8),%xmm1,%xmm1 + vaesenc 96(%r8),%xmm1,%xmm1 + vaesenc 112(%r8),%xmm1,%xmm1 + vaesenc 128(%r8),%xmm1,%xmm1 + vaesenc 144(%r8),%xmm1,%xmm1 + vaesenclast 160(%r8),%xmm1,%xmm1 + vmovdqa %xmm1,(%rsp) + + cmpq $0x80,%rdx + jl .L_less_than_128_bytes_hEgxyDlCngwrfFe + vpbroadcastq %r10,%zmm25 + cmpq $0x100,%rdx + jge .L_start_by16_hEgxyDlCngwrfFe + cmpq $0x80,%rdx + jge .L_start_by8_hEgxyDlCngwrfFe + +.L_do_n_blocks_hEgxyDlCngwrfFe: + cmpq $0x0,%rdx + je .L_ret_hEgxyDlCngwrfFe + cmpq $0x70,%rdx + jge .L_remaining_num_blocks_is_7_hEgxyDlCngwrfFe + cmpq $0x60,%rdx + jge .L_remaining_num_blocks_is_6_hEgxyDlCngwrfFe + cmpq $0x50,%rdx + jge .L_remaining_num_blocks_is_5_hEgxyDlCngwrfFe + cmpq $0x40,%rdx + jge .L_remaining_num_blocks_is_4_hEgxyDlCngwrfFe + cmpq $0x30,%rdx + jge .L_remaining_num_blocks_is_3_hEgxyDlCngwrfFe + cmpq $0x20,%rdx + jge .L_remaining_num_blocks_is_2_hEgxyDlCngwrfFe + cmpq $0x10,%rdx + jge .L_remaining_num_blocks_is_1_hEgxyDlCngwrfFe + vmovdqa %xmm0,%xmm8 + vmovdqa %xmm9,%xmm0 + jmp .L_steal_cipher_hEgxyDlCngwrfFe + +.L_remaining_num_blocks_is_7_hEgxyDlCngwrfFe: + movq $0x0000ffffffffffff,%r8 + kmovq %r8,%k1 + vmovdqu8 (%rdi),%zmm1 + vmovdqu8 64(%rdi),%zmm2{%k1} + addq $0x70,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vpternlogq $0x96,%zmm0,%zmm10,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vaesenclast %zmm0,%zmm2,%zmm2 + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %zmm2,64(%rsi){%k1} + addq $0x70,%rsi + vextracti32x4 $0x2,%zmm2,%xmm8 + vextracti32x4 $0x3,%zmm10,%xmm0 + andq $0xf,%rdx + je .L_ret_hEgxyDlCngwrfFe + jmp .L_steal_cipher_hEgxyDlCngwrfFe + +.L_remaining_num_blocks_is_6_hEgxyDlCngwrfFe: + vmovdqu8 (%rdi),%zmm1 + vmovdqu8 64(%rdi),%ymm2 + addq $0x60,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vpternlogq $0x96,%zmm0,%zmm10,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vaesenclast %zmm0,%zmm2,%zmm2 + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %ymm2,64(%rsi) + addq $0x60,%rsi + vextracti32x4 $0x1,%zmm2,%xmm8 + vextracti32x4 $0x2,%zmm10,%xmm0 + andq $0xf,%rdx + je .L_ret_hEgxyDlCngwrfFe + jmp .L_steal_cipher_hEgxyDlCngwrfFe + +.L_remaining_num_blocks_is_5_hEgxyDlCngwrfFe: + vmovdqu8 (%rdi),%zmm1 + vmovdqu 64(%rdi),%xmm2 + addq $0x50,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vpternlogq $0x96,%zmm0,%zmm10,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vaesenclast %zmm0,%zmm2,%zmm2 + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vmovdqu8 %zmm1,(%rsi) + vmovdqu %xmm2,64(%rsi) + addq $0x50,%rsi + vmovdqa %xmm2,%xmm8 + vextracti32x4 $0x1,%zmm10,%xmm0 + andq $0xf,%rdx + je .L_ret_hEgxyDlCngwrfFe + jmp .L_steal_cipher_hEgxyDlCngwrfFe + +.L_remaining_num_blocks_is_4_hEgxyDlCngwrfFe: + vmovdqu8 (%rdi),%zmm1 + addq $0x40,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vpxorq %zmm9,%zmm1,%zmm1 + vmovdqu8 %zmm1,(%rsi) + addq $0x40,%rsi + vextracti32x4 $0x3,%zmm1,%xmm8 + vmovdqa64 %xmm10,%xmm0 + andq $0xf,%rdx + je .L_ret_hEgxyDlCngwrfFe + jmp .L_steal_cipher_hEgxyDlCngwrfFe +.L_remaining_num_blocks_is_3_hEgxyDlCngwrfFe: + movq $-1,%r8 + shrq $0x10,%r8 + kmovq %r8,%k1 + vmovdqu8 (%rdi),%zmm1{%k1} + addq $0x30,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vpxorq %zmm9,%zmm1,%zmm1 + vmovdqu8 %zmm1,(%rsi){%k1} + addq $0x30,%rsi + vextracti32x4 $0x2,%zmm1,%xmm8 + vextracti32x4 $0x3,%zmm9,%xmm0 + andq $0xf,%rdx + je .L_ret_hEgxyDlCngwrfFe + jmp .L_steal_cipher_hEgxyDlCngwrfFe +.L_remaining_num_blocks_is_2_hEgxyDlCngwrfFe: + vmovdqu8 (%rdi),%ymm1 + addq $0x20,%rdi + vbroadcasti32x4 (%rcx),%ymm0 + vpternlogq $0x96,%ymm0,%ymm9,%ymm1 + vbroadcasti32x4 16(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 32(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 48(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 64(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 80(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 96(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 112(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 128(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 144(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 160(%rcx),%ymm0 + vaesenclast %ymm0,%ymm1,%ymm1 + vpxorq %ymm9,%ymm1,%ymm1 + vmovdqu %ymm1,(%rsi) + addq $0x20,%rsi + vextracti32x4 $0x1,%zmm1,%xmm8 + vextracti32x4 $0x2,%zmm9,%xmm0 + andq $0xf,%rdx + je .L_ret_hEgxyDlCngwrfFe + jmp .L_steal_cipher_hEgxyDlCngwrfFe +.L_remaining_num_blocks_is_1_hEgxyDlCngwrfFe: + vmovdqu (%rdi),%xmm1 + addq $0x10,%rdi + vpxor %xmm9,%xmm1,%xmm1 + vpxor (%rcx),%xmm1,%xmm1 + vaesenc 16(%rcx),%xmm1,%xmm1 + vaesenc 32(%rcx),%xmm1,%xmm1 + vaesenc 48(%rcx),%xmm1,%xmm1 + vaesenc 64(%rcx),%xmm1,%xmm1 + vaesenc 80(%rcx),%xmm1,%xmm1 + vaesenc 96(%rcx),%xmm1,%xmm1 + vaesenc 112(%rcx),%xmm1,%xmm1 + vaesenc 128(%rcx),%xmm1,%xmm1 + vaesenc 144(%rcx),%xmm1,%xmm1 + vaesenclast 160(%rcx),%xmm1,%xmm1 + vpxor %xmm9,%xmm1,%xmm1 + vmovdqu %xmm1,(%rsi) + addq $0x10,%rsi + vmovdqa %xmm1,%xmm8 + vextracti32x4 $0x1,%zmm9,%xmm0 + andq $0xf,%rdx + je .L_ret_hEgxyDlCngwrfFe + jmp .L_steal_cipher_hEgxyDlCngwrfFe + + +.L_start_by16_hEgxyDlCngwrfFe: + vbroadcasti32x4 (%rsp),%zmm0 + vbroadcasti32x4 shufb_15_7(%rip),%zmm8 + movq $0xaa,%r8 + kmovq %r8,%k2 + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x0,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + vpsllvq const_dq7654(%rip),%zmm0,%zmm5 + vpsrlvq const_dq1234(%rip),%zmm1,%zmm6 + vpclmulqdq $0x0,%zmm25,%zmm6,%zmm7 + vpxorq %zmm6,%zmm5,%zmm5{%k2} + vpxord %zmm5,%zmm7,%zmm10 + vpsrldq $0xf,%zmm9,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm9,%zmm11 + vpxord %zmm14,%zmm11,%zmm11 + vpsrldq $0xf,%zmm10,%zmm15 + vpclmulqdq $0x0,%zmm25,%zmm15,%zmm16 + vpslldq $0x1,%zmm10,%zmm12 + vpxord %zmm16,%zmm12,%zmm12 + +.L_main_loop_run_16_hEgxyDlCngwrfFe: + vmovdqu8 (%rdi),%zmm1 + vmovdqu8 64(%rdi),%zmm2 + vmovdqu8 128(%rdi),%zmm3 + vmovdqu8 192(%rdi),%zmm4 + addq $0x100,%rdi + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vpxorq %zmm11,%zmm3,%zmm3 + vpxorq %zmm12,%zmm4,%zmm4 + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vpxorq %zmm0,%zmm3,%zmm3 + vpxorq %zmm0,%zmm4,%zmm4 + vpsrldq $0xf,%zmm11,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm11,%zmm15 + vpxord %zmm14,%zmm15,%zmm15 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vpsrldq $0xf,%zmm12,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm12,%zmm16 + vpxord %zmm14,%zmm16,%zmm16 + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vpsrldq $0xf,%zmm15,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm15,%zmm17 + vpxord %zmm14,%zmm17,%zmm17 + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vpsrldq $0xf,%zmm16,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm16,%zmm18 + vpxord %zmm14,%zmm18,%zmm18 + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vaesenclast %zmm0,%zmm2,%zmm2 + vaesenclast %zmm0,%zmm3,%zmm3 + vaesenclast %zmm0,%zmm4,%zmm4 + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vpxorq %zmm11,%zmm3,%zmm3 + vpxorq %zmm12,%zmm4,%zmm4 + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqa32 %zmm17,%zmm11 + vmovdqa32 %zmm18,%zmm12 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %zmm2,64(%rsi) + vmovdqu8 %zmm3,128(%rsi) + vmovdqu8 %zmm4,192(%rsi) + addq $0x100,%rsi + subq $0x100,%rdx + cmpq $0x100,%rdx + jae .L_main_loop_run_16_hEgxyDlCngwrfFe + cmpq $0x80,%rdx + jae .L_main_loop_run_8_hEgxyDlCngwrfFe + vextracti32x4 $0x3,%zmm4,%xmm0 + jmp .L_do_n_blocks_hEgxyDlCngwrfFe + +.L_start_by8_hEgxyDlCngwrfFe: + vbroadcasti32x4 (%rsp),%zmm0 + vbroadcasti32x4 shufb_15_7(%rip),%zmm8 + movq $0xaa,%r8 + kmovq %r8,%k2 + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x0,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + vpsllvq const_dq7654(%rip),%zmm0,%zmm5 + vpsrlvq const_dq1234(%rip),%zmm1,%zmm6 + vpclmulqdq $0x0,%zmm25,%zmm6,%zmm7 + vpxorq %zmm6,%zmm5,%zmm5{%k2} + vpxord %zmm5,%zmm7,%zmm10 + +.L_main_loop_run_8_hEgxyDlCngwrfFe: + vmovdqu8 (%rdi),%zmm1 + vmovdqu8 64(%rdi),%zmm2 + addq $0x80,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vpternlogq $0x96,%zmm0,%zmm10,%zmm2 + vpsrldq $0xf,%zmm9,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm9,%zmm15 + vpxord %zmm14,%zmm15,%zmm15 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vpsrldq $0xf,%zmm10,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm10,%zmm16 + vpxord %zmm14,%zmm16,%zmm16 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vaesenclast %zmm0,%zmm2,%zmm2 + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %zmm2,64(%rsi) + addq $0x80,%rsi + subq $0x80,%rdx + cmpq $0x80,%rdx + jae .L_main_loop_run_8_hEgxyDlCngwrfFe + vextracti32x4 $0x3,%zmm2,%xmm0 + jmp .L_do_n_blocks_hEgxyDlCngwrfFe + +.L_steal_cipher_hEgxyDlCngwrfFe: + vmovdqa %xmm8,%xmm2 + leaq vpshufb_shf_table(%rip),%rax + vmovdqu (%rax,%rdx,1),%xmm10 + vpshufb %xmm10,%xmm8,%xmm8 + vmovdqu -16(%rdi,%rdx,1),%xmm3 + vmovdqu %xmm8,-16(%rsi,%rdx,1) + leaq vpshufb_shf_table(%rip),%rax + addq $16,%rax + subq %rdx,%rax + vmovdqu (%rax),%xmm10 + vpxor mask1(%rip),%xmm10,%xmm10 + vpshufb %xmm10,%xmm3,%xmm3 + vpblendvb %xmm10,%xmm2,%xmm3,%xmm3 + vpxor %xmm0,%xmm3,%xmm8 + vpxor (%rcx),%xmm8,%xmm8 + vaesenc 16(%rcx),%xmm8,%xmm8 + vaesenc 32(%rcx),%xmm8,%xmm8 + vaesenc 48(%rcx),%xmm8,%xmm8 + vaesenc 64(%rcx),%xmm8,%xmm8 + vaesenc 80(%rcx),%xmm8,%xmm8 + vaesenc 96(%rcx),%xmm8,%xmm8 + vaesenc 112(%rcx),%xmm8,%xmm8 + vaesenc 128(%rcx),%xmm8,%xmm8 + vaesenc 144(%rcx),%xmm8,%xmm8 + vaesenclast 160(%rcx),%xmm8,%xmm8 + vpxor %xmm0,%xmm8,%xmm8 + vmovdqu %xmm8,-16(%rsi) +.L_ret_hEgxyDlCngwrfFe: + movq 128(%rsp),%rbx + xorq %r8,%r8 + movq %r8,128(%rsp) + + vpxorq %zmm0,%zmm0,%zmm0 + movq %rbp,%rsp + popq %rbp + vzeroupper + .byte 0xf3,0xc3 + +.L_less_than_128_bytes_hEgxyDlCngwrfFe: + vpbroadcastq %r10,%zmm25 + cmpq $0x10,%rdx + jb .L_ret_hEgxyDlCngwrfFe + vbroadcasti32x4 (%rsp),%zmm0 + vbroadcasti32x4 shufb_15_7(%rip),%zmm8 + movl $0xaa,%r8d + kmovq %r8,%k2 + movq %rdx,%r8 + andq $0x70,%r8 + cmpq $0x60,%r8 + je .L_num_blocks_is_6_hEgxyDlCngwrfFe + cmpq $0x50,%r8 + je .L_num_blocks_is_5_hEgxyDlCngwrfFe + cmpq $0x40,%r8 + je .L_num_blocks_is_4_hEgxyDlCngwrfFe + cmpq $0x30,%r8 + je .L_num_blocks_is_3_hEgxyDlCngwrfFe + cmpq $0x20,%r8 + je .L_num_blocks_is_2_hEgxyDlCngwrfFe + cmpq $0x10,%r8 + je .L_num_blocks_is_1_hEgxyDlCngwrfFe + +.L_num_blocks_is_7_hEgxyDlCngwrfFe: + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x00,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + vpsllvq const_dq7654(%rip),%zmm0,%zmm5 + vpsrlvq const_dq1234(%rip),%zmm1,%zmm6 + vpclmulqdq $0x00,%zmm25,%zmm6,%zmm7 + vpxorq %zmm6,%zmm5,%zmm5{%k2} + vpxord %zmm5,%zmm7,%zmm10 + movq $0x0000ffffffffffff,%r8 + kmovq %r8,%k1 + vmovdqu8 0(%rdi),%zmm1 + vmovdqu8 64(%rdi),%zmm2{%k1} + + addq $0x70,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vpternlogq $0x96,%zmm0,%zmm10,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vaesenclast %zmm0,%zmm2,%zmm2 + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vmovdqu8 %zmm1,0(%rsi) + vmovdqu8 %zmm2,64(%rsi){%k1} + addq $0x70,%rsi + vextracti32x4 $0x2,%zmm2,%xmm8 + vextracti32x4 $0x3,%zmm10,%xmm0 + andq $0xf,%rdx + je .L_ret_hEgxyDlCngwrfFe + jmp .L_steal_cipher_hEgxyDlCngwrfFe +.L_num_blocks_is_6_hEgxyDlCngwrfFe: + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x00,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + vpsllvq const_dq7654(%rip),%zmm0,%zmm5 + vpsrlvq const_dq1234(%rip),%zmm1,%zmm6 + vpclmulqdq $0x00,%zmm25,%zmm6,%zmm7 + vpxorq %zmm6,%zmm5,%zmm5{%k2} + vpxord %zmm5,%zmm7,%zmm10 + vmovdqu8 0(%rdi),%zmm1 + vmovdqu8 64(%rdi),%ymm2 + addq $96,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vpternlogq $0x96,%zmm0,%zmm10,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vaesenclast %zmm0,%zmm2,%zmm2 + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vmovdqu8 %zmm1,0(%rsi) + vmovdqu8 %ymm2,64(%rsi) + addq $96,%rsi + + vextracti32x4 $0x1,%ymm2,%xmm8 + vextracti32x4 $0x2,%zmm10,%xmm0 + andq $0xf,%rdx + je .L_ret_hEgxyDlCngwrfFe + jmp .L_steal_cipher_hEgxyDlCngwrfFe +.L_num_blocks_is_5_hEgxyDlCngwrfFe: + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x00,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + vpsllvq const_dq7654(%rip),%zmm0,%zmm5 + vpsrlvq const_dq1234(%rip),%zmm1,%zmm6 + vpclmulqdq $0x00,%zmm25,%zmm6,%zmm7 + vpxorq %zmm6,%zmm5,%zmm5{%k2} + vpxord %zmm5,%zmm7,%zmm10 + vmovdqu8 0(%rdi),%zmm1 + vmovdqu8 64(%rdi),%xmm2 + addq $80,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vpternlogq $0x96,%zmm0,%zmm10,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vaesenclast %zmm0,%zmm2,%zmm2 + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vmovdqu8 %zmm1,0(%rsi) + vmovdqu8 %xmm2,64(%rsi) + addq $80,%rsi + + vmovdqa %xmm2,%xmm8 + vextracti32x4 $0x1,%zmm10,%xmm0 + andq $0xf,%rdx + je .L_ret_hEgxyDlCngwrfFe + jmp .L_steal_cipher_hEgxyDlCngwrfFe +.L_num_blocks_is_4_hEgxyDlCngwrfFe: + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x00,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + vpsllvq const_dq7654(%rip),%zmm0,%zmm5 + vpsrlvq const_dq1234(%rip),%zmm1,%zmm6 + vpclmulqdq $0x00,%zmm25,%zmm6,%zmm7 + vpxorq %zmm6,%zmm5,%zmm5{%k2} + vpxord %zmm5,%zmm7,%zmm10 + vmovdqu8 0(%rdi),%zmm1 + addq $64,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vpxorq %zmm9,%zmm1,%zmm1 + vmovdqu8 %zmm1,0(%rsi) + addq $64,%rsi + vextracti32x4 $0x3,%zmm1,%xmm8 + vmovdqa %xmm10,%xmm0 + andq $0xf,%rdx + je .L_ret_hEgxyDlCngwrfFe + jmp .L_steal_cipher_hEgxyDlCngwrfFe +.L_num_blocks_is_3_hEgxyDlCngwrfFe: + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x00,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + movq $0x0000ffffffffffff,%r8 + kmovq %r8,%k1 + vmovdqu8 0(%rdi),%zmm1{%k1} + addq $48,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vpxorq %zmm9,%zmm1,%zmm1 + vmovdqu8 %zmm1,0(%rsi){%k1} + addq $48,%rsi + vextracti32x4 $2,%zmm1,%xmm8 + vextracti32x4 $3,%zmm9,%xmm0 + andq $0xf,%rdx + je .L_ret_hEgxyDlCngwrfFe + jmp .L_steal_cipher_hEgxyDlCngwrfFe +.L_num_blocks_is_2_hEgxyDlCngwrfFe: + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x00,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + + vmovdqu8 0(%rdi),%ymm1 + addq $32,%rdi + vbroadcasti32x4 (%rcx),%ymm0 + vpternlogq $0x96,%ymm0,%ymm9,%ymm1 + vbroadcasti32x4 16(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 32(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 48(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 64(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 80(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 96(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 112(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 128(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 144(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 160(%rcx),%ymm0 + vaesenclast %ymm0,%ymm1,%ymm1 + vpxorq %ymm9,%ymm1,%ymm1 + vmovdqu8 %ymm1,0(%rsi) + addq $32,%rsi + + vextracti32x4 $1,%ymm1,%xmm8 + vextracti32x4 $2,%zmm9,%xmm0 + andq $0xf,%rdx + je .L_ret_hEgxyDlCngwrfFe + jmp .L_steal_cipher_hEgxyDlCngwrfFe +.L_num_blocks_is_1_hEgxyDlCngwrfFe: + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x00,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + + vmovdqu8 0(%rdi),%xmm1 + addq $16,%rdi + vbroadcasti32x4 (%rcx),%ymm0 + vpternlogq $0x96,%ymm0,%ymm9,%ymm1 + vbroadcasti32x4 16(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 32(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 48(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 64(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 80(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 96(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 112(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 128(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 144(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 160(%rcx),%ymm0 + vaesenclast %ymm0,%ymm1,%ymm1 + vpxorq %ymm9,%ymm1,%ymm1 + vmovdqu8 %xmm1,0(%rsi) + addq $16,%rsi + + vmovdqa %xmm1,%xmm8 + vextracti32x4 $1,%zmm9,%xmm0 + andq $0xf,%rdx + je .L_ret_hEgxyDlCngwrfFe + jmp .L_steal_cipher_hEgxyDlCngwrfFe +.cfi_endproc +.globl aesni_xts_128_decrypt_avx512 +.hidden aesni_xts_128_decrypt_avx512 +.type aesni_xts_128_decrypt_avx512,@function +.align 32 +aesni_xts_128_decrypt_avx512: +.cfi_startproc +.byte 243,15,30,250 + pushq %rbp + movq %rsp,%rbp + subq $136,%rsp + andq $0xffffffffffffffc0,%rsp + movq %rbx,128(%rsp) + movq $0x87,%r10 + vmovdqu (%r9),%xmm1 + vpxor (%r8),%xmm1,%xmm1 + vaesenc 16(%r8),%xmm1,%xmm1 + vaesenc 32(%r8),%xmm1,%xmm1 + vaesenc 48(%r8),%xmm1,%xmm1 + vaesenc 64(%r8),%xmm1,%xmm1 + vaesenc 80(%r8),%xmm1,%xmm1 + vaesenc 96(%r8),%xmm1,%xmm1 + vaesenc 112(%r8),%xmm1,%xmm1 + vaesenc 128(%r8),%xmm1,%xmm1 + vaesenc 144(%r8),%xmm1,%xmm1 + vaesenclast 160(%r8),%xmm1,%xmm1 + vmovdqa %xmm1,(%rsp) + + cmpq $0x80,%rdx + jb .L_less_than_128_bytes_amivrujEyduiFoi + vpbroadcastq %r10,%zmm25 + cmpq $0x100,%rdx + jge .L_start_by16_amivrujEyduiFoi + jmp .L_start_by8_amivrujEyduiFoi + +.L_do_n_blocks_amivrujEyduiFoi: + cmpq $0x0,%rdx + je .L_ret_amivrujEyduiFoi + cmpq $0x70,%rdx + jge .L_remaining_num_blocks_is_7_amivrujEyduiFoi + cmpq $0x60,%rdx + jge .L_remaining_num_blocks_is_6_amivrujEyduiFoi + cmpq $0x50,%rdx + jge .L_remaining_num_blocks_is_5_amivrujEyduiFoi + cmpq $0x40,%rdx + jge .L_remaining_num_blocks_is_4_amivrujEyduiFoi + cmpq $0x30,%rdx + jge .L_remaining_num_blocks_is_3_amivrujEyduiFoi + cmpq $0x20,%rdx + jge .L_remaining_num_blocks_is_2_amivrujEyduiFoi + cmpq $0x10,%rdx + jge .L_remaining_num_blocks_is_1_amivrujEyduiFoi + + + vmovdqu %xmm5,%xmm1 + + vpxor %xmm9,%xmm1,%xmm1 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 160(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vpxor %xmm9,%xmm1,%xmm1 + vmovdqu %xmm1,-16(%rsi) + vmovdqa %xmm1,%xmm8 + + + movq $0x1,%r8 + kmovq %r8,%k1 + vpsllq $0x3f,%xmm9,%xmm13 + vpsraq $0x3f,%xmm13,%xmm14 + vpandq %xmm25,%xmm14,%xmm5 + vpxorq %xmm5,%xmm9,%xmm9{%k1} + vpsrldq $0x8,%xmm9,%xmm10 +.byte 98, 211, 181, 8, 115, 194, 1 + vpslldq $0x8,%xmm13,%xmm13 + vpxorq %xmm13,%xmm0,%xmm0 + jmp .L_steal_cipher_amivrujEyduiFoi + +.L_remaining_num_blocks_is_7_amivrujEyduiFoi: + movq $0xffffffffffffffff,%r8 + shrq $0x10,%r8 + kmovq %r8,%k1 + vmovdqu8 (%rdi),%zmm1 + vmovdqu8 64(%rdi),%zmm2{%k1} + addq $0x70,%rdi + andq $0xf,%rdx + je .L_done_7_remain_amivrujEyduiFoi + vextracti32x4 $0x2,%zmm10,%xmm12 + vextracti32x4 $0x3,%zmm10,%xmm13 + vinserti32x4 $0x2,%xmm13,%zmm10,%zmm10 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesdeclast %zmm0,%zmm1,%zmm1 + vaesdeclast %zmm0,%zmm2,%zmm2 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %zmm2,64(%rsi){%k1} + addq $0x70,%rsi + vextracti32x4 $0x2,%zmm2,%xmm8 + vmovdqa %xmm12,%xmm0 + jmp .L_steal_cipher_amivrujEyduiFoi + +.L_done_7_remain_amivrujEyduiFoi: + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesdeclast %zmm0,%zmm1,%zmm1 + vaesdeclast %zmm0,%zmm2,%zmm2 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %zmm2,64(%rsi){%k1} + jmp .L_ret_amivrujEyduiFoi + +.L_remaining_num_blocks_is_6_amivrujEyduiFoi: + vmovdqu8 (%rdi),%zmm1 + vmovdqu8 64(%rdi),%ymm2 + addq $0x60,%rdi + andq $0xf,%rdx + je .L_done_6_remain_amivrujEyduiFoi + vextracti32x4 $0x1,%zmm10,%xmm12 + vextracti32x4 $0x2,%zmm10,%xmm13 + vinserti32x4 $0x1,%xmm13,%zmm10,%zmm10 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesdeclast %zmm0,%zmm1,%zmm1 + vaesdeclast %zmm0,%zmm2,%zmm2 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %ymm2,64(%rsi) + addq $0x60,%rsi + vextracti32x4 $0x1,%zmm2,%xmm8 + vmovdqa %xmm12,%xmm0 + jmp .L_steal_cipher_amivrujEyduiFoi + +.L_done_6_remain_amivrujEyduiFoi: + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesdeclast %zmm0,%zmm1,%zmm1 + vaesdeclast %zmm0,%zmm2,%zmm2 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %ymm2,64(%rsi) + jmp .L_ret_amivrujEyduiFoi + +.L_remaining_num_blocks_is_5_amivrujEyduiFoi: + vmovdqu8 (%rdi),%zmm1 + vmovdqu 64(%rdi),%xmm2 + addq $0x50,%rdi + andq $0xf,%rdx + je .L_done_5_remain_amivrujEyduiFoi + vmovdqa %xmm10,%xmm12 + vextracti32x4 $0x1,%zmm10,%xmm10 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesdeclast %zmm0,%zmm1,%zmm1 + vaesdeclast %zmm0,%zmm2,%zmm2 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqu8 %zmm1,(%rsi) + vmovdqu %xmm2,64(%rsi) + addq $0x50,%rsi + vmovdqa %xmm2,%xmm8 + vmovdqa %xmm12,%xmm0 + jmp .L_steal_cipher_amivrujEyduiFoi + +.L_done_5_remain_amivrujEyduiFoi: + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesdeclast %zmm0,%zmm1,%zmm1 + vaesdeclast %zmm0,%zmm2,%zmm2 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %xmm2,64(%rsi) + jmp .L_ret_amivrujEyduiFoi + +.L_remaining_num_blocks_is_4_amivrujEyduiFoi: + vmovdqu8 (%rdi),%zmm1 + addq $0x40,%rdi + andq $0xf,%rdx + je .L_done_4_remain_amivrujEyduiFoi + vextracti32x4 $0x3,%zmm9,%xmm12 + vinserti32x4 $0x3,%xmm10,%zmm9,%zmm9 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesdeclast %zmm0,%zmm1,%zmm1 + vaesdeclast %zmm0,%zmm2,%zmm2 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqu8 %zmm1,(%rsi) + addq $0x40,%rsi + vextracti32x4 $0x3,%zmm1,%xmm8 + vmovdqa %xmm12,%xmm0 + jmp .L_steal_cipher_amivrujEyduiFoi + +.L_done_4_remain_amivrujEyduiFoi: + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesdeclast %zmm0,%zmm1,%zmm1 + vaesdeclast %zmm0,%zmm2,%zmm2 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqu8 %zmm1,(%rsi) + jmp .L_ret_amivrujEyduiFoi + +.L_remaining_num_blocks_is_3_amivrujEyduiFoi: + vmovdqu (%rdi),%xmm1 + vmovdqu 16(%rdi),%xmm2 + vmovdqu 32(%rdi),%xmm3 + addq $0x30,%rdi + andq $0xf,%rdx + je .L_done_3_remain_amivrujEyduiFoi + vextracti32x4 $0x2,%zmm9,%xmm13 + vextracti32x4 $0x1,%zmm9,%xmm10 + vextracti32x4 $0x3,%zmm9,%xmm11 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 160(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + vmovdqu %xmm3,32(%rsi) + addq $0x30,%rsi + vmovdqa %xmm3,%xmm8 + vmovdqa %xmm13,%xmm0 + jmp .L_steal_cipher_amivrujEyduiFoi + +.L_done_3_remain_amivrujEyduiFoi: + vextracti32x4 $0x1,%zmm9,%xmm10 + vextracti32x4 $0x2,%zmm9,%xmm11 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 160(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + vmovdqu %xmm3,32(%rsi) + jmp .L_ret_amivrujEyduiFoi + +.L_remaining_num_blocks_is_2_amivrujEyduiFoi: + vmovdqu (%rdi),%xmm1 + vmovdqu 16(%rdi),%xmm2 + addq $0x20,%rdi + andq $0xf,%rdx + je .L_done_2_remain_amivrujEyduiFoi + vextracti32x4 $0x2,%zmm9,%xmm10 + vextracti32x4 $0x1,%zmm9,%xmm12 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 160(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + addq $0x20,%rsi + vmovdqa %xmm2,%xmm8 + vmovdqa %xmm12,%xmm0 + jmp .L_steal_cipher_amivrujEyduiFoi + +.L_done_2_remain_amivrujEyduiFoi: + vextracti32x4 $0x1,%zmm9,%xmm10 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 160(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + jmp .L_ret_amivrujEyduiFoi + +.L_remaining_num_blocks_is_1_amivrujEyduiFoi: + vmovdqu (%rdi),%xmm1 + addq $0x10,%rdi + andq $0xf,%rdx + je .L_done_1_remain_amivrujEyduiFoi + vextracti32x4 $0x1,%zmm9,%xmm11 + vpxor %xmm11,%xmm1,%xmm1 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 160(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vpxor %xmm11,%xmm1,%xmm1 + vmovdqu %xmm1,(%rsi) + addq $0x10,%rsi + vmovdqa %xmm1,%xmm8 + vmovdqa %xmm9,%xmm0 + jmp .L_steal_cipher_amivrujEyduiFoi + +.L_done_1_remain_amivrujEyduiFoi: + vpxor %xmm9,%xmm1,%xmm1 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 160(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vpxor %xmm9,%xmm1,%xmm1 + vmovdqu %xmm1,(%rsi) + jmp .L_ret_amivrujEyduiFoi + +.L_start_by16_amivrujEyduiFoi: + vbroadcasti32x4 (%rsp),%zmm0 + vbroadcasti32x4 shufb_15_7(%rip),%zmm8 + movq $0xaa,%r8 + kmovq %r8,%k2 + + + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x0,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + + + vpsllvq const_dq7654(%rip),%zmm0,%zmm5 + vpsrlvq const_dq1234(%rip),%zmm1,%zmm6 + vpclmulqdq $0x0,%zmm25,%zmm6,%zmm7 + vpxorq %zmm6,%zmm5,%zmm5{%k2} + vpxord %zmm5,%zmm7,%zmm10 + + + vpsrldq $0xf,%zmm9,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm9,%zmm11 + vpxord %zmm14,%zmm11,%zmm11 + + vpsrldq $0xf,%zmm10,%zmm15 + vpclmulqdq $0x0,%zmm25,%zmm15,%zmm16 + vpslldq $0x1,%zmm10,%zmm12 + vpxord %zmm16,%zmm12,%zmm12 + +.L_main_loop_run_16_amivrujEyduiFoi: + vmovdqu8 (%rdi),%zmm1 + vmovdqu8 64(%rdi),%zmm2 + vmovdqu8 128(%rdi),%zmm3 + vmovdqu8 192(%rdi),%zmm4 + vmovdqu8 240(%rdi),%xmm5 + addq $0x100,%rdi + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vpxorq %zmm11,%zmm3,%zmm3 + vpxorq %zmm12,%zmm4,%zmm4 + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vpxorq %zmm0,%zmm3,%zmm3 + vpxorq %zmm0,%zmm4,%zmm4 + vpsrldq $0xf,%zmm11,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm11,%zmm15 + vpxord %zmm14,%zmm15,%zmm15 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 32(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 48(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vpsrldq $0xf,%zmm12,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm12,%zmm16 + vpxord %zmm14,%zmm16,%zmm16 + vbroadcasti32x4 64(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 80(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 96(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vpsrldq $0xf,%zmm15,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm15,%zmm17 + vpxord %zmm14,%zmm17,%zmm17 + vbroadcasti32x4 112(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 128(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 144(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vpsrldq $0xf,%zmm16,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm16,%zmm18 + vpxord %zmm14,%zmm18,%zmm18 + vbroadcasti32x4 160(%rcx),%zmm0 + vaesdeclast %zmm0,%zmm1,%zmm1 + vaesdeclast %zmm0,%zmm2,%zmm2 + vaesdeclast %zmm0,%zmm3,%zmm3 + vaesdeclast %zmm0,%zmm4,%zmm4 + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vpxorq %zmm11,%zmm3,%zmm3 + vpxorq %zmm12,%zmm4,%zmm4 + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqa32 %zmm17,%zmm11 + vmovdqa32 %zmm18,%zmm12 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %zmm2,64(%rsi) + vmovdqu8 %zmm3,128(%rsi) + vmovdqu8 %zmm4,192(%rsi) + addq $0x100,%rsi + subq $0x100,%rdx + cmpq $0x100,%rdx + jge .L_main_loop_run_16_amivrujEyduiFoi + + cmpq $0x80,%rdx + jge .L_main_loop_run_8_amivrujEyduiFoi + jmp .L_do_n_blocks_amivrujEyduiFoi + +.L_start_by8_amivrujEyduiFoi: + + vbroadcasti32x4 (%rsp),%zmm0 + vbroadcasti32x4 shufb_15_7(%rip),%zmm8 + movq $0xaa,%r8 + kmovq %r8,%k2 + + + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x0,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + + + vpsllvq const_dq7654(%rip),%zmm0,%zmm5 + vpsrlvq const_dq1234(%rip),%zmm1,%zmm6 + vpclmulqdq $0x0,%zmm25,%zmm6,%zmm7 + vpxorq %zmm6,%zmm5,%zmm5{%k2} + vpxord %zmm5,%zmm7,%zmm10 + +.L_main_loop_run_8_amivrujEyduiFoi: + vmovdqu8 (%rdi),%zmm1 + vmovdqu8 64(%rdi),%zmm2 + vmovdqu8 112(%rdi),%xmm5 + addq $0x80,%rdi + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vpsrldq $0xf,%zmm9,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm9,%zmm15 + vpxord %zmm14,%zmm15,%zmm15 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vpsrldq $0xf,%zmm10,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm10,%zmm16 + vpxord %zmm14,%zmm16,%zmm16 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesdeclast %zmm0,%zmm1,%zmm1 + vaesdeclast %zmm0,%zmm2,%zmm2 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %zmm2,64(%rsi) + addq $0x80,%rsi + subq $0x80,%rdx + cmpq $0x80,%rdx + jge .L_main_loop_run_8_amivrujEyduiFoi + jmp .L_do_n_blocks_amivrujEyduiFoi + +.L_steal_cipher_amivrujEyduiFoi: + + vmovdqa %xmm8,%xmm2 + + + leaq vpshufb_shf_table(%rip),%rax + vmovdqu (%rax,%rdx,1),%xmm10 + vpshufb %xmm10,%xmm8,%xmm8 + + + vmovdqu -16(%rdi,%rdx,1),%xmm3 + vmovdqu %xmm8,-16(%rsi,%rdx,1) + + + leaq vpshufb_shf_table(%rip),%rax + addq $16,%rax + subq %rdx,%rax + vmovdqu (%rax),%xmm10 + vpxor mask1(%rip),%xmm10,%xmm10 + vpshufb %xmm10,%xmm3,%xmm3 + + vpblendvb %xmm10,%xmm2,%xmm3,%xmm3 + + + vpxor %xmm0,%xmm3,%xmm8 + + + vpxor (%rcx),%xmm8,%xmm8 + vaesdec 16(%rcx),%xmm8,%xmm8 + vaesdec 32(%rcx),%xmm8,%xmm8 + vaesdec 48(%rcx),%xmm8,%xmm8 + vaesdec 64(%rcx),%xmm8,%xmm8 + vaesdec 80(%rcx),%xmm8,%xmm8 + vaesdec 96(%rcx),%xmm8,%xmm8 + vaesdec 112(%rcx),%xmm8,%xmm8 + vaesdec 128(%rcx),%xmm8,%xmm8 + vaesdec 144(%rcx),%xmm8,%xmm8 + vaesdeclast 160(%rcx),%xmm8,%xmm8 + + vpxor %xmm0,%xmm8,%xmm8 + +.L_done_amivrujEyduiFoi: + + vmovdqu %xmm8,-16(%rsi) +.L_ret_amivrujEyduiFoi: + movq 128(%rsp),%rbx + xorq %r8,%r8 + movq %r8,128(%rsp) + + vpxorq %zmm0,%zmm0,%zmm0 + movq %rbp,%rsp + popq %rbp + vzeroupper + .byte 0xf3,0xc3 + +.L_less_than_128_bytes_amivrujEyduiFoi: + cmpq $0x10,%rdx + jb .L_ret_amivrujEyduiFoi + + movq %rdx,%r8 + andq $0x70,%r8 + cmpq $0x60,%r8 + je .L_num_blocks_is_6_amivrujEyduiFoi + cmpq $0x50,%r8 + je .L_num_blocks_is_5_amivrujEyduiFoi + cmpq $0x40,%r8 + je .L_num_blocks_is_4_amivrujEyduiFoi + cmpq $0x30,%r8 + je .L_num_blocks_is_3_amivrujEyduiFoi + cmpq $0x20,%r8 + je .L_num_blocks_is_2_amivrujEyduiFoi + cmpq $0x10,%r8 + je .L_num_blocks_is_1_amivrujEyduiFoi + +.L_num_blocks_is_7_amivrujEyduiFoi: + vmovdqa 0(%rsp),%xmm9 + movq 0(%rsp),%rax + movq 8(%rsp),%rbx + vmovdqu 0(%rdi),%xmm1 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,16 + 8(%rsp) + vmovdqa 16(%rsp),%xmm10 + vmovdqu 16(%rdi),%xmm2 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,32(%rsp) + movq %rbx,32 + 8(%rsp) + vmovdqa 32(%rsp),%xmm11 + vmovdqu 32(%rdi),%xmm3 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,48(%rsp) + movq %rbx,48 + 8(%rsp) + vmovdqa 48(%rsp),%xmm12 + vmovdqu 48(%rdi),%xmm4 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,64(%rsp) + movq %rbx,64 + 8(%rsp) + vmovdqa 64(%rsp),%xmm13 + vmovdqu 64(%rdi),%xmm5 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,80(%rsp) + movq %rbx,80 + 8(%rsp) + vmovdqa 80(%rsp),%xmm14 + vmovdqu 80(%rdi),%xmm6 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,96(%rsp) + movq %rbx,96 + 8(%rsp) + vmovdqa 96(%rsp),%xmm15 + vmovdqu 96(%rdi),%xmm7 + addq $0x70,%rdi + andq $0xf,%rdx + je .L_done_7_amivrujEyduiFoi + +.L_steal_cipher_7_amivrujEyduiFoi: + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,24(%rsp) + vmovdqa64 %xmm15,%xmm16 + vmovdqa 16(%rsp),%xmm15 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vpxor %xmm14,%xmm6,%xmm6 + vpxor %xmm15,%xmm7,%xmm7 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vpxor %xmm0,%xmm4,%xmm4 + vpxor %xmm0,%xmm5,%xmm5 + vpxor %xmm0,%xmm6,%xmm6 + vpxor %xmm0,%xmm7,%xmm7 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 160(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vaesdeclast %xmm0,%xmm4,%xmm4 + vaesdeclast %xmm0,%xmm5,%xmm5 + vaesdeclast %xmm0,%xmm6,%xmm6 + vaesdeclast %xmm0,%xmm7,%xmm7 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vpxor %xmm14,%xmm6,%xmm6 + vpxor %xmm15,%xmm7,%xmm7 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + vmovdqu %xmm3,32(%rsi) + vmovdqu %xmm4,48(%rsi) + vmovdqu %xmm5,64(%rsi) + vmovdqu %xmm6,80(%rsi) + addq $0x70,%rsi + vmovdqa64 %xmm16,%xmm0 + vmovdqa %xmm7,%xmm8 + jmp .L_steal_cipher_amivrujEyduiFoi + +.L_done_7_amivrujEyduiFoi: + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vpxor %xmm14,%xmm6,%xmm6 + vpxor %xmm15,%xmm7,%xmm7 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vpxor %xmm0,%xmm4,%xmm4 + vpxor %xmm0,%xmm5,%xmm5 + vpxor %xmm0,%xmm6,%xmm6 + vpxor %xmm0,%xmm7,%xmm7 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 160(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vaesdeclast %xmm0,%xmm4,%xmm4 + vaesdeclast %xmm0,%xmm5,%xmm5 + vaesdeclast %xmm0,%xmm6,%xmm6 + vaesdeclast %xmm0,%xmm7,%xmm7 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vpxor %xmm14,%xmm6,%xmm6 + vpxor %xmm15,%xmm7,%xmm7 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + vmovdqu %xmm3,32(%rsi) + vmovdqu %xmm4,48(%rsi) + vmovdqu %xmm5,64(%rsi) + vmovdqu %xmm6,80(%rsi) + addq $0x70,%rsi + vmovdqa %xmm7,%xmm8 + jmp .L_done_amivrujEyduiFoi + +.L_num_blocks_is_6_amivrujEyduiFoi: + vmovdqa 0(%rsp),%xmm9 + movq 0(%rsp),%rax + movq 8(%rsp),%rbx + vmovdqu 0(%rdi),%xmm1 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,16 + 8(%rsp) + vmovdqa 16(%rsp),%xmm10 + vmovdqu 16(%rdi),%xmm2 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,32(%rsp) + movq %rbx,32 + 8(%rsp) + vmovdqa 32(%rsp),%xmm11 + vmovdqu 32(%rdi),%xmm3 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,48(%rsp) + movq %rbx,48 + 8(%rsp) + vmovdqa 48(%rsp),%xmm12 + vmovdqu 48(%rdi),%xmm4 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,64(%rsp) + movq %rbx,64 + 8(%rsp) + vmovdqa 64(%rsp),%xmm13 + vmovdqu 64(%rdi),%xmm5 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,80(%rsp) + movq %rbx,80 + 8(%rsp) + vmovdqa 80(%rsp),%xmm14 + vmovdqu 80(%rdi),%xmm6 + addq $0x60,%rdi + andq $0xf,%rdx + je .L_done_6_amivrujEyduiFoi + +.L_steal_cipher_6_amivrujEyduiFoi: + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,24(%rsp) + vmovdqa64 %xmm14,%xmm15 + vmovdqa 16(%rsp),%xmm14 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vpxor %xmm14,%xmm6,%xmm6 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vpxor %xmm0,%xmm4,%xmm4 + vpxor %xmm0,%xmm5,%xmm5 + vpxor %xmm0,%xmm6,%xmm6 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 160(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vaesdeclast %xmm0,%xmm4,%xmm4 + vaesdeclast %xmm0,%xmm5,%xmm5 + vaesdeclast %xmm0,%xmm6,%xmm6 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vpxor %xmm14,%xmm6,%xmm6 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + vmovdqu %xmm3,32(%rsi) + vmovdqu %xmm4,48(%rsi) + vmovdqu %xmm5,64(%rsi) + addq $0x60,%rsi + vmovdqa %xmm15,%xmm0 + vmovdqa %xmm6,%xmm8 + jmp .L_steal_cipher_amivrujEyduiFoi + +.L_done_6_amivrujEyduiFoi: + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vpxor %xmm14,%xmm6,%xmm6 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vpxor %xmm0,%xmm4,%xmm4 + vpxor %xmm0,%xmm5,%xmm5 + vpxor %xmm0,%xmm6,%xmm6 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 160(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vaesdeclast %xmm0,%xmm4,%xmm4 + vaesdeclast %xmm0,%xmm5,%xmm5 + vaesdeclast %xmm0,%xmm6,%xmm6 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vpxor %xmm14,%xmm6,%xmm6 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + vmovdqu %xmm3,32(%rsi) + vmovdqu %xmm4,48(%rsi) + vmovdqu %xmm5,64(%rsi) + addq $0x60,%rsi + vmovdqa %xmm6,%xmm8 + jmp .L_done_amivrujEyduiFoi + +.L_num_blocks_is_5_amivrujEyduiFoi: + vmovdqa 0(%rsp),%xmm9 + movq 0(%rsp),%rax + movq 8(%rsp),%rbx + vmovdqu 0(%rdi),%xmm1 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,16 + 8(%rsp) + vmovdqa 16(%rsp),%xmm10 + vmovdqu 16(%rdi),%xmm2 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,32(%rsp) + movq %rbx,32 + 8(%rsp) + vmovdqa 32(%rsp),%xmm11 + vmovdqu 32(%rdi),%xmm3 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,48(%rsp) + movq %rbx,48 + 8(%rsp) + vmovdqa 48(%rsp),%xmm12 + vmovdqu 48(%rdi),%xmm4 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,64(%rsp) + movq %rbx,64 + 8(%rsp) + vmovdqa 64(%rsp),%xmm13 + vmovdqu 64(%rdi),%xmm5 + addq $0x50,%rdi + andq $0xf,%rdx + je .L_done_5_amivrujEyduiFoi + +.L_steal_cipher_5_amivrujEyduiFoi: + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,24(%rsp) + vmovdqa64 %xmm13,%xmm14 + vmovdqa 16(%rsp),%xmm13 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vpxor %xmm0,%xmm4,%xmm4 + vpxor %xmm0,%xmm5,%xmm5 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 160(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vaesdeclast %xmm0,%xmm4,%xmm4 + vaesdeclast %xmm0,%xmm5,%xmm5 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + vmovdqu %xmm3,32(%rsi) + vmovdqu %xmm4,48(%rsi) + addq $0x50,%rsi + vmovdqa %xmm14,%xmm0 + vmovdqa %xmm5,%xmm8 + jmp .L_steal_cipher_amivrujEyduiFoi + +.L_done_5_amivrujEyduiFoi: + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vpxor %xmm0,%xmm4,%xmm4 + vpxor %xmm0,%xmm5,%xmm5 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 160(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vaesdeclast %xmm0,%xmm4,%xmm4 + vaesdeclast %xmm0,%xmm5,%xmm5 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + vmovdqu %xmm3,32(%rsi) + vmovdqu %xmm4,48(%rsi) + addq $0x50,%rsi + vmovdqa %xmm5,%xmm8 + jmp .L_done_amivrujEyduiFoi + +.L_num_blocks_is_4_amivrujEyduiFoi: + vmovdqa 0(%rsp),%xmm9 + movq 0(%rsp),%rax + movq 8(%rsp),%rbx + vmovdqu 0(%rdi),%xmm1 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,16 + 8(%rsp) + vmovdqa 16(%rsp),%xmm10 + vmovdqu 16(%rdi),%xmm2 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,32(%rsp) + movq %rbx,32 + 8(%rsp) + vmovdqa 32(%rsp),%xmm11 + vmovdqu 32(%rdi),%xmm3 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,48(%rsp) + movq %rbx,48 + 8(%rsp) + vmovdqa 48(%rsp),%xmm12 + vmovdqu 48(%rdi),%xmm4 + addq $0x40,%rdi + andq $0xf,%rdx + je .L_done_4_amivrujEyduiFoi + +.L_steal_cipher_4_amivrujEyduiFoi: + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,24(%rsp) + vmovdqa64 %xmm12,%xmm13 + vmovdqa 16(%rsp),%xmm12 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vpxor %xmm0,%xmm4,%xmm4 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 160(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vaesdeclast %xmm0,%xmm4,%xmm4 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + vmovdqu %xmm3,32(%rsi) + addq $0x40,%rsi + vmovdqa %xmm13,%xmm0 + vmovdqa %xmm4,%xmm8 + jmp .L_steal_cipher_amivrujEyduiFoi + +.L_done_4_amivrujEyduiFoi: + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vpxor %xmm0,%xmm4,%xmm4 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 160(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vaesdeclast %xmm0,%xmm4,%xmm4 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + vmovdqu %xmm3,32(%rsi) + addq $0x40,%rsi + vmovdqa %xmm4,%xmm8 + jmp .L_done_amivrujEyduiFoi + +.L_num_blocks_is_3_amivrujEyduiFoi: + vmovdqa 0(%rsp),%xmm9 + movq 0(%rsp),%rax + movq 8(%rsp),%rbx + vmovdqu 0(%rdi),%xmm1 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,16 + 8(%rsp) + vmovdqa 16(%rsp),%xmm10 + vmovdqu 16(%rdi),%xmm2 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,32(%rsp) + movq %rbx,32 + 8(%rsp) + vmovdqa 32(%rsp),%xmm11 + vmovdqu 32(%rdi),%xmm3 + addq $0x30,%rdi + andq $0xf,%rdx + je .L_done_3_amivrujEyduiFoi + +.L_steal_cipher_3_amivrujEyduiFoi: + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,24(%rsp) + vmovdqa64 %xmm11,%xmm12 + vmovdqa 16(%rsp),%xmm11 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 160(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + addq $0x30,%rsi + vmovdqa %xmm12,%xmm0 + vmovdqa %xmm3,%xmm8 + jmp .L_steal_cipher_amivrujEyduiFoi + +.L_done_3_amivrujEyduiFoi: + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 160(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + addq $0x30,%rsi + vmovdqa %xmm3,%xmm8 + jmp .L_done_amivrujEyduiFoi + +.L_num_blocks_is_2_amivrujEyduiFoi: + vmovdqa 0(%rsp),%xmm9 + movq 0(%rsp),%rax + movq 8(%rsp),%rbx + vmovdqu 0(%rdi),%xmm1 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,16 + 8(%rsp) + vmovdqa 16(%rsp),%xmm10 + vmovdqu 16(%rdi),%xmm2 + addq $0x20,%rdi + andq $0xf,%rdx + je .L_done_2_amivrujEyduiFoi + +.L_steal_cipher_2_amivrujEyduiFoi: + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,24(%rsp) + vmovdqa64 %xmm10,%xmm11 + vmovdqa 16(%rsp),%xmm10 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 160(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vmovdqu %xmm1,(%rsi) + addq $0x20,%rsi + vmovdqa %xmm11,%xmm0 + vmovdqa %xmm2,%xmm8 + jmp .L_steal_cipher_amivrujEyduiFoi + +.L_done_2_amivrujEyduiFoi: + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 160(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vmovdqu %xmm1,(%rsi) + addq $0x20,%rsi + vmovdqa %xmm2,%xmm8 + jmp .L_done_amivrujEyduiFoi + +.L_num_blocks_is_1_amivrujEyduiFoi: + vmovdqa 0(%rsp),%xmm9 + movq 0(%rsp),%rax + movq 8(%rsp),%rbx + vmovdqu 0(%rdi),%xmm1 + addq $0x10,%rdi + andq $0xf,%rdx + je .L_done_1_amivrujEyduiFoi + +.L_steal_cipher_1_amivrujEyduiFoi: + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,24(%rsp) + vmovdqa64 %xmm9,%xmm10 + vmovdqa 16(%rsp),%xmm9 + vpxor %xmm9,%xmm1,%xmm1 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 160(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vpxor %xmm9,%xmm1,%xmm1 + addq $0x10,%rsi + vmovdqa %xmm10,%xmm0 + vmovdqa %xmm1,%xmm8 + jmp .L_steal_cipher_amivrujEyduiFoi + +.L_done_1_amivrujEyduiFoi: + vpxor %xmm9,%xmm1,%xmm1 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 160(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vpxor %xmm9,%xmm1,%xmm1 + addq $0x10,%rsi + vmovdqa %xmm1,%xmm8 + jmp .L_done_amivrujEyduiFoi +.cfi_endproc +.globl aesni_xts_256_encrypt_avx512 +.hidden aesni_xts_256_encrypt_avx512 +.type aesni_xts_256_encrypt_avx512,@function +.align 32 +aesni_xts_256_encrypt_avx512: +.cfi_startproc +.byte 243,15,30,250 + pushq %rbp + movq %rsp,%rbp + subq $136,%rsp + andq $0xffffffffffffffc0,%rsp + movq %rbx,128(%rsp) + movq $0x87,%r10 + vmovdqu (%r9),%xmm1 + vpxor (%r8),%xmm1,%xmm1 + vaesenc 16(%r8),%xmm1,%xmm1 + vaesenc 32(%r8),%xmm1,%xmm1 + vaesenc 48(%r8),%xmm1,%xmm1 + vaesenc 64(%r8),%xmm1,%xmm1 + vaesenc 80(%r8),%xmm1,%xmm1 + vaesenc 96(%r8),%xmm1,%xmm1 + vaesenc 112(%r8),%xmm1,%xmm1 + vaesenc 128(%r8),%xmm1,%xmm1 + vaesenc 144(%r8),%xmm1,%xmm1 + vaesenc 160(%r8),%xmm1,%xmm1 + vaesenc 176(%r8),%xmm1,%xmm1 + vaesenc 192(%r8),%xmm1,%xmm1 + vaesenc 208(%r8),%xmm1,%xmm1 + vaesenclast 224(%r8),%xmm1,%xmm1 + vmovdqa %xmm1,(%rsp) + + cmpq $0x80,%rdx + jl .L_less_than_128_bytes_wcpqaDvsGlbjGoe + vpbroadcastq %r10,%zmm25 + cmpq $0x100,%rdx + jge .L_start_by16_wcpqaDvsGlbjGoe + cmpq $0x80,%rdx + jge .L_start_by8_wcpqaDvsGlbjGoe + +.L_do_n_blocks_wcpqaDvsGlbjGoe: + cmpq $0x0,%rdx + je .L_ret_wcpqaDvsGlbjGoe + cmpq $0x70,%rdx + jge .L_remaining_num_blocks_is_7_wcpqaDvsGlbjGoe + cmpq $0x60,%rdx + jge .L_remaining_num_blocks_is_6_wcpqaDvsGlbjGoe + cmpq $0x50,%rdx + jge .L_remaining_num_blocks_is_5_wcpqaDvsGlbjGoe + cmpq $0x40,%rdx + jge .L_remaining_num_blocks_is_4_wcpqaDvsGlbjGoe + cmpq $0x30,%rdx + jge .L_remaining_num_blocks_is_3_wcpqaDvsGlbjGoe + cmpq $0x20,%rdx + jge .L_remaining_num_blocks_is_2_wcpqaDvsGlbjGoe + cmpq $0x10,%rdx + jge .L_remaining_num_blocks_is_1_wcpqaDvsGlbjGoe + vmovdqa %xmm0,%xmm8 + vmovdqa %xmm9,%xmm0 + jmp .L_steal_cipher_wcpqaDvsGlbjGoe + +.L_remaining_num_blocks_is_7_wcpqaDvsGlbjGoe: + movq $0x0000ffffffffffff,%r8 + kmovq %r8,%k1 + vmovdqu8 (%rdi),%zmm1 + vmovdqu8 64(%rdi),%zmm2{%k1} + addq $0x70,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vpternlogq $0x96,%zmm0,%zmm10,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 176(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 192(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 208(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 224(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vaesenclast %zmm0,%zmm2,%zmm2 + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %zmm2,64(%rsi){%k1} + addq $0x70,%rsi + vextracti32x4 $0x2,%zmm2,%xmm8 + vextracti32x4 $0x3,%zmm10,%xmm0 + andq $0xf,%rdx + je .L_ret_wcpqaDvsGlbjGoe + jmp .L_steal_cipher_wcpqaDvsGlbjGoe + +.L_remaining_num_blocks_is_6_wcpqaDvsGlbjGoe: + vmovdqu8 (%rdi),%zmm1 + vmovdqu8 64(%rdi),%ymm2 + addq $0x60,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vpternlogq $0x96,%zmm0,%zmm10,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 176(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 192(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 208(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 224(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vaesenclast %zmm0,%zmm2,%zmm2 + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %ymm2,64(%rsi) + addq $0x60,%rsi + vextracti32x4 $0x1,%zmm2,%xmm8 + vextracti32x4 $0x2,%zmm10,%xmm0 + andq $0xf,%rdx + je .L_ret_wcpqaDvsGlbjGoe + jmp .L_steal_cipher_wcpqaDvsGlbjGoe + +.L_remaining_num_blocks_is_5_wcpqaDvsGlbjGoe: + vmovdqu8 (%rdi),%zmm1 + vmovdqu 64(%rdi),%xmm2 + addq $0x50,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vpternlogq $0x96,%zmm0,%zmm10,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 176(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 192(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 208(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 224(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vaesenclast %zmm0,%zmm2,%zmm2 + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vmovdqu8 %zmm1,(%rsi) + vmovdqu %xmm2,64(%rsi) + addq $0x50,%rsi + vmovdqa %xmm2,%xmm8 + vextracti32x4 $0x1,%zmm10,%xmm0 + andq $0xf,%rdx + je .L_ret_wcpqaDvsGlbjGoe + jmp .L_steal_cipher_wcpqaDvsGlbjGoe + +.L_remaining_num_blocks_is_4_wcpqaDvsGlbjGoe: + vmovdqu8 (%rdi),%zmm1 + addq $0x40,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 176(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 192(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 208(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 224(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vpxorq %zmm9,%zmm1,%zmm1 + vmovdqu8 %zmm1,(%rsi) + addq $0x40,%rsi + vextracti32x4 $0x3,%zmm1,%xmm8 + vmovdqa64 %xmm10,%xmm0 + andq $0xf,%rdx + je .L_ret_wcpqaDvsGlbjGoe + jmp .L_steal_cipher_wcpqaDvsGlbjGoe +.L_remaining_num_blocks_is_3_wcpqaDvsGlbjGoe: + movq $-1,%r8 + shrq $0x10,%r8 + kmovq %r8,%k1 + vmovdqu8 (%rdi),%zmm1{%k1} + addq $0x30,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 176(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 192(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 208(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 224(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vpxorq %zmm9,%zmm1,%zmm1 + vmovdqu8 %zmm1,(%rsi){%k1} + addq $0x30,%rsi + vextracti32x4 $0x2,%zmm1,%xmm8 + vextracti32x4 $0x3,%zmm9,%xmm0 + andq $0xf,%rdx + je .L_ret_wcpqaDvsGlbjGoe + jmp .L_steal_cipher_wcpqaDvsGlbjGoe +.L_remaining_num_blocks_is_2_wcpqaDvsGlbjGoe: + vmovdqu8 (%rdi),%ymm1 + addq $0x20,%rdi + vbroadcasti32x4 (%rcx),%ymm0 + vpternlogq $0x96,%ymm0,%ymm9,%ymm1 + vbroadcasti32x4 16(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 32(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 48(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 64(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 80(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 96(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 112(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 128(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 144(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 160(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 176(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 192(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 208(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 224(%rcx),%ymm0 + vaesenclast %ymm0,%ymm1,%ymm1 + vpxorq %ymm9,%ymm1,%ymm1 + vmovdqu %ymm1,(%rsi) + addq $0x20,%rsi + vextracti32x4 $0x1,%zmm1,%xmm8 + vextracti32x4 $0x2,%zmm9,%xmm0 + andq $0xf,%rdx + je .L_ret_wcpqaDvsGlbjGoe + jmp .L_steal_cipher_wcpqaDvsGlbjGoe +.L_remaining_num_blocks_is_1_wcpqaDvsGlbjGoe: + vmovdqu (%rdi),%xmm1 + addq $0x10,%rdi + vpxor %xmm9,%xmm1,%xmm1 + vpxor (%rcx),%xmm1,%xmm1 + vaesenc 16(%rcx),%xmm1,%xmm1 + vaesenc 32(%rcx),%xmm1,%xmm1 + vaesenc 48(%rcx),%xmm1,%xmm1 + vaesenc 64(%rcx),%xmm1,%xmm1 + vaesenc 80(%rcx),%xmm1,%xmm1 + vaesenc 96(%rcx),%xmm1,%xmm1 + vaesenc 112(%rcx),%xmm1,%xmm1 + vaesenc 128(%rcx),%xmm1,%xmm1 + vaesenc 144(%rcx),%xmm1,%xmm1 + vaesenc 160(%rcx),%xmm1,%xmm1 + vaesenc 176(%rcx),%xmm1,%xmm1 + vaesenc 192(%rcx),%xmm1,%xmm1 + vaesenc 208(%rcx),%xmm1,%xmm1 + vaesenclast 224(%rcx),%xmm1,%xmm1 + vpxor %xmm9,%xmm1,%xmm1 + vmovdqu %xmm1,(%rsi) + addq $0x10,%rsi + vmovdqa %xmm1,%xmm8 + vextracti32x4 $0x1,%zmm9,%xmm0 + andq $0xf,%rdx + je .L_ret_wcpqaDvsGlbjGoe + jmp .L_steal_cipher_wcpqaDvsGlbjGoe + + +.L_start_by16_wcpqaDvsGlbjGoe: + vbroadcasti32x4 (%rsp),%zmm0 + vbroadcasti32x4 shufb_15_7(%rip),%zmm8 + movq $0xaa,%r8 + kmovq %r8,%k2 + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x0,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + vpsllvq const_dq7654(%rip),%zmm0,%zmm5 + vpsrlvq const_dq1234(%rip),%zmm1,%zmm6 + vpclmulqdq $0x0,%zmm25,%zmm6,%zmm7 + vpxorq %zmm6,%zmm5,%zmm5{%k2} + vpxord %zmm5,%zmm7,%zmm10 + vpsrldq $0xf,%zmm9,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm9,%zmm11 + vpxord %zmm14,%zmm11,%zmm11 + vpsrldq $0xf,%zmm10,%zmm15 + vpclmulqdq $0x0,%zmm25,%zmm15,%zmm16 + vpslldq $0x1,%zmm10,%zmm12 + vpxord %zmm16,%zmm12,%zmm12 + +.L_main_loop_run_16_wcpqaDvsGlbjGoe: + vmovdqu8 (%rdi),%zmm1 + vmovdqu8 64(%rdi),%zmm2 + vmovdqu8 128(%rdi),%zmm3 + vmovdqu8 192(%rdi),%zmm4 + addq $0x100,%rdi + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vpxorq %zmm11,%zmm3,%zmm3 + vpxorq %zmm12,%zmm4,%zmm4 + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vpxorq %zmm0,%zmm3,%zmm3 + vpxorq %zmm0,%zmm4,%zmm4 + vpsrldq $0xf,%zmm11,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm11,%zmm15 + vpxord %zmm14,%zmm15,%zmm15 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vpsrldq $0xf,%zmm12,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm12,%zmm16 + vpxord %zmm14,%zmm16,%zmm16 + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vpsrldq $0xf,%zmm15,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm15,%zmm17 + vpxord %zmm14,%zmm17,%zmm17 + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vpsrldq $0xf,%zmm16,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm16,%zmm18 + vpxord %zmm14,%zmm18,%zmm18 + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 176(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 192(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 208(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vaesenc %zmm0,%zmm3,%zmm3 + vaesenc %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 224(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vaesenclast %zmm0,%zmm2,%zmm2 + vaesenclast %zmm0,%zmm3,%zmm3 + vaesenclast %zmm0,%zmm4,%zmm4 + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vpxorq %zmm11,%zmm3,%zmm3 + vpxorq %zmm12,%zmm4,%zmm4 + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqa32 %zmm17,%zmm11 + vmovdqa32 %zmm18,%zmm12 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %zmm2,64(%rsi) + vmovdqu8 %zmm3,128(%rsi) + vmovdqu8 %zmm4,192(%rsi) + addq $0x100,%rsi + subq $0x100,%rdx + cmpq $0x100,%rdx + jae .L_main_loop_run_16_wcpqaDvsGlbjGoe + cmpq $0x80,%rdx + jae .L_main_loop_run_8_wcpqaDvsGlbjGoe + vextracti32x4 $0x3,%zmm4,%xmm0 + jmp .L_do_n_blocks_wcpqaDvsGlbjGoe + +.L_start_by8_wcpqaDvsGlbjGoe: + vbroadcasti32x4 (%rsp),%zmm0 + vbroadcasti32x4 shufb_15_7(%rip),%zmm8 + movq $0xaa,%r8 + kmovq %r8,%k2 + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x0,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + vpsllvq const_dq7654(%rip),%zmm0,%zmm5 + vpsrlvq const_dq1234(%rip),%zmm1,%zmm6 + vpclmulqdq $0x0,%zmm25,%zmm6,%zmm7 + vpxorq %zmm6,%zmm5,%zmm5{%k2} + vpxord %zmm5,%zmm7,%zmm10 + +.L_main_loop_run_8_wcpqaDvsGlbjGoe: + vmovdqu8 (%rdi),%zmm1 + vmovdqu8 64(%rdi),%zmm2 + addq $0x80,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vpternlogq $0x96,%zmm0,%zmm10,%zmm2 + vpsrldq $0xf,%zmm9,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm9,%zmm15 + vpxord %zmm14,%zmm15,%zmm15 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + vpsrldq $0xf,%zmm10,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm10,%zmm16 + vpxord %zmm14,%zmm16,%zmm16 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 176(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 192(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 208(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 224(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vaesenclast %zmm0,%zmm2,%zmm2 + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %zmm2,64(%rsi) + addq $0x80,%rsi + subq $0x80,%rdx + cmpq $0x80,%rdx + jae .L_main_loop_run_8_wcpqaDvsGlbjGoe + vextracti32x4 $0x3,%zmm2,%xmm0 + jmp .L_do_n_blocks_wcpqaDvsGlbjGoe + +.L_steal_cipher_wcpqaDvsGlbjGoe: + vmovdqa %xmm8,%xmm2 + leaq vpshufb_shf_table(%rip),%rax + vmovdqu (%rax,%rdx,1),%xmm10 + vpshufb %xmm10,%xmm8,%xmm8 + vmovdqu -16(%rdi,%rdx,1),%xmm3 + vmovdqu %xmm8,-16(%rsi,%rdx,1) + leaq vpshufb_shf_table(%rip),%rax + addq $16,%rax + subq %rdx,%rax + vmovdqu (%rax),%xmm10 + vpxor mask1(%rip),%xmm10,%xmm10 + vpshufb %xmm10,%xmm3,%xmm3 + vpblendvb %xmm10,%xmm2,%xmm3,%xmm3 + vpxor %xmm0,%xmm3,%xmm8 + vpxor (%rcx),%xmm8,%xmm8 + vaesenc 16(%rcx),%xmm8,%xmm8 + vaesenc 32(%rcx),%xmm8,%xmm8 + vaesenc 48(%rcx),%xmm8,%xmm8 + vaesenc 64(%rcx),%xmm8,%xmm8 + vaesenc 80(%rcx),%xmm8,%xmm8 + vaesenc 96(%rcx),%xmm8,%xmm8 + vaesenc 112(%rcx),%xmm8,%xmm8 + vaesenc 128(%rcx),%xmm8,%xmm8 + vaesenc 144(%rcx),%xmm8,%xmm8 + vaesenc 160(%rcx),%xmm8,%xmm8 + vaesenc 176(%rcx),%xmm8,%xmm8 + vaesenc 192(%rcx),%xmm8,%xmm8 + vaesenc 208(%rcx),%xmm8,%xmm8 + vaesenclast 224(%rcx),%xmm8,%xmm8 + vpxor %xmm0,%xmm8,%xmm8 + vmovdqu %xmm8,-16(%rsi) +.L_ret_wcpqaDvsGlbjGoe: + movq 128(%rsp),%rbx + xorq %r8,%r8 + movq %r8,128(%rsp) + + vpxorq %zmm0,%zmm0,%zmm0 + movq %rbp,%rsp + popq %rbp + vzeroupper + .byte 0xf3,0xc3 + +.L_less_than_128_bytes_wcpqaDvsGlbjGoe: + vpbroadcastq %r10,%zmm25 + cmpq $0x10,%rdx + jb .L_ret_wcpqaDvsGlbjGoe + vbroadcasti32x4 (%rsp),%zmm0 + vbroadcasti32x4 shufb_15_7(%rip),%zmm8 + movl $0xaa,%r8d + kmovq %r8,%k2 + movq %rdx,%r8 + andq $0x70,%r8 + cmpq $0x60,%r8 + je .L_num_blocks_is_6_wcpqaDvsGlbjGoe + cmpq $0x50,%r8 + je .L_num_blocks_is_5_wcpqaDvsGlbjGoe + cmpq $0x40,%r8 + je .L_num_blocks_is_4_wcpqaDvsGlbjGoe + cmpq $0x30,%r8 + je .L_num_blocks_is_3_wcpqaDvsGlbjGoe + cmpq $0x20,%r8 + je .L_num_blocks_is_2_wcpqaDvsGlbjGoe + cmpq $0x10,%r8 + je .L_num_blocks_is_1_wcpqaDvsGlbjGoe + +.L_num_blocks_is_7_wcpqaDvsGlbjGoe: + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x00,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + vpsllvq const_dq7654(%rip),%zmm0,%zmm5 + vpsrlvq const_dq1234(%rip),%zmm1,%zmm6 + vpclmulqdq $0x00,%zmm25,%zmm6,%zmm7 + vpxorq %zmm6,%zmm5,%zmm5{%k2} + vpxord %zmm5,%zmm7,%zmm10 + movq $0x0000ffffffffffff,%r8 + kmovq %r8,%k1 + vmovdqu8 0(%rdi),%zmm1 + vmovdqu8 64(%rdi),%zmm2{%k1} + + addq $0x70,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vpternlogq $0x96,%zmm0,%zmm10,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 176(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 192(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 208(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 224(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vaesenclast %zmm0,%zmm2,%zmm2 + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vmovdqu8 %zmm1,0(%rsi) + vmovdqu8 %zmm2,64(%rsi){%k1} + addq $0x70,%rsi + vextracti32x4 $0x2,%zmm2,%xmm8 + vextracti32x4 $0x3,%zmm10,%xmm0 + andq $0xf,%rdx + je .L_ret_wcpqaDvsGlbjGoe + jmp .L_steal_cipher_wcpqaDvsGlbjGoe +.L_num_blocks_is_6_wcpqaDvsGlbjGoe: + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x00,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + vpsllvq const_dq7654(%rip),%zmm0,%zmm5 + vpsrlvq const_dq1234(%rip),%zmm1,%zmm6 + vpclmulqdq $0x00,%zmm25,%zmm6,%zmm7 + vpxorq %zmm6,%zmm5,%zmm5{%k2} + vpxord %zmm5,%zmm7,%zmm10 + vmovdqu8 0(%rdi),%zmm1 + vmovdqu8 64(%rdi),%ymm2 + addq $96,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vpternlogq $0x96,%zmm0,%zmm10,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 176(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 192(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 208(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 224(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vaesenclast %zmm0,%zmm2,%zmm2 + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vmovdqu8 %zmm1,0(%rsi) + vmovdqu8 %ymm2,64(%rsi) + addq $96,%rsi + + vextracti32x4 $0x1,%ymm2,%xmm8 + vextracti32x4 $0x2,%zmm10,%xmm0 + andq $0xf,%rdx + je .L_ret_wcpqaDvsGlbjGoe + jmp .L_steal_cipher_wcpqaDvsGlbjGoe +.L_num_blocks_is_5_wcpqaDvsGlbjGoe: + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x00,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + vpsllvq const_dq7654(%rip),%zmm0,%zmm5 + vpsrlvq const_dq1234(%rip),%zmm1,%zmm6 + vpclmulqdq $0x00,%zmm25,%zmm6,%zmm7 + vpxorq %zmm6,%zmm5,%zmm5{%k2} + vpxord %zmm5,%zmm7,%zmm10 + vmovdqu8 0(%rdi),%zmm1 + vmovdqu8 64(%rdi),%xmm2 + addq $80,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vpternlogq $0x96,%zmm0,%zmm10,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 176(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 192(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 208(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vaesenc %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 224(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vaesenclast %zmm0,%zmm2,%zmm2 + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vmovdqu8 %zmm1,0(%rsi) + vmovdqu8 %xmm2,64(%rsi) + addq $80,%rsi + + vmovdqa %xmm2,%xmm8 + vextracti32x4 $0x1,%zmm10,%xmm0 + andq $0xf,%rdx + je .L_ret_wcpqaDvsGlbjGoe + jmp .L_steal_cipher_wcpqaDvsGlbjGoe +.L_num_blocks_is_4_wcpqaDvsGlbjGoe: + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x00,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + vpsllvq const_dq7654(%rip),%zmm0,%zmm5 + vpsrlvq const_dq1234(%rip),%zmm1,%zmm6 + vpclmulqdq $0x00,%zmm25,%zmm6,%zmm7 + vpxorq %zmm6,%zmm5,%zmm5{%k2} + vpxord %zmm5,%zmm7,%zmm10 + vmovdqu8 0(%rdi),%zmm1 + addq $64,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 176(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 192(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 208(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 224(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vpxorq %zmm9,%zmm1,%zmm1 + vmovdqu8 %zmm1,0(%rsi) + addq $64,%rsi + vextracti32x4 $0x3,%zmm1,%xmm8 + vmovdqa %xmm10,%xmm0 + andq $0xf,%rdx + je .L_ret_wcpqaDvsGlbjGoe + jmp .L_steal_cipher_wcpqaDvsGlbjGoe +.L_num_blocks_is_3_wcpqaDvsGlbjGoe: + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x00,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + movq $0x0000ffffffffffff,%r8 + kmovq %r8,%k1 + vmovdqu8 0(%rdi),%zmm1{%k1} + addq $48,%rdi + vbroadcasti32x4 (%rcx),%zmm0 + vpternlogq $0x96,%zmm0,%zmm9,%zmm1 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 32(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 48(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 64(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 80(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 96(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 112(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 128(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 144(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 160(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 176(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 192(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 208(%rcx),%zmm0 + vaesenc %zmm0,%zmm1,%zmm1 + vbroadcasti32x4 224(%rcx),%zmm0 + vaesenclast %zmm0,%zmm1,%zmm1 + vpxorq %zmm9,%zmm1,%zmm1 + vmovdqu8 %zmm1,0(%rsi){%k1} + addq $48,%rsi + vextracti32x4 $2,%zmm1,%xmm8 + vextracti32x4 $3,%zmm9,%xmm0 + andq $0xf,%rdx + je .L_ret_wcpqaDvsGlbjGoe + jmp .L_steal_cipher_wcpqaDvsGlbjGoe +.L_num_blocks_is_2_wcpqaDvsGlbjGoe: + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x00,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + + vmovdqu8 0(%rdi),%ymm1 + addq $32,%rdi + vbroadcasti32x4 (%rcx),%ymm0 + vpternlogq $0x96,%ymm0,%ymm9,%ymm1 + vbroadcasti32x4 16(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 32(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 48(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 64(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 80(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 96(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 112(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 128(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 144(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 160(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 176(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 192(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 208(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 224(%rcx),%ymm0 + vaesenclast %ymm0,%ymm1,%ymm1 + vpxorq %ymm9,%ymm1,%ymm1 + vmovdqu8 %ymm1,0(%rsi) + addq $32,%rsi + + vextracti32x4 $1,%ymm1,%xmm8 + vextracti32x4 $2,%zmm9,%xmm0 + andq $0xf,%rdx + je .L_ret_wcpqaDvsGlbjGoe + jmp .L_steal_cipher_wcpqaDvsGlbjGoe +.L_num_blocks_is_1_wcpqaDvsGlbjGoe: + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x00,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + + vmovdqu8 0(%rdi),%xmm1 + addq $16,%rdi + vbroadcasti32x4 (%rcx),%ymm0 + vpternlogq $0x96,%ymm0,%ymm9,%ymm1 + vbroadcasti32x4 16(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 32(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 48(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 64(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 80(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 96(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 112(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 128(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 144(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 160(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 176(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 192(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 208(%rcx),%ymm0 + vaesenc %ymm0,%ymm1,%ymm1 + vbroadcasti32x4 224(%rcx),%ymm0 + vaesenclast %ymm0,%ymm1,%ymm1 + vpxorq %ymm9,%ymm1,%ymm1 + vmovdqu8 %xmm1,0(%rsi) + addq $16,%rsi + + vmovdqa %xmm1,%xmm8 + vextracti32x4 $1,%zmm9,%xmm0 + andq $0xf,%rdx + je .L_ret_wcpqaDvsGlbjGoe + jmp .L_steal_cipher_wcpqaDvsGlbjGoe +.cfi_endproc +.globl aesni_xts_256_decrypt_avx512 +.hidden aesni_xts_256_decrypt_avx512 +.type aesni_xts_256_decrypt_avx512,@function +.align 32 +aesni_xts_256_decrypt_avx512: +.cfi_startproc +.byte 243,15,30,250 + pushq %rbp + movq %rsp,%rbp + subq $136,%rsp + andq $0xffffffffffffffc0,%rsp + movq %rbx,128(%rsp) + movq $0x87,%r10 + vmovdqu (%r9),%xmm1 + vpxor (%r8),%xmm1,%xmm1 + vaesenc 16(%r8),%xmm1,%xmm1 + vaesenc 32(%r8),%xmm1,%xmm1 + vaesenc 48(%r8),%xmm1,%xmm1 + vaesenc 64(%r8),%xmm1,%xmm1 + vaesenc 80(%r8),%xmm1,%xmm1 + vaesenc 96(%r8),%xmm1,%xmm1 + vaesenc 112(%r8),%xmm1,%xmm1 + vaesenc 128(%r8),%xmm1,%xmm1 + vaesenc 144(%r8),%xmm1,%xmm1 + vaesenc 160(%r8),%xmm1,%xmm1 + vaesenc 176(%r8),%xmm1,%xmm1 + vaesenc 192(%r8),%xmm1,%xmm1 + vaesenc 208(%r8),%xmm1,%xmm1 + vaesenclast 224(%r8),%xmm1,%xmm1 + vmovdqa %xmm1,(%rsp) + + cmpq $0x80,%rdx + jb .L_less_than_128_bytes_EmbgEptodyewbFa + vpbroadcastq %r10,%zmm25 + cmpq $0x100,%rdx + jge .L_start_by16_EmbgEptodyewbFa + jmp .L_start_by8_EmbgEptodyewbFa + +.L_do_n_blocks_EmbgEptodyewbFa: + cmpq $0x0,%rdx + je .L_ret_EmbgEptodyewbFa + cmpq $0x70,%rdx + jge .L_remaining_num_blocks_is_7_EmbgEptodyewbFa + cmpq $0x60,%rdx + jge .L_remaining_num_blocks_is_6_EmbgEptodyewbFa + cmpq $0x50,%rdx + jge .L_remaining_num_blocks_is_5_EmbgEptodyewbFa + cmpq $0x40,%rdx + jge .L_remaining_num_blocks_is_4_EmbgEptodyewbFa + cmpq $0x30,%rdx + jge .L_remaining_num_blocks_is_3_EmbgEptodyewbFa + cmpq $0x20,%rdx + jge .L_remaining_num_blocks_is_2_EmbgEptodyewbFa + cmpq $0x10,%rdx + jge .L_remaining_num_blocks_is_1_EmbgEptodyewbFa + + + vmovdqu %xmm5,%xmm1 + + vpxor %xmm9,%xmm1,%xmm1 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 160(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 176(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 192(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 208(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 224(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vpxor %xmm9,%xmm1,%xmm1 + vmovdqu %xmm1,-16(%rsi) + vmovdqa %xmm1,%xmm8 + + + movq $0x1,%r8 + kmovq %r8,%k1 + vpsllq $0x3f,%xmm9,%xmm13 + vpsraq $0x3f,%xmm13,%xmm14 + vpandq %xmm25,%xmm14,%xmm5 + vpxorq %xmm5,%xmm9,%xmm9{%k1} + vpsrldq $0x8,%xmm9,%xmm10 +.byte 98, 211, 181, 8, 115, 194, 1 + vpslldq $0x8,%xmm13,%xmm13 + vpxorq %xmm13,%xmm0,%xmm0 + jmp .L_steal_cipher_EmbgEptodyewbFa + +.L_remaining_num_blocks_is_7_EmbgEptodyewbFa: + movq $0xffffffffffffffff,%r8 + shrq $0x10,%r8 + kmovq %r8,%k1 + vmovdqu8 (%rdi),%zmm1 + vmovdqu8 64(%rdi),%zmm2{%k1} + addq $0x70,%rdi + andq $0xf,%rdx + je .L_done_7_remain_EmbgEptodyewbFa + vextracti32x4 $0x2,%zmm10,%xmm12 + vextracti32x4 $0x3,%zmm10,%xmm13 + vinserti32x4 $0x2,%xmm13,%zmm10,%zmm10 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 176(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 192(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 208(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 224(%rcx),%zmm0 + vaesdeclast %zmm0,%zmm1,%zmm1 + vaesdeclast %zmm0,%zmm2,%zmm2 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %zmm2,64(%rsi){%k1} + addq $0x70,%rsi + vextracti32x4 $0x2,%zmm2,%xmm8 + vmovdqa %xmm12,%xmm0 + jmp .L_steal_cipher_EmbgEptodyewbFa + +.L_done_7_remain_EmbgEptodyewbFa: + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 176(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 192(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 208(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 224(%rcx),%zmm0 + vaesdeclast %zmm0,%zmm1,%zmm1 + vaesdeclast %zmm0,%zmm2,%zmm2 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %zmm2,64(%rsi){%k1} + jmp .L_ret_EmbgEptodyewbFa + +.L_remaining_num_blocks_is_6_EmbgEptodyewbFa: + vmovdqu8 (%rdi),%zmm1 + vmovdqu8 64(%rdi),%ymm2 + addq $0x60,%rdi + andq $0xf,%rdx + je .L_done_6_remain_EmbgEptodyewbFa + vextracti32x4 $0x1,%zmm10,%xmm12 + vextracti32x4 $0x2,%zmm10,%xmm13 + vinserti32x4 $0x1,%xmm13,%zmm10,%zmm10 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 176(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 192(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 208(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 224(%rcx),%zmm0 + vaesdeclast %zmm0,%zmm1,%zmm1 + vaesdeclast %zmm0,%zmm2,%zmm2 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %ymm2,64(%rsi) + addq $0x60,%rsi + vextracti32x4 $0x1,%zmm2,%xmm8 + vmovdqa %xmm12,%xmm0 + jmp .L_steal_cipher_EmbgEptodyewbFa + +.L_done_6_remain_EmbgEptodyewbFa: + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 176(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 192(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 208(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 224(%rcx),%zmm0 + vaesdeclast %zmm0,%zmm1,%zmm1 + vaesdeclast %zmm0,%zmm2,%zmm2 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %ymm2,64(%rsi) + jmp .L_ret_EmbgEptodyewbFa + +.L_remaining_num_blocks_is_5_EmbgEptodyewbFa: + vmovdqu8 (%rdi),%zmm1 + vmovdqu 64(%rdi),%xmm2 + addq $0x50,%rdi + andq $0xf,%rdx + je .L_done_5_remain_EmbgEptodyewbFa + vmovdqa %xmm10,%xmm12 + vextracti32x4 $0x1,%zmm10,%xmm10 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 176(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 192(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 208(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 224(%rcx),%zmm0 + vaesdeclast %zmm0,%zmm1,%zmm1 + vaesdeclast %zmm0,%zmm2,%zmm2 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqu8 %zmm1,(%rsi) + vmovdqu %xmm2,64(%rsi) + addq $0x50,%rsi + vmovdqa %xmm2,%xmm8 + vmovdqa %xmm12,%xmm0 + jmp .L_steal_cipher_EmbgEptodyewbFa + +.L_done_5_remain_EmbgEptodyewbFa: + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 176(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 192(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 208(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 224(%rcx),%zmm0 + vaesdeclast %zmm0,%zmm1,%zmm1 + vaesdeclast %zmm0,%zmm2,%zmm2 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %xmm2,64(%rsi) + jmp .L_ret_EmbgEptodyewbFa + +.L_remaining_num_blocks_is_4_EmbgEptodyewbFa: + vmovdqu8 (%rdi),%zmm1 + addq $0x40,%rdi + andq $0xf,%rdx + je .L_done_4_remain_EmbgEptodyewbFa + vextracti32x4 $0x3,%zmm9,%xmm12 + vinserti32x4 $0x3,%xmm10,%zmm9,%zmm9 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 176(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 192(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 208(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 224(%rcx),%zmm0 + vaesdeclast %zmm0,%zmm1,%zmm1 + vaesdeclast %zmm0,%zmm2,%zmm2 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqu8 %zmm1,(%rsi) + addq $0x40,%rsi + vextracti32x4 $0x3,%zmm1,%xmm8 + vmovdqa %xmm12,%xmm0 + jmp .L_steal_cipher_EmbgEptodyewbFa + +.L_done_4_remain_EmbgEptodyewbFa: + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 176(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 192(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 208(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 224(%rcx),%zmm0 + vaesdeclast %zmm0,%zmm1,%zmm1 + vaesdeclast %zmm0,%zmm2,%zmm2 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqu8 %zmm1,(%rsi) + jmp .L_ret_EmbgEptodyewbFa + +.L_remaining_num_blocks_is_3_EmbgEptodyewbFa: + vmovdqu (%rdi),%xmm1 + vmovdqu 16(%rdi),%xmm2 + vmovdqu 32(%rdi),%xmm3 + addq $0x30,%rdi + andq $0xf,%rdx + je .L_done_3_remain_EmbgEptodyewbFa + vextracti32x4 $0x2,%zmm9,%xmm13 + vextracti32x4 $0x1,%zmm9,%xmm10 + vextracti32x4 $0x3,%zmm9,%xmm11 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 160(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 176(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 192(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 208(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 224(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + vmovdqu %xmm3,32(%rsi) + addq $0x30,%rsi + vmovdqa %xmm3,%xmm8 + vmovdqa %xmm13,%xmm0 + jmp .L_steal_cipher_EmbgEptodyewbFa + +.L_done_3_remain_EmbgEptodyewbFa: + vextracti32x4 $0x1,%zmm9,%xmm10 + vextracti32x4 $0x2,%zmm9,%xmm11 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 160(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 176(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 192(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 208(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 224(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + vmovdqu %xmm3,32(%rsi) + jmp .L_ret_EmbgEptodyewbFa + +.L_remaining_num_blocks_is_2_EmbgEptodyewbFa: + vmovdqu (%rdi),%xmm1 + vmovdqu 16(%rdi),%xmm2 + addq $0x20,%rdi + andq $0xf,%rdx + je .L_done_2_remain_EmbgEptodyewbFa + vextracti32x4 $0x2,%zmm9,%xmm10 + vextracti32x4 $0x1,%zmm9,%xmm12 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 160(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 176(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 192(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 208(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 224(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + addq $0x20,%rsi + vmovdqa %xmm2,%xmm8 + vmovdqa %xmm12,%xmm0 + jmp .L_steal_cipher_EmbgEptodyewbFa + +.L_done_2_remain_EmbgEptodyewbFa: + vextracti32x4 $0x1,%zmm9,%xmm10 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 160(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 176(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 192(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 208(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 224(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + jmp .L_ret_EmbgEptodyewbFa + +.L_remaining_num_blocks_is_1_EmbgEptodyewbFa: + vmovdqu (%rdi),%xmm1 + addq $0x10,%rdi + andq $0xf,%rdx + je .L_done_1_remain_EmbgEptodyewbFa + vextracti32x4 $0x1,%zmm9,%xmm11 + vpxor %xmm11,%xmm1,%xmm1 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 160(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 176(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 192(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 208(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 224(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vpxor %xmm11,%xmm1,%xmm1 + vmovdqu %xmm1,(%rsi) + addq $0x10,%rsi + vmovdqa %xmm1,%xmm8 + vmovdqa %xmm9,%xmm0 + jmp .L_steal_cipher_EmbgEptodyewbFa + +.L_done_1_remain_EmbgEptodyewbFa: + vpxor %xmm9,%xmm1,%xmm1 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 160(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 176(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 192(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 208(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 224(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vpxor %xmm9,%xmm1,%xmm1 + vmovdqu %xmm1,(%rsi) + jmp .L_ret_EmbgEptodyewbFa + +.L_start_by16_EmbgEptodyewbFa: + vbroadcasti32x4 (%rsp),%zmm0 + vbroadcasti32x4 shufb_15_7(%rip),%zmm8 + movq $0xaa,%r8 + kmovq %r8,%k2 + + + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x0,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + + + vpsllvq const_dq7654(%rip),%zmm0,%zmm5 + vpsrlvq const_dq1234(%rip),%zmm1,%zmm6 + vpclmulqdq $0x0,%zmm25,%zmm6,%zmm7 + vpxorq %zmm6,%zmm5,%zmm5{%k2} + vpxord %zmm5,%zmm7,%zmm10 + + + vpsrldq $0xf,%zmm9,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm9,%zmm11 + vpxord %zmm14,%zmm11,%zmm11 + + vpsrldq $0xf,%zmm10,%zmm15 + vpclmulqdq $0x0,%zmm25,%zmm15,%zmm16 + vpslldq $0x1,%zmm10,%zmm12 + vpxord %zmm16,%zmm12,%zmm12 + +.L_main_loop_run_16_EmbgEptodyewbFa: + vmovdqu8 (%rdi),%zmm1 + vmovdqu8 64(%rdi),%zmm2 + vmovdqu8 128(%rdi),%zmm3 + vmovdqu8 192(%rdi),%zmm4 + vmovdqu8 240(%rdi),%xmm5 + addq $0x100,%rdi + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vpxorq %zmm11,%zmm3,%zmm3 + vpxorq %zmm12,%zmm4,%zmm4 + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vpxorq %zmm0,%zmm3,%zmm3 + vpxorq %zmm0,%zmm4,%zmm4 + vpsrldq $0xf,%zmm11,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm11,%zmm15 + vpxord %zmm14,%zmm15,%zmm15 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 32(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 48(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vpsrldq $0xf,%zmm12,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm12,%zmm16 + vpxord %zmm14,%zmm16,%zmm16 + vbroadcasti32x4 64(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 80(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 96(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vpsrldq $0xf,%zmm15,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm15,%zmm17 + vpxord %zmm14,%zmm17,%zmm17 + vbroadcasti32x4 112(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 128(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 144(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vpsrldq $0xf,%zmm16,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm16,%zmm18 + vpxord %zmm14,%zmm18,%zmm18 + vbroadcasti32x4 160(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 176(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 192(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 208(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vaesdec %zmm0,%zmm3,%zmm3 + vaesdec %zmm0,%zmm4,%zmm4 + vbroadcasti32x4 224(%rcx),%zmm0 + vaesdeclast %zmm0,%zmm1,%zmm1 + vaesdeclast %zmm0,%zmm2,%zmm2 + vaesdeclast %zmm0,%zmm3,%zmm3 + vaesdeclast %zmm0,%zmm4,%zmm4 + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + vpxorq %zmm11,%zmm3,%zmm3 + vpxorq %zmm12,%zmm4,%zmm4 + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqa32 %zmm17,%zmm11 + vmovdqa32 %zmm18,%zmm12 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %zmm2,64(%rsi) + vmovdqu8 %zmm3,128(%rsi) + vmovdqu8 %zmm4,192(%rsi) + addq $0x100,%rsi + subq $0x100,%rdx + cmpq $0x100,%rdx + jge .L_main_loop_run_16_EmbgEptodyewbFa + + cmpq $0x80,%rdx + jge .L_main_loop_run_8_EmbgEptodyewbFa + jmp .L_do_n_blocks_EmbgEptodyewbFa + +.L_start_by8_EmbgEptodyewbFa: + + vbroadcasti32x4 (%rsp),%zmm0 + vbroadcasti32x4 shufb_15_7(%rip),%zmm8 + movq $0xaa,%r8 + kmovq %r8,%k2 + + + vpshufb %zmm8,%zmm0,%zmm1 + vpsllvq const_dq3210(%rip),%zmm0,%zmm4 + vpsrlvq const_dq5678(%rip),%zmm1,%zmm2 + vpclmulqdq $0x0,%zmm25,%zmm2,%zmm3 + vpxorq %zmm2,%zmm4,%zmm4{%k2} + vpxord %zmm4,%zmm3,%zmm9 + + + vpsllvq const_dq7654(%rip),%zmm0,%zmm5 + vpsrlvq const_dq1234(%rip),%zmm1,%zmm6 + vpclmulqdq $0x0,%zmm25,%zmm6,%zmm7 + vpxorq %zmm6,%zmm5,%zmm5{%k2} + vpxord %zmm5,%zmm7,%zmm10 + +.L_main_loop_run_8_EmbgEptodyewbFa: + vmovdqu8 (%rdi),%zmm1 + vmovdqu8 64(%rdi),%zmm2 + vmovdqu8 112(%rdi),%xmm5 + addq $0x80,%rdi + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vbroadcasti32x4 (%rcx),%zmm0 + vpxorq %zmm0,%zmm1,%zmm1 + vpxorq %zmm0,%zmm2,%zmm2 + vpsrldq $0xf,%zmm9,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm9,%zmm15 + vpxord %zmm14,%zmm15,%zmm15 + vbroadcasti32x4 16(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 32(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 48(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + vpsrldq $0xf,%zmm10,%zmm13 + vpclmulqdq $0x0,%zmm25,%zmm13,%zmm14 + vpslldq $0x1,%zmm10,%zmm16 + vpxord %zmm14,%zmm16,%zmm16 + + vbroadcasti32x4 64(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 80(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 96(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 112(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 128(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 144(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 160(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 176(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 192(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 208(%rcx),%zmm0 + vaesdec %zmm0,%zmm1,%zmm1 + vaesdec %zmm0,%zmm2,%zmm2 + + + vbroadcasti32x4 224(%rcx),%zmm0 + vaesdeclast %zmm0,%zmm1,%zmm1 + vaesdeclast %zmm0,%zmm2,%zmm2 + + vpxorq %zmm9,%zmm1,%zmm1 + vpxorq %zmm10,%zmm2,%zmm2 + + + vmovdqa32 %zmm15,%zmm9 + vmovdqa32 %zmm16,%zmm10 + vmovdqu8 %zmm1,(%rsi) + vmovdqu8 %zmm2,64(%rsi) + addq $0x80,%rsi + subq $0x80,%rdx + cmpq $0x80,%rdx + jge .L_main_loop_run_8_EmbgEptodyewbFa + jmp .L_do_n_blocks_EmbgEptodyewbFa + +.L_steal_cipher_EmbgEptodyewbFa: + + vmovdqa %xmm8,%xmm2 + + + leaq vpshufb_shf_table(%rip),%rax + vmovdqu (%rax,%rdx,1),%xmm10 + vpshufb %xmm10,%xmm8,%xmm8 + + + vmovdqu -16(%rdi,%rdx,1),%xmm3 + vmovdqu %xmm8,-16(%rsi,%rdx,1) + + + leaq vpshufb_shf_table(%rip),%rax + addq $16,%rax + subq %rdx,%rax + vmovdqu (%rax),%xmm10 + vpxor mask1(%rip),%xmm10,%xmm10 + vpshufb %xmm10,%xmm3,%xmm3 + + vpblendvb %xmm10,%xmm2,%xmm3,%xmm3 + + + vpxor %xmm0,%xmm3,%xmm8 + + + vpxor (%rcx),%xmm8,%xmm8 + vaesdec 16(%rcx),%xmm8,%xmm8 + vaesdec 32(%rcx),%xmm8,%xmm8 + vaesdec 48(%rcx),%xmm8,%xmm8 + vaesdec 64(%rcx),%xmm8,%xmm8 + vaesdec 80(%rcx),%xmm8,%xmm8 + vaesdec 96(%rcx),%xmm8,%xmm8 + vaesdec 112(%rcx),%xmm8,%xmm8 + vaesdec 128(%rcx),%xmm8,%xmm8 + vaesdec 144(%rcx),%xmm8,%xmm8 + vaesdec 160(%rcx),%xmm8,%xmm8 + vaesdec 176(%rcx),%xmm8,%xmm8 + vaesdec 192(%rcx),%xmm8,%xmm8 + vaesdec 208(%rcx),%xmm8,%xmm8 + vaesdeclast 224(%rcx),%xmm8,%xmm8 + + vpxor %xmm0,%xmm8,%xmm8 + +.L_done_EmbgEptodyewbFa: + + vmovdqu %xmm8,-16(%rsi) +.L_ret_EmbgEptodyewbFa: + movq 128(%rsp),%rbx + xorq %r8,%r8 + movq %r8,128(%rsp) + + vpxorq %zmm0,%zmm0,%zmm0 + movq %rbp,%rsp + popq %rbp + vzeroupper + .byte 0xf3,0xc3 + +.L_less_than_128_bytes_EmbgEptodyewbFa: + cmpq $0x10,%rdx + jb .L_ret_EmbgEptodyewbFa + + movq %rdx,%r8 + andq $0x70,%r8 + cmpq $0x60,%r8 + je .L_num_blocks_is_6_EmbgEptodyewbFa + cmpq $0x50,%r8 + je .L_num_blocks_is_5_EmbgEptodyewbFa + cmpq $0x40,%r8 + je .L_num_blocks_is_4_EmbgEptodyewbFa + cmpq $0x30,%r8 + je .L_num_blocks_is_3_EmbgEptodyewbFa + cmpq $0x20,%r8 + je .L_num_blocks_is_2_EmbgEptodyewbFa + cmpq $0x10,%r8 + je .L_num_blocks_is_1_EmbgEptodyewbFa + +.L_num_blocks_is_7_EmbgEptodyewbFa: + vmovdqa 0(%rsp),%xmm9 + movq 0(%rsp),%rax + movq 8(%rsp),%rbx + vmovdqu 0(%rdi),%xmm1 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,16 + 8(%rsp) + vmovdqa 16(%rsp),%xmm10 + vmovdqu 16(%rdi),%xmm2 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,32(%rsp) + movq %rbx,32 + 8(%rsp) + vmovdqa 32(%rsp),%xmm11 + vmovdqu 32(%rdi),%xmm3 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,48(%rsp) + movq %rbx,48 + 8(%rsp) + vmovdqa 48(%rsp),%xmm12 + vmovdqu 48(%rdi),%xmm4 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,64(%rsp) + movq %rbx,64 + 8(%rsp) + vmovdqa 64(%rsp),%xmm13 + vmovdqu 64(%rdi),%xmm5 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,80(%rsp) + movq %rbx,80 + 8(%rsp) + vmovdqa 80(%rsp),%xmm14 + vmovdqu 80(%rdi),%xmm6 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,96(%rsp) + movq %rbx,96 + 8(%rsp) + vmovdqa 96(%rsp),%xmm15 + vmovdqu 96(%rdi),%xmm7 + addq $0x70,%rdi + andq $0xf,%rdx + je .L_done_7_EmbgEptodyewbFa + +.L_steal_cipher_7_EmbgEptodyewbFa: + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,24(%rsp) + vmovdqa64 %xmm15,%xmm16 + vmovdqa 16(%rsp),%xmm15 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vpxor %xmm14,%xmm6,%xmm6 + vpxor %xmm15,%xmm7,%xmm7 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vpxor %xmm0,%xmm4,%xmm4 + vpxor %xmm0,%xmm5,%xmm5 + vpxor %xmm0,%xmm6,%xmm6 + vpxor %xmm0,%xmm7,%xmm7 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 160(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 176(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 192(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 208(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 224(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vaesdeclast %xmm0,%xmm4,%xmm4 + vaesdeclast %xmm0,%xmm5,%xmm5 + vaesdeclast %xmm0,%xmm6,%xmm6 + vaesdeclast %xmm0,%xmm7,%xmm7 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vpxor %xmm14,%xmm6,%xmm6 + vpxor %xmm15,%xmm7,%xmm7 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + vmovdqu %xmm3,32(%rsi) + vmovdqu %xmm4,48(%rsi) + vmovdqu %xmm5,64(%rsi) + vmovdqu %xmm6,80(%rsi) + addq $0x70,%rsi + vmovdqa64 %xmm16,%xmm0 + vmovdqa %xmm7,%xmm8 + jmp .L_steal_cipher_EmbgEptodyewbFa + +.L_done_7_EmbgEptodyewbFa: + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vpxor %xmm14,%xmm6,%xmm6 + vpxor %xmm15,%xmm7,%xmm7 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vpxor %xmm0,%xmm4,%xmm4 + vpxor %xmm0,%xmm5,%xmm5 + vpxor %xmm0,%xmm6,%xmm6 + vpxor %xmm0,%xmm7,%xmm7 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 160(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 176(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 192(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 208(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vaesdec %xmm0,%xmm7,%xmm7 + vmovdqu 224(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vaesdeclast %xmm0,%xmm4,%xmm4 + vaesdeclast %xmm0,%xmm5,%xmm5 + vaesdeclast %xmm0,%xmm6,%xmm6 + vaesdeclast %xmm0,%xmm7,%xmm7 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vpxor %xmm14,%xmm6,%xmm6 + vpxor %xmm15,%xmm7,%xmm7 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + vmovdqu %xmm3,32(%rsi) + vmovdqu %xmm4,48(%rsi) + vmovdqu %xmm5,64(%rsi) + vmovdqu %xmm6,80(%rsi) + addq $0x70,%rsi + vmovdqa %xmm7,%xmm8 + jmp .L_done_EmbgEptodyewbFa + +.L_num_blocks_is_6_EmbgEptodyewbFa: + vmovdqa 0(%rsp),%xmm9 + movq 0(%rsp),%rax + movq 8(%rsp),%rbx + vmovdqu 0(%rdi),%xmm1 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,16 + 8(%rsp) + vmovdqa 16(%rsp),%xmm10 + vmovdqu 16(%rdi),%xmm2 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,32(%rsp) + movq %rbx,32 + 8(%rsp) + vmovdqa 32(%rsp),%xmm11 + vmovdqu 32(%rdi),%xmm3 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,48(%rsp) + movq %rbx,48 + 8(%rsp) + vmovdqa 48(%rsp),%xmm12 + vmovdqu 48(%rdi),%xmm4 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,64(%rsp) + movq %rbx,64 + 8(%rsp) + vmovdqa 64(%rsp),%xmm13 + vmovdqu 64(%rdi),%xmm5 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,80(%rsp) + movq %rbx,80 + 8(%rsp) + vmovdqa 80(%rsp),%xmm14 + vmovdqu 80(%rdi),%xmm6 + addq $0x60,%rdi + andq $0xf,%rdx + je .L_done_6_EmbgEptodyewbFa + +.L_steal_cipher_6_EmbgEptodyewbFa: + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,24(%rsp) + vmovdqa64 %xmm14,%xmm15 + vmovdqa 16(%rsp),%xmm14 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vpxor %xmm14,%xmm6,%xmm6 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vpxor %xmm0,%xmm4,%xmm4 + vpxor %xmm0,%xmm5,%xmm5 + vpxor %xmm0,%xmm6,%xmm6 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 160(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 176(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 192(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 208(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 224(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vaesdeclast %xmm0,%xmm4,%xmm4 + vaesdeclast %xmm0,%xmm5,%xmm5 + vaesdeclast %xmm0,%xmm6,%xmm6 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vpxor %xmm14,%xmm6,%xmm6 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + vmovdqu %xmm3,32(%rsi) + vmovdqu %xmm4,48(%rsi) + vmovdqu %xmm5,64(%rsi) + addq $0x60,%rsi + vmovdqa %xmm15,%xmm0 + vmovdqa %xmm6,%xmm8 + jmp .L_steal_cipher_EmbgEptodyewbFa + +.L_done_6_EmbgEptodyewbFa: + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vpxor %xmm14,%xmm6,%xmm6 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vpxor %xmm0,%xmm4,%xmm4 + vpxor %xmm0,%xmm5,%xmm5 + vpxor %xmm0,%xmm6,%xmm6 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 160(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 176(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 192(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 208(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vaesdec %xmm0,%xmm6,%xmm6 + vmovdqu 224(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vaesdeclast %xmm0,%xmm4,%xmm4 + vaesdeclast %xmm0,%xmm5,%xmm5 + vaesdeclast %xmm0,%xmm6,%xmm6 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vpxor %xmm14,%xmm6,%xmm6 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + vmovdqu %xmm3,32(%rsi) + vmovdqu %xmm4,48(%rsi) + vmovdqu %xmm5,64(%rsi) + addq $0x60,%rsi + vmovdqa %xmm6,%xmm8 + jmp .L_done_EmbgEptodyewbFa + +.L_num_blocks_is_5_EmbgEptodyewbFa: + vmovdqa 0(%rsp),%xmm9 + movq 0(%rsp),%rax + movq 8(%rsp),%rbx + vmovdqu 0(%rdi),%xmm1 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,16 + 8(%rsp) + vmovdqa 16(%rsp),%xmm10 + vmovdqu 16(%rdi),%xmm2 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,32(%rsp) + movq %rbx,32 + 8(%rsp) + vmovdqa 32(%rsp),%xmm11 + vmovdqu 32(%rdi),%xmm3 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,48(%rsp) + movq %rbx,48 + 8(%rsp) + vmovdqa 48(%rsp),%xmm12 + vmovdqu 48(%rdi),%xmm4 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,64(%rsp) + movq %rbx,64 + 8(%rsp) + vmovdqa 64(%rsp),%xmm13 + vmovdqu 64(%rdi),%xmm5 + addq $0x50,%rdi + andq $0xf,%rdx + je .L_done_5_EmbgEptodyewbFa + +.L_steal_cipher_5_EmbgEptodyewbFa: + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,24(%rsp) + vmovdqa64 %xmm13,%xmm14 + vmovdqa 16(%rsp),%xmm13 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vpxor %xmm0,%xmm4,%xmm4 + vpxor %xmm0,%xmm5,%xmm5 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 160(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 176(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 192(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 208(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 224(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vaesdeclast %xmm0,%xmm4,%xmm4 + vaesdeclast %xmm0,%xmm5,%xmm5 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + vmovdqu %xmm3,32(%rsi) + vmovdqu %xmm4,48(%rsi) + addq $0x50,%rsi + vmovdqa %xmm14,%xmm0 + vmovdqa %xmm5,%xmm8 + jmp .L_steal_cipher_EmbgEptodyewbFa + +.L_done_5_EmbgEptodyewbFa: + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vpxor %xmm0,%xmm4,%xmm4 + vpxor %xmm0,%xmm5,%xmm5 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 160(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 176(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 192(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 208(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vaesdec %xmm0,%xmm5,%xmm5 + vmovdqu 224(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vaesdeclast %xmm0,%xmm4,%xmm4 + vaesdeclast %xmm0,%xmm5,%xmm5 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vpxor %xmm13,%xmm5,%xmm5 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + vmovdqu %xmm3,32(%rsi) + vmovdqu %xmm4,48(%rsi) + addq $0x50,%rsi + vmovdqa %xmm5,%xmm8 + jmp .L_done_EmbgEptodyewbFa + +.L_num_blocks_is_4_EmbgEptodyewbFa: + vmovdqa 0(%rsp),%xmm9 + movq 0(%rsp),%rax + movq 8(%rsp),%rbx + vmovdqu 0(%rdi),%xmm1 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,16 + 8(%rsp) + vmovdqa 16(%rsp),%xmm10 + vmovdqu 16(%rdi),%xmm2 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,32(%rsp) + movq %rbx,32 + 8(%rsp) + vmovdqa 32(%rsp),%xmm11 + vmovdqu 32(%rdi),%xmm3 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,48(%rsp) + movq %rbx,48 + 8(%rsp) + vmovdqa 48(%rsp),%xmm12 + vmovdqu 48(%rdi),%xmm4 + addq $0x40,%rdi + andq $0xf,%rdx + je .L_done_4_EmbgEptodyewbFa + +.L_steal_cipher_4_EmbgEptodyewbFa: + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,24(%rsp) + vmovdqa64 %xmm12,%xmm13 + vmovdqa 16(%rsp),%xmm12 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vpxor %xmm0,%xmm4,%xmm4 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 160(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 176(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 192(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 208(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 224(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vaesdeclast %xmm0,%xmm4,%xmm4 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + vmovdqu %xmm3,32(%rsi) + addq $0x40,%rsi + vmovdqa %xmm13,%xmm0 + vmovdqa %xmm4,%xmm8 + jmp .L_steal_cipher_EmbgEptodyewbFa + +.L_done_4_EmbgEptodyewbFa: + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vpxor %xmm0,%xmm4,%xmm4 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 160(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 176(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 192(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 208(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vaesdec %xmm0,%xmm4,%xmm4 + vmovdqu 224(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vaesdeclast %xmm0,%xmm4,%xmm4 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vpxor %xmm12,%xmm4,%xmm4 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + vmovdqu %xmm3,32(%rsi) + addq $0x40,%rsi + vmovdqa %xmm4,%xmm8 + jmp .L_done_EmbgEptodyewbFa + +.L_num_blocks_is_3_EmbgEptodyewbFa: + vmovdqa 0(%rsp),%xmm9 + movq 0(%rsp),%rax + movq 8(%rsp),%rbx + vmovdqu 0(%rdi),%xmm1 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,16 + 8(%rsp) + vmovdqa 16(%rsp),%xmm10 + vmovdqu 16(%rdi),%xmm2 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,32(%rsp) + movq %rbx,32 + 8(%rsp) + vmovdqa 32(%rsp),%xmm11 + vmovdqu 32(%rdi),%xmm3 + addq $0x30,%rdi + andq $0xf,%rdx + je .L_done_3_EmbgEptodyewbFa + +.L_steal_cipher_3_EmbgEptodyewbFa: + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,24(%rsp) + vmovdqa64 %xmm11,%xmm12 + vmovdqa 16(%rsp),%xmm11 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 160(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 176(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 192(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 208(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 224(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + addq $0x30,%rsi + vmovdqa %xmm12,%xmm0 + vmovdqa %xmm3,%xmm8 + jmp .L_steal_cipher_EmbgEptodyewbFa + +.L_done_3_EmbgEptodyewbFa: + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vpxor %xmm0,%xmm3,%xmm3 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 160(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 176(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 192(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 208(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vaesdec %xmm0,%xmm3,%xmm3 + vmovdqu 224(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vaesdeclast %xmm0,%xmm3,%xmm3 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vpxor %xmm11,%xmm3,%xmm3 + vmovdqu %xmm1,(%rsi) + vmovdqu %xmm2,16(%rsi) + addq $0x30,%rsi + vmovdqa %xmm3,%xmm8 + jmp .L_done_EmbgEptodyewbFa + +.L_num_blocks_is_2_EmbgEptodyewbFa: + vmovdqa 0(%rsp),%xmm9 + movq 0(%rsp),%rax + movq 8(%rsp),%rbx + vmovdqu 0(%rdi),%xmm1 + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,16 + 8(%rsp) + vmovdqa 16(%rsp),%xmm10 + vmovdqu 16(%rdi),%xmm2 + addq $0x20,%rdi + andq $0xf,%rdx + je .L_done_2_EmbgEptodyewbFa + +.L_steal_cipher_2_EmbgEptodyewbFa: + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,24(%rsp) + vmovdqa64 %xmm10,%xmm11 + vmovdqa 16(%rsp),%xmm10 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 160(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 176(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 192(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 208(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 224(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vmovdqu %xmm1,(%rsi) + addq $0x20,%rsi + vmovdqa %xmm11,%xmm0 + vmovdqa %xmm2,%xmm8 + jmp .L_steal_cipher_EmbgEptodyewbFa + +.L_done_2_EmbgEptodyewbFa: + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vpxor %xmm0,%xmm2,%xmm2 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 160(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 176(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 192(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 208(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vaesdec %xmm0,%xmm2,%xmm2 + vmovdqu 224(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vaesdeclast %xmm0,%xmm2,%xmm2 + vpxor %xmm9,%xmm1,%xmm1 + vpxor %xmm10,%xmm2,%xmm2 + vmovdqu %xmm1,(%rsi) + addq $0x20,%rsi + vmovdqa %xmm2,%xmm8 + jmp .L_done_EmbgEptodyewbFa + +.L_num_blocks_is_1_EmbgEptodyewbFa: + vmovdqa 0(%rsp),%xmm9 + movq 0(%rsp),%rax + movq 8(%rsp),%rbx + vmovdqu 0(%rdi),%xmm1 + addq $0x10,%rdi + andq $0xf,%rdx + je .L_done_1_EmbgEptodyewbFa + +.L_steal_cipher_1_EmbgEptodyewbFa: + xorq %r11,%r11 + shlq $1,%rax + adcq %rbx,%rbx + cmovcq %r10,%r11 + xorq %r11,%rax + movq %rax,16(%rsp) + movq %rbx,24(%rsp) + vmovdqa64 %xmm9,%xmm10 + vmovdqa 16(%rsp),%xmm9 + vpxor %xmm9,%xmm1,%xmm1 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 160(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 176(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 192(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 208(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 224(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vpxor %xmm9,%xmm1,%xmm1 + addq $0x10,%rsi + vmovdqa %xmm10,%xmm0 + vmovdqa %xmm1,%xmm8 + jmp .L_steal_cipher_EmbgEptodyewbFa + +.L_done_1_EmbgEptodyewbFa: + vpxor %xmm9,%xmm1,%xmm1 + vmovdqu (%rcx),%xmm0 + vpxor %xmm0,%xmm1,%xmm1 + vmovdqu 16(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 32(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 48(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 64(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 80(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 96(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 112(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 128(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 144(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 160(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 176(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 192(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 208(%rcx),%xmm0 + vaesdec %xmm0,%xmm1,%xmm1 + vmovdqu 224(%rcx),%xmm0 + vaesdeclast %xmm0,%xmm1,%xmm1 + vpxor %xmm9,%xmm1,%xmm1 + addq $0x10,%rsi + vmovdqa %xmm1,%xmm8 + jmp .L_done_EmbgEptodyewbFa +.cfi_endproc +.section .rodata +.align 16 + +vpshufb_shf_table: +.quad 0x8786858483828100, 0x8f8e8d8c8b8a8988 +.quad 0x0706050403020100, 0x000e0d0c0b0a0908 + +mask1: +.quad 0x8080808080808080, 0x8080808080808080 + +const_dq3210: +.quad 0, 0, 1, 1, 2, 2, 3, 3 +const_dq5678: +.quad 8, 8, 7, 7, 6, 6, 5, 5 +const_dq7654: +.quad 4, 4, 5, 5, 6, 6, 7, 7 +const_dq1234: +.quad 4, 4, 3, 3, 2, 2, 1, 1 + +shufb_15_7: +.byte 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 7, 0xff, 0xff +.byte 0xff, 0xff, 0xff, 0xff, 0xff + +.text diff --git a/contrib/openssl-cmake/asm/crypto/aes/aesv8-armx.S b/contrib/openssl-cmake/asm/crypto/aes/aesv8-armx.S index d0dcd6dc8bf9..a5f1ed7ac942 100644 --- a/contrib/openssl-cmake/asm/crypto/aes/aesv8-armx.S +++ b/contrib/openssl-cmake/asm/crypto/aes/aesv8-armx.S @@ -3,12 +3,13 @@ #if __ARM_MAX_ARCH__>=7 .arch armv8-a+crypto .text +.section .rodata .align 5 .Lrcon: .long 0x01,0x01,0x01,0x01 .long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d // rotate-n-splat .long 0x1b,0x1b,0x1b,0x1b - +.previous .globl aes_v8_set_encrypt_key .type aes_v8_set_encrypt_key,%function .align 5 @@ -31,7 +32,8 @@ aes_v8_set_encrypt_key: tst w1,#0x3f b.ne .Lenc_key_abort - adr x3,.Lrcon + adrp x3,.Lrcon + add x3,x3,#:lo12:.Lrcon cmp w1,#192 eor v0.16b,v0.16b,v0.16b @@ -1508,6 +1510,729 @@ aes_v8_cbc_encrypt: ldr x29,[sp],#16 ret .size aes_v8_cbc_encrypt,.-aes_v8_cbc_encrypt +.globl aes_v8_ctr32_encrypt_blocks_unroll12_eor3 +.type aes_v8_ctr32_encrypt_blocks_unroll12_eor3,%function +.align 5 +aes_v8_ctr32_encrypt_blocks_unroll12_eor3: + AARCH64_VALID_CALL_TARGET + // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later. + stp x29,x30,[sp,#-80]! + stp d8,d9,[sp, #16] + stp d10,d11,[sp, #32] + stp d12,d13,[sp, #48] + stp d14,d15,[sp, #64] + add x29,sp,#0 + + ldr w5,[x3,#240] + + ldr w8, [x4, #12] +#ifdef __AARCH64EB__ + ld1 {v24.16b},[x4] +#else + ld1 {v24.4s},[x4] +#endif + ld1 {v2.4s,v3.4s},[x3] // load key schedule... + sub w5,w5,#4 + cmp x2,#2 + add x7,x3,x5,lsl#4 // pointer to last round key + sub w5,w5,#2 + add x7, x7, #64 + ld1 {v1.4s},[x7] + add x7,x3,#32 + mov w6,w5 +#ifndef __AARCH64EB__ + rev w8, w8 +#endif + + orr v25.16b,v24.16b,v24.16b + add w10, w8, #1 + orr v26.16b,v24.16b,v24.16b + add w8, w8, #2 + orr v0.16b,v24.16b,v24.16b + rev w10, w10 + mov v25.s[3],w10 + b.ls .Lctr32_tail_unroll + cmp x2,#6 + rev w12, w8 + sub x2,x2,#3 // bias + mov v26.s[3],w12 + b.lo .Loop3x_ctr32_unroll + cmp x2,#9 + orr v27.16b,v24.16b,v24.16b + add w11, w8, #1 + orr v28.16b,v24.16b,v24.16b + add w13, w8, #2 + rev w11, w11 + orr v29.16b,v24.16b,v24.16b + add w8, w8, #3 + rev w13, w13 + mov v27.s[3],w11 + rev w14, w8 + mov v28.s[3],w13 + mov v29.s[3],w14 + sub x2,x2,#3 + b.lo .Loop6x_ctr32_unroll + + // push regs to stack when 12 data chunks are interleaved + stp x19,x20,[sp,#-16]! + stp x21,x22,[sp,#-16]! + stp x23,x24,[sp,#-16]! + stp d8,d9,[sp,#-32]! + stp d10,d11,[sp,#-32]! + + add w15,w8,#1 + add w19,w8,#2 + add w20,w8,#3 + add w21,w8,#4 + add w22,w8,#5 + add w8,w8,#6 + orr v30.16b,v24.16b,v24.16b + rev w15,w15 + orr v31.16b,v24.16b,v24.16b + rev w19,w19 + orr v8.16b,v24.16b,v24.16b + rev w20,w20 + orr v9.16b,v24.16b,v24.16b + rev w21,w21 + orr v10.16b,v24.16b,v24.16b + rev w22,w22 + orr v11.16b,v24.16b,v24.16b + rev w23,w8 + + sub x2,x2,#6 // bias + mov v30.s[3],w15 + mov v31.s[3],w19 + mov v8.s[3],w20 + mov v9.s[3],w21 + mov v10.s[3],w22 + mov v11.s[3],w23 + b .Loop12x_ctr32_unroll + +.align 4 +.Loop12x_ctr32_unroll: + aese v24.16b,v2.16b + aesmc v24.16b,v24.16b + aese v25.16b,v2.16b + aesmc v25.16b,v25.16b + aese v26.16b,v2.16b + aesmc v26.16b,v26.16b + aese v27.16b,v2.16b + aesmc v27.16b,v27.16b + aese v28.16b,v2.16b + aesmc v28.16b,v28.16b + aese v29.16b,v2.16b + aesmc v29.16b,v29.16b + aese v30.16b,v2.16b + aesmc v30.16b,v30.16b + aese v31.16b,v2.16b + aesmc v31.16b,v31.16b + aese v8.16b,v2.16b + aesmc v8.16b,v8.16b + aese v9.16b,v2.16b + aesmc v9.16b,v9.16b + aese v10.16b,v2.16b + aesmc v10.16b,v10.16b + aese v11.16b,v2.16b + aesmc v11.16b,v11.16b + ld1 {v2.4s},[x7],#16 + subs w6,w6,#2 + aese v24.16b,v3.16b + aesmc v24.16b,v24.16b + aese v25.16b,v3.16b + aesmc v25.16b,v25.16b + aese v26.16b,v3.16b + aesmc v26.16b,v26.16b + aese v27.16b,v3.16b + aesmc v27.16b,v27.16b + aese v28.16b,v3.16b + aesmc v28.16b,v28.16b + aese v29.16b,v3.16b + aesmc v29.16b,v29.16b + aese v30.16b,v3.16b + aesmc v30.16b,v30.16b + aese v31.16b,v3.16b + aesmc v31.16b,v31.16b + aese v8.16b,v3.16b + aesmc v8.16b,v8.16b + aese v9.16b,v3.16b + aesmc v9.16b,v9.16b + aese v10.16b,v3.16b + aesmc v10.16b,v10.16b + aese v11.16b,v3.16b + aesmc v11.16b,v11.16b + ld1 {v3.4s},[x7],#16 + b.gt .Loop12x_ctr32_unroll + + aese v24.16b,v2.16b + aesmc v24.16b,v24.16b + aese v25.16b,v2.16b + aesmc v25.16b,v25.16b + aese v26.16b,v2.16b + aesmc v26.16b,v26.16b + aese v27.16b,v2.16b + aesmc v27.16b,v27.16b + aese v28.16b,v2.16b + aesmc v28.16b,v28.16b + aese v29.16b,v2.16b + aesmc v29.16b,v29.16b + aese v30.16b,v2.16b + aesmc v30.16b,v30.16b + aese v31.16b,v2.16b + aesmc v31.16b,v31.16b + aese v8.16b,v2.16b + aesmc v8.16b,v8.16b + aese v9.16b,v2.16b + aesmc v9.16b,v9.16b + aese v10.16b,v2.16b + aesmc v10.16b,v10.16b + aese v11.16b,v2.16b + aesmc v11.16b,v11.16b + ld1 {v2.4s},[x7],#16 + + aese v24.16b,v3.16b + aesmc v24.16b,v24.16b + aese v25.16b,v3.16b + aesmc v25.16b,v25.16b + aese v26.16b,v3.16b + aesmc v26.16b,v26.16b + aese v27.16b,v3.16b + aesmc v27.16b,v27.16b + aese v28.16b,v3.16b + aesmc v28.16b,v28.16b + aese v29.16b,v3.16b + aesmc v29.16b,v29.16b + aese v30.16b,v3.16b + aesmc v30.16b,v30.16b + aese v31.16b,v3.16b + aesmc v31.16b,v31.16b + aese v8.16b,v3.16b + aesmc v8.16b,v8.16b + aese v9.16b,v3.16b + aesmc v9.16b,v9.16b + aese v10.16b,v3.16b + aesmc v10.16b,v10.16b + aese v11.16b,v3.16b + aesmc v11.16b,v11.16b + ld1 {v3.4s},[x7],#16 + + aese v24.16b,v2.16b + aesmc v24.16b,v24.16b + add w9,w8,#1 + add w10,w8,#2 + aese v25.16b,v2.16b + aesmc v25.16b,v25.16b + add w12,w8,#3 + add w11,w8,#4 + aese v26.16b,v2.16b + aesmc v26.16b,v26.16b + add w13,w8,#5 + add w14,w8,#6 + rev w9,w9 + aese v27.16b,v2.16b + aesmc v27.16b,v27.16b + add w15,w8,#7 + add w19,w8,#8 + rev w10,w10 + rev w12,w12 + aese v28.16b,v2.16b + aesmc v28.16b,v28.16b + add w20,w8,#9 + add w21,w8,#10 + rev w11,w11 + rev w13,w13 + aese v29.16b,v2.16b + aesmc v29.16b,v29.16b + add w22,w8,#11 + add w23,w8,#12 + rev w14,w14 + rev w15,w15 + aese v30.16b,v2.16b + aesmc v30.16b,v30.16b + rev w19,w19 + rev w20,w20 + aese v31.16b,v2.16b + aesmc v31.16b,v31.16b + rev w21,w21 + rev w22,w22 + aese v8.16b,v2.16b + aesmc v8.16b,v8.16b + rev w23,w23 + aese v9.16b,v2.16b + aesmc v9.16b,v9.16b + aese v10.16b,v2.16b + aesmc v10.16b,v10.16b + aese v11.16b,v2.16b + aesmc v11.16b,v11.16b + ld1 {v2.4s},[x7],#16 + + aese v24.16b,v3.16b + aesmc v24.16b,v24.16b + aese v25.16b,v3.16b + aesmc v25.16b,v25.16b + aese v26.16b,v3.16b + aesmc v26.16b,v26.16b + aese v27.16b,v3.16b + aesmc v27.16b,v27.16b + ld1 {v4.16b,v5.16b,v6.16b,v7.16b},[x0],#64 + aese v28.16b,v3.16b + aesmc v28.16b,v28.16b + aese v29.16b,v3.16b + aesmc v29.16b,v29.16b + aese v30.16b,v3.16b + aesmc v30.16b,v30.16b + aese v31.16b,v3.16b + aesmc v31.16b,v31.16b + ld1 {v16.16b,v17.16b,v18.16b,v19.16b},[x0],#64 + aese v8.16b,v3.16b + aesmc v8.16b,v8.16b + aese v9.16b,v3.16b + aesmc v9.16b,v9.16b + aese v10.16b,v3.16b + aesmc v10.16b,v10.16b + aese v11.16b,v3.16b + aesmc v11.16b,v11.16b + ld1 {v20.16b,v21.16b,v22.16b,v23.16b},[x0],#64 + ld1 {v3.4s},[x7],#16 + + mov x7, x3 + aese v24.16b,v2.16b + aesmc v24.16b,v24.16b + aese v25.16b,v2.16b + aesmc v25.16b,v25.16b + aese v26.16b,v2.16b + aesmc v26.16b,v26.16b + aese v27.16b,v2.16b + aesmc v27.16b,v27.16b + aese v28.16b,v2.16b + aesmc v28.16b,v28.16b + aese v29.16b,v2.16b + aesmc v29.16b,v29.16b + aese v30.16b,v2.16b + aesmc v30.16b,v30.16b + aese v31.16b,v2.16b + aesmc v31.16b,v31.16b + aese v8.16b,v2.16b + aesmc v8.16b,v8.16b + aese v9.16b,v2.16b + aesmc v9.16b,v9.16b + aese v10.16b,v2.16b + aesmc v10.16b,v10.16b + aese v11.16b,v2.16b + aesmc v11.16b,v11.16b + ld1 {v2.4s},[x7],#16 // re-pre-load rndkey[0] + + aese v24.16b,v3.16b +.inst 0xce016084 //eor3 v4.16b,v4.16b,v1.16b,v24.16b + orr v24.16b,v0.16b,v0.16b + aese v25.16b,v3.16b +.inst 0xce0164a5 //eor3 v5.16b,v5.16b,v1.16b,v25.16b + orr v25.16b,v0.16b,v0.16b + aese v26.16b,v3.16b +.inst 0xce0168c6 //eor3 v6.16b,v6.16b,v1.16b,v26.16b + orr v26.16b,v0.16b,v0.16b + aese v27.16b,v3.16b +.inst 0xce016ce7 //eor3 v7.16b,v7.16b,v1.16b,v27.16b + orr v27.16b,v0.16b,v0.16b + aese v28.16b,v3.16b +.inst 0xce017210 //eor3 v16.16b,v16.16b,v1.16b,v28.16b + orr v28.16b,v0.16b,v0.16b + aese v29.16b,v3.16b +.inst 0xce017631 //eor3 v17.16b,v17.16b,v1.16b,v29.16b + orr v29.16b,v0.16b,v0.16b + aese v30.16b,v3.16b +.inst 0xce017a52 //eor3 v18.16b,v18.16b,v1.16b,v30.16b + orr v30.16b,v0.16b,v0.16b + aese v31.16b,v3.16b +.inst 0xce017e73 //eor3 v19.16b,v19.16b,v1.16b,v31.16b + orr v31.16b,v0.16b,v0.16b + aese v8.16b,v3.16b +.inst 0xce012294 //eor3 v20.16b,v20.16b,v1.16b,v8.16b + orr v8.16b,v0.16b,v0.16b + aese v9.16b,v3.16b +.inst 0xce0126b5 //eor3 v21.16b,v21.16b,v1.16b,v9.16b + orr v9.16b,v0.16b,v0.16b + aese v10.16b,v3.16b +.inst 0xce012ad6 //eor3 v22.16b,v22.16b,v1.16b,v10.16b + orr v10.16b,v0.16b,v0.16b + aese v11.16b,v3.16b +.inst 0xce012ef7 //eor3 v23.16b,v23.16b,v1.16b,v11.16b + orr v11.16b,v0.16b,v0.16b + ld1 {v3.4s},[x7],#16 // re-pre-load rndkey[1] + + mov v24.s[3],w9 + mov v25.s[3],w10 + mov v26.s[3],w12 + mov v27.s[3],w11 + st1 {v4.16b,v5.16b,v6.16b,v7.16b},[x1],#64 + mov v28.s[3],w13 + mov v29.s[3],w14 + mov v30.s[3],w15 + mov v31.s[3],w19 + st1 {v16.16b,v17.16b,v18.16b,v19.16b},[x1],#64 + mov v8.s[3],w20 + mov v9.s[3],w21 + mov v10.s[3],w22 + mov v11.s[3],w23 + st1 {v20.16b,v21.16b,v22.16b,v23.16b},[x1],#64 + + mov w6,w5 + + add w8,w8,#12 + subs x2,x2,#12 + b.hs .Loop12x_ctr32_unroll + + // pop regs from stack when 12 data chunks are interleaved + ldp d10,d11,[sp],#32 + ldp d8,d9,[sp],#32 + ldp x23,x24,[sp],#16 + ldp x21,x22,[sp],#16 + ldp x19,x20,[sp],#16 + + add x2,x2,#12 + cbz x2,.Lctr32_done_unroll + sub w8,w8,#12 + + cmp x2,#2 + b.ls .Lctr32_tail_unroll + + cmp x2,#6 + sub x2,x2,#3 // bias + add w8,w8,#3 + b.lo .Loop3x_ctr32_unroll + + sub x2,x2,#3 + add w8,w8,#3 + b.lo .Loop6x_ctr32_unroll + +.align 4 +.Loop6x_ctr32_unroll: + aese v24.16b,v2.16b + aesmc v24.16b,v24.16b + aese v25.16b,v2.16b + aesmc v25.16b,v25.16b + aese v26.16b,v2.16b + aesmc v26.16b,v26.16b + aese v27.16b,v2.16b + aesmc v27.16b,v27.16b + aese v28.16b,v2.16b + aesmc v28.16b,v28.16b + aese v29.16b,v2.16b + aesmc v29.16b,v29.16b + ld1 {v2.4s},[x7],#16 + subs w6,w6,#2 + aese v24.16b,v3.16b + aesmc v24.16b,v24.16b + aese v25.16b,v3.16b + aesmc v25.16b,v25.16b + aese v26.16b,v3.16b + aesmc v26.16b,v26.16b + aese v27.16b,v3.16b + aesmc v27.16b,v27.16b + aese v28.16b,v3.16b + aesmc v28.16b,v28.16b + aese v29.16b,v3.16b + aesmc v29.16b,v29.16b + ld1 {v3.4s},[x7],#16 + b.gt .Loop6x_ctr32_unroll + + aese v24.16b,v2.16b + aesmc v24.16b,v24.16b + aese v25.16b,v2.16b + aesmc v25.16b,v25.16b + aese v26.16b,v2.16b + aesmc v26.16b,v26.16b + aese v27.16b,v2.16b + aesmc v27.16b,v27.16b + aese v28.16b,v2.16b + aesmc v28.16b,v28.16b + aese v29.16b,v2.16b + aesmc v29.16b,v29.16b + ld1 {v2.4s},[x7],#16 + + aese v24.16b,v3.16b + aesmc v24.16b,v24.16b + aese v25.16b,v3.16b + aesmc v25.16b,v25.16b + aese v26.16b,v3.16b + aesmc v26.16b,v26.16b + aese v27.16b,v3.16b + aesmc v27.16b,v27.16b + aese v28.16b,v3.16b + aesmc v28.16b,v28.16b + aese v29.16b,v3.16b + aesmc v29.16b,v29.16b + ld1 {v3.4s},[x7],#16 + + aese v24.16b,v2.16b + aesmc v24.16b,v24.16b + add w9,w8,#1 + add w10,w8,#2 + aese v25.16b,v2.16b + aesmc v25.16b,v25.16b + add w12,w8,#3 + add w11,w8,#4 + aese v26.16b,v2.16b + aesmc v26.16b,v26.16b + add w13,w8,#5 + add w14,w8,#6 + rev w9,w9 + aese v27.16b,v2.16b + aesmc v27.16b,v27.16b + rev w10,w10 + rev w12,w12 + aese v28.16b,v2.16b + aesmc v28.16b,v28.16b + rev w11,w11 + rev w13,w13 + aese v29.16b,v2.16b + aesmc v29.16b,v29.16b + rev w14,w14 + ld1 {v2.4s},[x7],#16 + + aese v24.16b,v3.16b + aesmc v24.16b,v24.16b + aese v25.16b,v3.16b + aesmc v25.16b,v25.16b + ld1 {v4.16b,v5.16b,v6.16b,v7.16b},[x0],#64 + aese v26.16b,v3.16b + aesmc v26.16b,v26.16b + aese v27.16b,v3.16b + aesmc v27.16b,v27.16b + ld1 {v16.16b,v17.16b},[x0],#32 + aese v28.16b,v3.16b + aesmc v28.16b,v28.16b + aese v29.16b,v3.16b + aesmc v29.16b,v29.16b + ld1 {v3.4s},[x7],#16 + + mov x7, x3 + aese v24.16b,v2.16b + aesmc v24.16b,v24.16b + aese v25.16b,v2.16b + aesmc v25.16b,v25.16b + aese v26.16b,v2.16b + aesmc v26.16b,v26.16b + aese v27.16b,v2.16b + aesmc v27.16b,v27.16b + aese v28.16b,v2.16b + aesmc v28.16b,v28.16b + aese v29.16b,v2.16b + aesmc v29.16b,v29.16b + ld1 {v2.4s},[x7],#16 // re-pre-load rndkey[0] + + aese v24.16b,v3.16b +.inst 0xce016084 //eor3 v4.16b,v4.16b,v1.16b,v24.16b + aese v25.16b,v3.16b +.inst 0xce0164a5 //eor3 v5.16b,v5.16b,v1.16b,v25.16b + aese v26.16b,v3.16b +.inst 0xce0168c6 //eor3 v6.16b,v6.16b,v1.16b,v26.16b + aese v27.16b,v3.16b +.inst 0xce016ce7 //eor3 v7.16b,v7.16b,v1.16b,v27.16b + aese v28.16b,v3.16b +.inst 0xce017210 //eor3 v16.16b,v16.16b,v1.16b,v28.16b + aese v29.16b,v3.16b +.inst 0xce017631 //eor3 v17.16b,v17.16b,v1.16b,v29.16b + ld1 {v3.4s},[x7],#16 // re-pre-load rndkey[1] + + orr v24.16b,v0.16b,v0.16b + orr v25.16b,v0.16b,v0.16b + orr v26.16b,v0.16b,v0.16b + orr v27.16b,v0.16b,v0.16b + orr v28.16b,v0.16b,v0.16b + orr v29.16b,v0.16b,v0.16b + + mov v24.s[3],w9 + mov v25.s[3],w10 + st1 {v4.16b,v5.16b,v6.16b,v7.16b},[x1],#64 + mov v26.s[3],w12 + mov v27.s[3],w11 + st1 {v16.16b,v17.16b},[x1],#32 + mov v28.s[3],w13 + mov v29.s[3],w14 + + cbz x2,.Lctr32_done_unroll + mov w6,w5 + + cmp x2,#2 + b.ls .Lctr32_tail_unroll + + sub x2,x2,#3 // bias + add w8,w8,#3 + b .Loop3x_ctr32_unroll + +.align 4 +.Loop3x_ctr32_unroll: + aese v24.16b,v2.16b + aesmc v24.16b,v24.16b + aese v25.16b,v2.16b + aesmc v25.16b,v25.16b + aese v26.16b,v2.16b + aesmc v26.16b,v26.16b + ld1 {v2.4s},[x7],#16 + subs w6,w6,#2 + aese v24.16b,v3.16b + aesmc v24.16b,v24.16b + aese v25.16b,v3.16b + aesmc v25.16b,v25.16b + aese v26.16b,v3.16b + aesmc v26.16b,v26.16b + ld1 {v3.4s},[x7],#16 + b.gt .Loop3x_ctr32_unroll + + aese v24.16b,v2.16b + aesmc v9.16b,v24.16b + aese v25.16b,v2.16b + aesmc v10.16b,v25.16b + ld1 {v4.16b,v5.16b,v6.16b},[x0],#48 + orr v24.16b,v0.16b,v0.16b + aese v26.16b,v2.16b + aesmc v26.16b,v26.16b + ld1 {v2.4s},[x7],#16 + orr v25.16b,v0.16b,v0.16b + aese v9.16b,v3.16b + aesmc v9.16b,v9.16b + aese v10.16b,v3.16b + aesmc v10.16b,v10.16b + aese v26.16b,v3.16b + aesmc v11.16b,v26.16b + ld1 {v3.4s},[x7],#16 + orr v26.16b,v0.16b,v0.16b + add w9,w8,#1 + aese v9.16b,v2.16b + aesmc v9.16b,v9.16b + aese v10.16b,v2.16b + aesmc v10.16b,v10.16b + add w10,w8,#2 + aese v11.16b,v2.16b + aesmc v11.16b,v11.16b + ld1 {v2.4s},[x7],#16 + add w8,w8,#3 + aese v9.16b,v3.16b + aesmc v9.16b,v9.16b + aese v10.16b,v3.16b + aesmc v10.16b,v10.16b + + rev w9,w9 + aese v11.16b,v3.16b + aesmc v11.16b,v11.16b + ld1 {v3.4s},[x7],#16 + mov v24.s[3], w9 + mov x7,x3 + rev w10,w10 + aese v9.16b,v2.16b + aesmc v9.16b,v9.16b + + aese v10.16b,v2.16b + aesmc v10.16b,v10.16b + mov v25.s[3], w10 + rev w12,w8 + aese v11.16b,v2.16b + aesmc v11.16b,v11.16b + mov v26.s[3], w12 + + aese v9.16b,v3.16b + aese v10.16b,v3.16b + aese v11.16b,v3.16b + +.inst 0xce012484 //eor3 v4.16b,v4.16b,v1.16b,v9.16b + ld1 {v2.4s},[x7],#16 // re-pre-load rndkey[0] +.inst 0xce0128a5 //eor3 v5.16b,v5.16b,v1.16b,v10.16b + mov w6,w5 +.inst 0xce012cc6 //eor3 v6.16b,v6.16b,v1.16b,v11.16b + ld1 {v3.4s},[x7],#16 // re-pre-load rndkey[1] + st1 {v4.16b,v5.16b,v6.16b},[x1],#48 + + cbz x2,.Lctr32_done_unroll + +.Lctr32_tail_unroll: + cmp x2,#1 + b.eq .Lctr32_tail_1_unroll + +.Lctr32_tail_2_unroll: + aese v24.16b,v2.16b + aesmc v24.16b,v24.16b + aese v25.16b,v2.16b + aesmc v25.16b,v25.16b + ld1 {v2.4s},[x7],#16 + subs w6,w6,#2 + aese v24.16b,v3.16b + aesmc v24.16b,v24.16b + aese v25.16b,v3.16b + aesmc v25.16b,v25.16b + ld1 {v3.4s},[x7],#16 + b.gt .Lctr32_tail_2_unroll + + aese v24.16b,v2.16b + aesmc v24.16b,v24.16b + aese v25.16b,v2.16b + aesmc v25.16b,v25.16b + ld1 {v2.4s},[x7],#16 + aese v24.16b,v3.16b + aesmc v24.16b,v24.16b + aese v25.16b,v3.16b + aesmc v25.16b,v25.16b + ld1 {v3.4s},[x7],#16 + ld1 {v4.16b,v5.16b},[x0],#32 + aese v24.16b,v2.16b + aesmc v24.16b,v24.16b + aese v25.16b,v2.16b + aesmc v25.16b,v25.16b + ld1 {v2.4s},[x7],#16 + aese v24.16b,v3.16b + aesmc v24.16b,v24.16b + aese v25.16b,v3.16b + aesmc v25.16b,v25.16b + ld1 {v3.4s},[x7],#16 + aese v24.16b,v2.16b + aesmc v24.16b,v24.16b + aese v25.16b,v2.16b + aesmc v25.16b,v25.16b + aese v24.16b,v3.16b + aese v25.16b,v3.16b + +.inst 0xce016084 //eor3 v4.16b,v4.16b,v1.16b,v24.16b +.inst 0xce0164a5 //eor3 v5.16b,v5.16b,v1.16b,v25.16b + st1 {v4.16b,v5.16b},[x1],#32 + b .Lctr32_done_unroll + +.Lctr32_tail_1_unroll: + aese v24.16b,v2.16b + aesmc v24.16b,v24.16b + ld1 {v2.4s},[x7],#16 + subs w6,w6,#2 + aese v24.16b,v3.16b + aesmc v24.16b,v24.16b + ld1 {v3.4s},[x7],#16 + b.gt .Lctr32_tail_1_unroll + + aese v24.16b,v2.16b + aesmc v24.16b,v24.16b + ld1 {v2.4s},[x7],#16 + aese v24.16b,v3.16b + aesmc v24.16b,v24.16b + ld1 {v3.4s},[x7],#16 + ld1 {v4.16b},[x0] + aese v24.16b,v2.16b + aesmc v24.16b,v24.16b + ld1 {v2.4s},[x7],#16 + aese v24.16b,v3.16b + aesmc v24.16b,v24.16b + ld1 {v3.4s},[x7],#16 + aese v24.16b,v2.16b + aesmc v24.16b,v24.16b + aese v24.16b,v3.16b + +.inst 0xce016084 //eor3 v4.16b,v4.16b,v1.16b,v24.16b + st1 {v4.16b},[x1],#16 + +.Lctr32_done_unroll: + ldp d8,d9,[sp, #16] + ldp d10,d11,[sp, #32] + ldp d12,d13,[sp, #48] + ldp d14,d15,[sp, #64] + ldr x29,[sp],#80 + ret +.size aes_v8_ctr32_encrypt_blocks_unroll12_eor3,.-aes_v8_ctr32_encrypt_blocks_unroll12_eor3 .globl aes_v8_ctr32_encrypt_blocks .type aes_v8_ctr32_encrypt_blocks,%function .align 5 diff --git a/contrib/openssl-cmake/asm/crypto/aes/bsaes-armv8.S b/contrib/openssl-cmake/asm/crypto/aes/bsaes-armv8.S index c550525fdbc7..536cbdce0463 100644 --- a/contrib/openssl-cmake/asm/crypto/aes/bsaes-armv8.S +++ b/contrib/openssl-cmake/asm/crypto/aes/bsaes-armv8.S @@ -1,4 +1,4 @@ -// Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. +// Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. // // Licensed under the OpenSSL license (the "License"). You may not use // this file except in compliance with the License. You can obtain a copy @@ -44,7 +44,8 @@ // other SIMD registers corrupted _bsaes_decrypt8: ldr q8, [x9], #16 - adr x11, .LM0ISR + adrp x11, .LM0ISR + add x11, x11, #:lo12:.LM0ISR movi v9.16b, #0x55 ldr q10, [x11], #16 movi v16.16b, #0x33 @@ -460,9 +461,10 @@ _bsaes_decrypt8: ret .size _bsaes_decrypt8,.-_bsaes_decrypt8 -.type _bsaes_const,%object +.section .rodata +.type _bsaes_consts,%object .align 6 -_bsaes_const: +_bsaes_consts: // InvShiftRows constants // Used in _bsaes_decrypt8, which assumes contiguity // .LM0ISR used with round 0 key @@ -498,7 +500,9 @@ _bsaes_const: .quad 0x090d01050c000408, 0x03070b0f060a0e02 .align 6 -.size _bsaes_const,.-_bsaes_const +.size _bsaes_consts,.-_bsaes_consts + +.previous .type _bsaes_encrypt8,%function .align 4 @@ -514,7 +518,8 @@ _bsaes_const: // other SIMD registers corrupted _bsaes_encrypt8: ldr q8, [x9], #16 - adr x11, .LM0SR + adrp x11, .LM0SR + add x11, x11, #:lo12:.LM0SR ldr q9, [x11], #16 _bsaes_encrypt8_alt: eor v0.16b, v0.16b, v8.16b @@ -918,9 +923,11 @@ _bsaes_encrypt8_alt: // other SIMD registers corrupted _bsaes_key_convert: #ifdef __AARCH64EL__ - adr x11, .LM0_littleendian + adrp x11, .LM0_littleendian + add x11, x11, #:lo12:.LM0_littleendian #else - adr x11, .LM0_bigendian + adrp x11, .LM0_bigendian + add x11, x11, #:lo12:.LM0_bigendian #endif ldr q0, [x9], #16 // load round 0 key ldr q1, [x11] // .LM0 @@ -964,7 +971,8 @@ _bsaes_key_convert: // don't save last round key #ifdef __AARCH64EL__ rev32 v15.16b, v15.16b - adr x11, .LM0_bigendian + adrp x11, .LM0_bigendian + add x11, x11, #:lo12:.LM0_bigendian #endif ret .size _bsaes_key_convert,.-_bsaes_key_convert diff --git a/contrib/openssl-cmake/asm/crypto/aes/bsaes-x86_64.s b/contrib/openssl-cmake/asm/crypto/aes/bsaes-x86_64.s index 813b122f527e..7754c0df656e 100644 --- a/contrib/openssl-cmake/asm/crypto/aes/bsaes-x86_64.s +++ b/contrib/openssl-cmake/asm/crypto/aes/bsaes-x86_64.s @@ -1571,6 +1571,7 @@ ossl_bsaes_ctr32_encrypt_blocks: .align 16 ossl_bsaes_xts_encrypt: .cfi_startproc +.byte 243,15,30,250 movq %rsp,%rax .Lxts_enc_prologue: pushq %rbp @@ -2046,6 +2047,7 @@ ossl_bsaes_xts_encrypt: .align 16 ossl_bsaes_xts_decrypt: .cfi_startproc +.byte 243,15,30,250 movq %rsp,%rax .Lxts_dec_prologue: pushq %rbp @@ -2541,6 +2543,7 @@ ossl_bsaes_xts_decrypt: .cfi_endproc .size ossl_bsaes_xts_decrypt,.-ossl_bsaes_xts_decrypt .type _bsaes_const,@object +.section .rodata .align 64 _bsaes_const: .LM0ISR: @@ -2592,6 +2595,6 @@ _bsaes_const: .quad 0x02060a0e03070b0f, 0x0004080c0105090d .L63: .quad 0x6363636363636363, 0x6363636363636363 -.byte 66,105,116,45,115,108,105,99,101,100,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,69,109,105,108,105,97,32,75,195,164,115,112,101,114,44,32,80,101,116,101,114,32,83,99,104,119,97,98,101,44,32,65,110,100,121,32,80,111,108,121,97,107,111,118,0 .align 64 .size _bsaes_const,.-_bsaes_const +.byte 66,105,116,45,115,108,105,99,101,100,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,69,109,105,108,105,97,32,75,195,164,115,112,101,114,44,32,80,101,116,101,114,32,83,99,104,119,97,98,101,44,32,65,110,100,121,32,80,111,108,121,97,107,111,118,0 diff --git a/contrib/openssl-cmake/asm/crypto/aes/vpaes-armv8.S b/contrib/openssl-cmake/asm/crypto/aes/vpaes-armv8.S index ff1747c694cb..9d9be004162d 100644 --- a/contrib/openssl-cmake/asm/crypto/aes/vpaes-armv8.S +++ b/contrib/openssl-cmake/asm/crypto/aes/vpaes-armv8.S @@ -1,6 +1,6 @@ #include "arm_arch.h" -.text +.section .rodata .type _vpaes_consts,%object .align 7 // totally strategic alignment @@ -92,6 +92,9 @@ _vpaes_consts: .align 2 .size _vpaes_consts,.-_vpaes_consts .align 6 + +.text + // // _aes_preheat // @@ -101,7 +104,8 @@ _vpaes_consts: .type _vpaes_encrypt_preheat,%function .align 4 _vpaes_encrypt_preheat: - adr x10, .Lk_inv + adrp x10, .Lk_inv + add x10, x10, #:lo12:.Lk_inv movi v17.16b, #0x0f ld1 {v18.2d,v19.2d}, [x10],#32 // .Lk_inv ld1 {v20.2d,v21.2d,v22.2d,v23.2d}, [x10],#64 // .Lk_ipt, .Lk_sbo @@ -129,7 +133,8 @@ _vpaes_encrypt_preheat: _vpaes_encrypt_core: mov x9, x2 ldr w8, [x2,#240] // pull rounds - adr x11, .Lk_mc_forward+16 + adrp x11, .Lk_mc_forward+16 + add x11, x11, #:lo12:.Lk_mc_forward+16 // vmovdqa .Lk_ipt(%rip), %xmm2 # iptlo ld1 {v16.2d}, [x9], #16 // vmovdqu (%r9), %xmm5 # round0 key and v1.16b, v7.16b, v17.16b // vpand %xmm9, %xmm0, %xmm1 @@ -216,7 +221,8 @@ vpaes_encrypt: _vpaes_encrypt_2x: mov x9, x2 ldr w8, [x2,#240] // pull rounds - adr x11, .Lk_mc_forward+16 + adrp x11, .Lk_mc_forward+16 + add x11, x11, #:lo12:.Lk_mc_forward+16 // vmovdqa .Lk_ipt(%rip), %xmm2 # iptlo ld1 {v16.2d}, [x9], #16 // vmovdqu (%r9), %xmm5 # round0 key and v1.16b, v14.16b, v17.16b // vpand %xmm9, %xmm0, %xmm1 @@ -319,9 +325,11 @@ _vpaes_encrypt_2x: .type _vpaes_decrypt_preheat,%function .align 4 _vpaes_decrypt_preheat: - adr x10, .Lk_inv + adrp x10, .Lk_inv + add x10, x10, #:lo12:.Lk_inv movi v17.16b, #0x0f - adr x11, .Lk_dipt + adrp x11, .Lk_dipt + add x11, x11, #:lo12:.Lk_dipt ld1 {v18.2d,v19.2d}, [x10],#32 // .Lk_inv ld1 {v20.2d,v21.2d,v22.2d,v23.2d}, [x11],#64 // .Lk_dipt, .Lk_dsbo ld1 {v24.2d,v25.2d,v26.2d,v27.2d}, [x11],#64 // .Lk_dsb9, .Lk_dsbd @@ -343,10 +351,12 @@ _vpaes_decrypt_core: // vmovdqa .Lk_dipt(%rip), %xmm2 # iptlo lsl x11, x8, #4 // mov %rax, %r11; shl $4, %r11 eor x11, x11, #0x30 // xor $0x30, %r11 - adr x10, .Lk_sr + adrp x10, .Lk_sr + add x10, x10, #:lo12:.Lk_sr and x11, x11, #0x30 // and $0x30, %r11 add x11, x11, x10 - adr x10, .Lk_mc_forward+48 + adrp x10, .Lk_mc_forward+48 + add x10, x10, #:lo12:.Lk_mc_forward+48 ld1 {v16.2d}, [x9],#16 // vmovdqu (%r9), %xmm4 # round0 key and v1.16b, v7.16b, v17.16b // vpand %xmm9, %xmm0, %xmm1 @@ -454,10 +464,12 @@ _vpaes_decrypt_2x: // vmovdqa .Lk_dipt(%rip), %xmm2 # iptlo lsl x11, x8, #4 // mov %rax, %r11; shl $4, %r11 eor x11, x11, #0x30 // xor $0x30, %r11 - adr x10, .Lk_sr + adrp x10, .Lk_sr + add x10, x10, #:lo12:.Lk_sr and x11, x11, #0x30 // and $0x30, %r11 add x11, x11, x10 - adr x10, .Lk_mc_forward+48 + adrp x10, .Lk_mc_forward+48 + add x10, x10, #:lo12:.Lk_mc_forward+48 ld1 {v16.2d}, [x9],#16 // vmovdqu (%r9), %xmm4 # round0 key and v1.16b, v14.16b, v17.16b // vpand %xmm9, %xmm0, %xmm1 @@ -586,14 +598,18 @@ _vpaes_decrypt_2x: .type _vpaes_key_preheat,%function .align 4 _vpaes_key_preheat: - adr x10, .Lk_inv + adrp x10, .Lk_inv + add x10, x10, #:lo12:.Lk_inv movi v16.16b, #0x5b // .Lk_s63 - adr x11, .Lk_sb1 + adrp x11, .Lk_sb1 + add x11, x11, #:lo12:.Lk_sb1 movi v17.16b, #0x0f // .Lk_s0F ld1 {v18.2d,v19.2d,v20.2d,v21.2d}, [x10] // .Lk_inv, .Lk_ipt - adr x10, .Lk_dksd + adrp x10, .Lk_dksd + add x10, x10, #:lo12:.Lk_dksd ld1 {v22.2d,v23.2d}, [x11] // .Lk_sb1 - adr x11, .Lk_mc_forward + adrp x11, .Lk_mc_forward + add x11, x11, #:lo12:.Lk_mc_forward ld1 {v24.2d,v25.2d,v26.2d,v27.2d}, [x10],#64 // .Lk_dksd, .Lk_dksb ld1 {v28.2d,v29.2d,v30.2d,v31.2d}, [x10],#64 // .Lk_dkse, .Lk_dks9 ld1 {v8.2d}, [x10] // .Lk_rcon @@ -617,7 +633,8 @@ _vpaes_schedule_core: bl _vpaes_schedule_transform mov v7.16b, v0.16b // vmovdqa %xmm0, %xmm7 - adr x10, .Lk_sr // lea .Lk_sr(%rip),%r10 + adrp x10, .Lk_sr + add x10, x10, #:lo12:.Lk_sr add x8, x8, x10 cbnz w3, .Lschedule_am_decrypting @@ -743,12 +760,14 @@ _vpaes_schedule_core: .align 4 .Lschedule_mangle_last: // schedule last round key from xmm0 - adr x11, .Lk_deskew // lea .Lk_deskew(%rip),%r11 # prepare to deskew + adrp x11, .Lk_deskew + add x11, x11, #:lo12:.Lk_deskew cbnz w3, .Lschedule_mangle_last_dec // encrypting ld1 {v1.2d}, [x8] // vmovdqa (%r8,%r10),%xmm1 - adr x11, .Lk_opt // lea .Lk_opt(%rip), %r11 # prepare to output transform + adrp x11, .Lk_opt + add x11, x11, #:lo12:.Lk_opt add x2, x2, #32 // add $32, %rdx tbl v0.16b, {v0.16b}, v1.16b // vpshufb %xmm1, %xmm0, %xmm0 # output permute diff --git a/contrib/openssl-cmake/asm/crypto/aes/vpaes-x86_64.s b/contrib/openssl-cmake/asm/crypto/aes/vpaes-x86_64.s index b473b5e51cd4..9a2084d782f1 100644 --- a/contrib/openssl-cmake/asm/crypto/aes/vpaes-x86_64.s +++ b/contrib/openssl-cmake/asm/crypto/aes/vpaes-x86_64.s @@ -758,6 +758,7 @@ _vpaes_preheat: .type _vpaes_consts,@object +.section .rodata .align 64 _vpaes_consts: .Lk_inv: @@ -853,6 +854,6 @@ _vpaes_consts: .Lk_dsbo: .quad 0x1387EA537EF94000, 0xC7AA6DB9D4943E2D .quad 0x12D7560F93441D00, 0xCA4B8159D8C58E9C -.byte 86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0 .align 64 .size _vpaes_consts,.-_vpaes_consts +.byte 86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0 diff --git a/contrib/openssl-cmake/asm/crypto/bn/armv8-mont.S b/contrib/openssl-cmake/asm/crypto/bn/armv8-mont.S index a867dbb2d1fd..c9fe7621f422 100644 --- a/contrib/openssl-cmake/asm/crypto/bn/armv8-mont.S +++ b/contrib/openssl-cmake/asm/crypto/bn/armv8-mont.S @@ -16,10 +16,12 @@ bn_mul_mont: cmp x5,#32 b.le .Lscalar_impl #ifndef __KERNEL__ +#ifndef __AARCH64EB__ adrp x17,OPENSSL_armv8_rsa_neonized ldr w17,[x17,#:lo12:OPENSSL_armv8_rsa_neonized] cbnz w17, bn_mul8x_mont_neon #endif +#endif .Lscalar_impl: tst x5,#7 @@ -2128,6 +2130,7 @@ __bn_mul4x_mont: AARCH64_VALIDATE_LINK_REGISTER ret .size __bn_mul4x_mont,.-__bn_mul4x_mont +.section .rodata .byte 77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 2 .align 4 diff --git a/contrib/openssl-cmake/asm/crypto/bn/rsaz-2k-avx512.s b/contrib/openssl-cmake/asm/crypto/bn/rsaz-2k-avx512.s index f1dca7e5c379..f5e5615830a6 100644 --- a/contrib/openssl-cmake/asm/crypto/bn/rsaz-2k-avx512.s +++ b/contrib/openssl-cmake/asm/crypto/bn/rsaz-2k-avx512.s @@ -411,7 +411,7 @@ ossl_rsaz_amm52x20_x1_ifma256: .byte 0xf3,0xc3 .cfi_endproc .size ossl_rsaz_amm52x20_x1_ifma256, .-ossl_rsaz_amm52x20_x1_ifma256 -.data +.section .rodata .align 32 .Lmask52x4: .quad 0xfffffffffffff @@ -887,7 +887,7 @@ ossl_extract_multiplier_2x20_win5: .byte 0xf3,0xc3 .cfi_endproc .size ossl_extract_multiplier_2x20_win5, .-ossl_extract_multiplier_2x20_win5 -.data +.section .rodata .align 32 .Lones: .quad 1,1,1,1 diff --git a/contrib/openssl-cmake/asm/crypto/bn/rsaz-2k-avxifma.s b/contrib/openssl-cmake/asm/crypto/bn/rsaz-2k-avxifma.s new file mode 100644 index 000000000000..52ee96759445 --- /dev/null +++ b/contrib/openssl-cmake/asm/crypto/bn/rsaz-2k-avxifma.s @@ -0,0 +1,1146 @@ +.text + +.globl ossl_rsaz_avxifma_eligible +.type ossl_rsaz_avxifma_eligible,@function +.align 32 +ossl_rsaz_avxifma_eligible: + movl OPENSSL_ia32cap_P+20(%rip),%ecx + xorl %eax,%eax + andl $8388608,%ecx + cmpl $8388608,%ecx + cmovel %ecx,%eax + .byte 0xf3,0xc3 +.size ossl_rsaz_avxifma_eligible, .-ossl_rsaz_avxifma_eligible +.text + +.globl ossl_rsaz_amm52x20_x1_avxifma256 +.type ossl_rsaz_amm52x20_x1_avxifma256,@function +.align 32 +ossl_rsaz_amm52x20_x1_avxifma256: +.cfi_startproc +.byte 243,15,30,250 + pushq %rbx +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbx,-16 + pushq %rbp +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbp,-24 + pushq %r12 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r12,-32 + pushq %r13 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r13,-40 + pushq %r14 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r14,-48 + pushq %r15 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r15,-56 +.Lossl_rsaz_amm52x20_x1_avxifma256_body: + + + vpxor %ymm0,%ymm0,%ymm0 + vmovapd %ymm0,%ymm3 + vmovapd %ymm0,%ymm5 + vmovapd %ymm0,%ymm6 + vmovapd %ymm0,%ymm7 + vmovapd %ymm0,%ymm8 + + xorl %r9d,%r9d + + movq %rdx,%r11 + movq $0xfffffffffffff,%rax + + + movl $5,%ebx + +.align 32 +.Lloop5: + movq 0(%r11),%r13 + + vpbroadcastq 0(%r11),%ymm1 + movq 0(%rsi),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + movq %r12,%r10 + adcq $0,%r10 + + movq %r8,%r13 + imulq %r9,%r13 + andq %rax,%r13 + + vmovq %r13,%xmm2 + vpbroadcastq %xmm2,%ymm2 + movq 0(%rcx),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + adcq %r12,%r10 + + shrq $52,%r9 + salq $12,%r10 + orq %r10,%r9 + + leaq -168(%rsp),%rsp +{vex} vpmadd52luq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52luq 32(%rsi),%ymm1,%ymm5 +{vex} vpmadd52luq 64(%rsi),%ymm1,%ymm6 +{vex} vpmadd52luq 96(%rsi),%ymm1,%ymm7 +{vex} vpmadd52luq 128(%rsi),%ymm1,%ymm8 + +{vex} vpmadd52luq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52luq 32(%rcx),%ymm2,%ymm5 +{vex} vpmadd52luq 64(%rcx),%ymm2,%ymm6 +{vex} vpmadd52luq 96(%rcx),%ymm2,%ymm7 +{vex} vpmadd52luq 128(%rcx),%ymm2,%ymm8 + + + vmovdqu %ymm3,0(%rsp) + vmovdqu %ymm5,32(%rsp) + vmovdqu %ymm6,64(%rsp) + vmovdqu %ymm7,96(%rsp) + vmovdqu %ymm8,128(%rsp) + movq $0,160(%rsp) + + vmovdqu 8(%rsp),%ymm3 + vmovdqu 40(%rsp),%ymm5 + vmovdqu 72(%rsp),%ymm6 + vmovdqu 104(%rsp),%ymm7 + vmovdqu 136(%rsp),%ymm8 + + addq 8(%rsp),%r9 + +{vex} vpmadd52huq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52huq 32(%rsi),%ymm1,%ymm5 +{vex} vpmadd52huq 64(%rsi),%ymm1,%ymm6 +{vex} vpmadd52huq 96(%rsi),%ymm1,%ymm7 +{vex} vpmadd52huq 128(%rsi),%ymm1,%ymm8 + +{vex} vpmadd52huq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52huq 32(%rcx),%ymm2,%ymm5 +{vex} vpmadd52huq 64(%rcx),%ymm2,%ymm6 +{vex} vpmadd52huq 96(%rcx),%ymm2,%ymm7 +{vex} vpmadd52huq 128(%rcx),%ymm2,%ymm8 + leaq 168(%rsp),%rsp + movq 8(%r11),%r13 + + vpbroadcastq 8(%r11),%ymm1 + movq 0(%rsi),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + movq %r12,%r10 + adcq $0,%r10 + + movq %r8,%r13 + imulq %r9,%r13 + andq %rax,%r13 + + vmovq %r13,%xmm2 + vpbroadcastq %xmm2,%ymm2 + movq 0(%rcx),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + adcq %r12,%r10 + + shrq $52,%r9 + salq $12,%r10 + orq %r10,%r9 + + leaq -168(%rsp),%rsp +{vex} vpmadd52luq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52luq 32(%rsi),%ymm1,%ymm5 +{vex} vpmadd52luq 64(%rsi),%ymm1,%ymm6 +{vex} vpmadd52luq 96(%rsi),%ymm1,%ymm7 +{vex} vpmadd52luq 128(%rsi),%ymm1,%ymm8 + +{vex} vpmadd52luq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52luq 32(%rcx),%ymm2,%ymm5 +{vex} vpmadd52luq 64(%rcx),%ymm2,%ymm6 +{vex} vpmadd52luq 96(%rcx),%ymm2,%ymm7 +{vex} vpmadd52luq 128(%rcx),%ymm2,%ymm8 + + + vmovdqu %ymm3,0(%rsp) + vmovdqu %ymm5,32(%rsp) + vmovdqu %ymm6,64(%rsp) + vmovdqu %ymm7,96(%rsp) + vmovdqu %ymm8,128(%rsp) + movq $0,160(%rsp) + + vmovdqu 8(%rsp),%ymm3 + vmovdqu 40(%rsp),%ymm5 + vmovdqu 72(%rsp),%ymm6 + vmovdqu 104(%rsp),%ymm7 + vmovdqu 136(%rsp),%ymm8 + + addq 8(%rsp),%r9 + +{vex} vpmadd52huq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52huq 32(%rsi),%ymm1,%ymm5 +{vex} vpmadd52huq 64(%rsi),%ymm1,%ymm6 +{vex} vpmadd52huq 96(%rsi),%ymm1,%ymm7 +{vex} vpmadd52huq 128(%rsi),%ymm1,%ymm8 + +{vex} vpmadd52huq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52huq 32(%rcx),%ymm2,%ymm5 +{vex} vpmadd52huq 64(%rcx),%ymm2,%ymm6 +{vex} vpmadd52huq 96(%rcx),%ymm2,%ymm7 +{vex} vpmadd52huq 128(%rcx),%ymm2,%ymm8 + leaq 168(%rsp),%rsp + movq 16(%r11),%r13 + + vpbroadcastq 16(%r11),%ymm1 + movq 0(%rsi),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + movq %r12,%r10 + adcq $0,%r10 + + movq %r8,%r13 + imulq %r9,%r13 + andq %rax,%r13 + + vmovq %r13,%xmm2 + vpbroadcastq %xmm2,%ymm2 + movq 0(%rcx),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + adcq %r12,%r10 + + shrq $52,%r9 + salq $12,%r10 + orq %r10,%r9 + + leaq -168(%rsp),%rsp +{vex} vpmadd52luq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52luq 32(%rsi),%ymm1,%ymm5 +{vex} vpmadd52luq 64(%rsi),%ymm1,%ymm6 +{vex} vpmadd52luq 96(%rsi),%ymm1,%ymm7 +{vex} vpmadd52luq 128(%rsi),%ymm1,%ymm8 + +{vex} vpmadd52luq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52luq 32(%rcx),%ymm2,%ymm5 +{vex} vpmadd52luq 64(%rcx),%ymm2,%ymm6 +{vex} vpmadd52luq 96(%rcx),%ymm2,%ymm7 +{vex} vpmadd52luq 128(%rcx),%ymm2,%ymm8 + + + vmovdqu %ymm3,0(%rsp) + vmovdqu %ymm5,32(%rsp) + vmovdqu %ymm6,64(%rsp) + vmovdqu %ymm7,96(%rsp) + vmovdqu %ymm8,128(%rsp) + movq $0,160(%rsp) + + vmovdqu 8(%rsp),%ymm3 + vmovdqu 40(%rsp),%ymm5 + vmovdqu 72(%rsp),%ymm6 + vmovdqu 104(%rsp),%ymm7 + vmovdqu 136(%rsp),%ymm8 + + addq 8(%rsp),%r9 + +{vex} vpmadd52huq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52huq 32(%rsi),%ymm1,%ymm5 +{vex} vpmadd52huq 64(%rsi),%ymm1,%ymm6 +{vex} vpmadd52huq 96(%rsi),%ymm1,%ymm7 +{vex} vpmadd52huq 128(%rsi),%ymm1,%ymm8 + +{vex} vpmadd52huq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52huq 32(%rcx),%ymm2,%ymm5 +{vex} vpmadd52huq 64(%rcx),%ymm2,%ymm6 +{vex} vpmadd52huq 96(%rcx),%ymm2,%ymm7 +{vex} vpmadd52huq 128(%rcx),%ymm2,%ymm8 + leaq 168(%rsp),%rsp + movq 24(%r11),%r13 + + vpbroadcastq 24(%r11),%ymm1 + movq 0(%rsi),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + movq %r12,%r10 + adcq $0,%r10 + + movq %r8,%r13 + imulq %r9,%r13 + andq %rax,%r13 + + vmovq %r13,%xmm2 + vpbroadcastq %xmm2,%ymm2 + movq 0(%rcx),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + adcq %r12,%r10 + + shrq $52,%r9 + salq $12,%r10 + orq %r10,%r9 + + leaq -168(%rsp),%rsp +{vex} vpmadd52luq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52luq 32(%rsi),%ymm1,%ymm5 +{vex} vpmadd52luq 64(%rsi),%ymm1,%ymm6 +{vex} vpmadd52luq 96(%rsi),%ymm1,%ymm7 +{vex} vpmadd52luq 128(%rsi),%ymm1,%ymm8 + +{vex} vpmadd52luq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52luq 32(%rcx),%ymm2,%ymm5 +{vex} vpmadd52luq 64(%rcx),%ymm2,%ymm6 +{vex} vpmadd52luq 96(%rcx),%ymm2,%ymm7 +{vex} vpmadd52luq 128(%rcx),%ymm2,%ymm8 + + + vmovdqu %ymm3,0(%rsp) + vmovdqu %ymm5,32(%rsp) + vmovdqu %ymm6,64(%rsp) + vmovdqu %ymm7,96(%rsp) + vmovdqu %ymm8,128(%rsp) + movq $0,160(%rsp) + + vmovdqu 8(%rsp),%ymm3 + vmovdqu 40(%rsp),%ymm5 + vmovdqu 72(%rsp),%ymm6 + vmovdqu 104(%rsp),%ymm7 + vmovdqu 136(%rsp),%ymm8 + + addq 8(%rsp),%r9 + +{vex} vpmadd52huq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52huq 32(%rsi),%ymm1,%ymm5 +{vex} vpmadd52huq 64(%rsi),%ymm1,%ymm6 +{vex} vpmadd52huq 96(%rsi),%ymm1,%ymm7 +{vex} vpmadd52huq 128(%rsi),%ymm1,%ymm8 + +{vex} vpmadd52huq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52huq 32(%rcx),%ymm2,%ymm5 +{vex} vpmadd52huq 64(%rcx),%ymm2,%ymm6 +{vex} vpmadd52huq 96(%rcx),%ymm2,%ymm7 +{vex} vpmadd52huq 128(%rcx),%ymm2,%ymm8 + leaq 168(%rsp),%rsp + leaq 32(%r11),%r11 + decl %ebx + jne .Lloop5 + + vmovq %r9,%xmm0 + vpbroadcastq %xmm0,%ymm0 + vpblendd $3,%ymm0,%ymm3,%ymm3 + + + + vpsrlq $52,%ymm3,%ymm0 + vpsrlq $52,%ymm5,%ymm1 + vpsrlq $52,%ymm6,%ymm2 + vpsrlq $52,%ymm7,%ymm13 + vpsrlq $52,%ymm8,%ymm14 + + + vpermq $144,%ymm14,%ymm14 + vpermq $3,%ymm13,%ymm15 + vblendpd $1,%ymm15,%ymm14,%ymm14 + + vpermq $144,%ymm13,%ymm13 + vpermq $3,%ymm2,%ymm15 + vblendpd $1,%ymm15,%ymm13,%ymm13 + + vpermq $144,%ymm2,%ymm2 + vpermq $3,%ymm1,%ymm15 + vblendpd $1,%ymm15,%ymm2,%ymm2 + + vpermq $144,%ymm1,%ymm1 + vpermq $3,%ymm0,%ymm15 + vblendpd $1,%ymm15,%ymm1,%ymm1 + + vpermq $144,%ymm0,%ymm0 + vpand .Lhigh64x3(%rip),%ymm0,%ymm0 + + + vpand .Lmask52x4(%rip),%ymm3,%ymm3 + vpand .Lmask52x4(%rip),%ymm5,%ymm5 + vpand .Lmask52x4(%rip),%ymm6,%ymm6 + vpand .Lmask52x4(%rip),%ymm7,%ymm7 + vpand .Lmask52x4(%rip),%ymm8,%ymm8 + + + vpaddq %ymm0,%ymm3,%ymm3 + vpaddq %ymm1,%ymm5,%ymm5 + vpaddq %ymm2,%ymm6,%ymm6 + vpaddq %ymm13,%ymm7,%ymm7 + vpaddq %ymm14,%ymm8,%ymm8 + + + + vpcmpgtq .Lmask52x4(%rip),%ymm3,%ymm0 + vpcmpgtq .Lmask52x4(%rip),%ymm5,%ymm1 + vpcmpgtq .Lmask52x4(%rip),%ymm6,%ymm2 + vpcmpgtq .Lmask52x4(%rip),%ymm7,%ymm13 + vpcmpgtq .Lmask52x4(%rip),%ymm8,%ymm14 + vmovmskpd %ymm0,%r14d + vmovmskpd %ymm1,%r13d + vmovmskpd %ymm2,%r12d + vmovmskpd %ymm13,%r11d + vmovmskpd %ymm14,%r10d + + + vpcmpeqq .Lmask52x4(%rip),%ymm3,%ymm0 + vpcmpeqq .Lmask52x4(%rip),%ymm5,%ymm1 + vpcmpeqq .Lmask52x4(%rip),%ymm6,%ymm2 + vpcmpeqq .Lmask52x4(%rip),%ymm7,%ymm13 + vpcmpeqq .Lmask52x4(%rip),%ymm8,%ymm14 + vmovmskpd %ymm0,%r9d + vmovmskpd %ymm1,%r8d + vmovmskpd %ymm2,%ebx + vmovmskpd %ymm13,%ecx + vmovmskpd %ymm14,%edx + + + + shlb $4,%r13b + orb %r13b,%r14b + shlb $4,%r11b + orb %r11b,%r12b + + addb %r14b,%r14b + adcb %r12b,%r12b + adcb %r10b,%r10b + + shlb $4,%r8b + orb %r8b,%r9b + shlb $4,%cl + orb %cl,%bl + + addb %r9b,%r14b + adcb %bl,%r12b + adcb %dl,%r10b + + xorb %r9b,%r14b + xorb %bl,%r12b + xorb %dl,%r10b + + leaq .Lkmasklut(%rip),%rdx + + movb %r14b,%r13b + andq $0xf,%r14 + vpsubq .Lmask52x4(%rip),%ymm3,%ymm0 + shlq $5,%r14 + vmovapd (%rdx,%r14,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm3,%ymm3 + + shrb $4,%r13b + andq $0xf,%r13 + vpsubq .Lmask52x4(%rip),%ymm5,%ymm0 + shlq $5,%r13 + vmovapd (%rdx,%r13,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm5,%ymm5 + + movb %r12b,%r11b + andq $0xf,%r12 + vpsubq .Lmask52x4(%rip),%ymm6,%ymm0 + shlq $5,%r12 + vmovapd (%rdx,%r12,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm6,%ymm6 + + shrb $4,%r11b + andq $0xf,%r11 + vpsubq .Lmask52x4(%rip),%ymm7,%ymm0 + shlq $5,%r11 + vmovapd (%rdx,%r11,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm7,%ymm7 + + andq $0xf,%r10 + vpsubq .Lmask52x4(%rip),%ymm8,%ymm0 + shlq $5,%r10 + vmovapd (%rdx,%r10,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm8,%ymm8 + + + vpand .Lmask52x4(%rip),%ymm3,%ymm3 + vpand .Lmask52x4(%rip),%ymm5,%ymm5 + vpand .Lmask52x4(%rip),%ymm6,%ymm6 + vpand .Lmask52x4(%rip),%ymm7,%ymm7 + vpand .Lmask52x4(%rip),%ymm8,%ymm8 + + vmovdqu %ymm3,0(%rdi) + vmovdqu %ymm5,32(%rdi) + vmovdqu %ymm6,64(%rdi) + vmovdqu %ymm7,96(%rdi) + vmovdqu %ymm8,128(%rdi) + + vzeroupper + movq 0(%rsp),%r15 +.cfi_restore %r15 + movq 8(%rsp),%r14 +.cfi_restore %r14 + movq 16(%rsp),%r13 +.cfi_restore %r13 + movq 24(%rsp),%r12 +.cfi_restore %r12 + movq 32(%rsp),%rbp +.cfi_restore %rbp + movq 40(%rsp),%rbx +.cfi_restore %rbx + leaq 48(%rsp),%rsp +.cfi_adjust_cfa_offset -48 +.Lossl_rsaz_amm52x20_x1_avxifma256_epilogue: + .byte 0xf3,0xc3 +.cfi_endproc +.size ossl_rsaz_amm52x20_x1_avxifma256, .-ossl_rsaz_amm52x20_x1_avxifma256 +.section .rodata +.align 32 +.Lmask52x4: +.quad 0xfffffffffffff +.quad 0xfffffffffffff +.quad 0xfffffffffffff +.quad 0xfffffffffffff +.Lhigh64x3: +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.Lkmasklut: + +.quad 0x0 +.quad 0x0 +.quad 0x0 +.quad 0x0 + +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0x0 +.quad 0x0 + +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0x0 + +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0x0 + +.quad 0x0 +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0x0 + +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0x0 + +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0x0 + +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0x0 + +.quad 0x0 +.quad 0x0 +.quad 0x0 +.quad 0xffffffffffffffff + +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0x0 +.quad 0xffffffffffffffff + +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0xffffffffffffffff + +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0xffffffffffffffff + +.quad 0x0 +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff + +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff + +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff + +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.text + +.globl ossl_rsaz_amm52x20_x2_avxifma256 +.type ossl_rsaz_amm52x20_x2_avxifma256,@function +.align 32 +ossl_rsaz_amm52x20_x2_avxifma256: +.cfi_startproc +.byte 243,15,30,250 + pushq %rbx +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbx,-16 + pushq %rbp +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbp,-24 + pushq %r12 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r12,-32 + pushq %r13 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r13,-40 + pushq %r14 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r14,-48 + pushq %r15 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r15,-56 +.Lossl_rsaz_amm52x20_x2_avxifma256_body: + + + vpxor %ymm0,%ymm0,%ymm0 + vmovapd %ymm0,%ymm3 + vmovapd %ymm0,%ymm5 + vmovapd %ymm0,%ymm6 + vmovapd %ymm0,%ymm7 + vmovapd %ymm0,%ymm8 + vmovapd %ymm0,%ymm4 + vmovapd %ymm0,%ymm9 + vmovapd %ymm0,%ymm10 + vmovapd %ymm0,%ymm11 + vmovapd %ymm0,%ymm12 + + xorl %r9d,%r9d + xorl %r15d,%r15d + + movq %rdx,%r11 + movq $0xfffffffffffff,%rax + + movl $20,%ebx + +.align 32 +.Lloop20: + movq 0(%r11),%r13 + + vpbroadcastq 0(%r11),%ymm1 + movq 0(%rsi),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + movq %r12,%r10 + adcq $0,%r10 + + movq (%r8),%r13 + imulq %r9,%r13 + andq %rax,%r13 + + vmovq %r13,%xmm2 + vpbroadcastq %xmm2,%ymm2 + movq 0(%rcx),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + adcq %r12,%r10 + + shrq $52,%r9 + salq $12,%r10 + orq %r10,%r9 + + leaq -168(%rsp),%rsp +{vex} vpmadd52luq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52luq 32(%rsi),%ymm1,%ymm5 +{vex} vpmadd52luq 64(%rsi),%ymm1,%ymm6 +{vex} vpmadd52luq 96(%rsi),%ymm1,%ymm7 +{vex} vpmadd52luq 128(%rsi),%ymm1,%ymm8 + +{vex} vpmadd52luq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52luq 32(%rcx),%ymm2,%ymm5 +{vex} vpmadd52luq 64(%rcx),%ymm2,%ymm6 +{vex} vpmadd52luq 96(%rcx),%ymm2,%ymm7 +{vex} vpmadd52luq 128(%rcx),%ymm2,%ymm8 + + + vmovdqu %ymm3,0(%rsp) + vmovdqu %ymm5,32(%rsp) + vmovdqu %ymm6,64(%rsp) + vmovdqu %ymm7,96(%rsp) + vmovdqu %ymm8,128(%rsp) + movq $0,160(%rsp) + + vmovdqu 8(%rsp),%ymm3 + vmovdqu 40(%rsp),%ymm5 + vmovdqu 72(%rsp),%ymm6 + vmovdqu 104(%rsp),%ymm7 + vmovdqu 136(%rsp),%ymm8 + + addq 8(%rsp),%r9 + +{vex} vpmadd52huq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52huq 32(%rsi),%ymm1,%ymm5 +{vex} vpmadd52huq 64(%rsi),%ymm1,%ymm6 +{vex} vpmadd52huq 96(%rsi),%ymm1,%ymm7 +{vex} vpmadd52huq 128(%rsi),%ymm1,%ymm8 + +{vex} vpmadd52huq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52huq 32(%rcx),%ymm2,%ymm5 +{vex} vpmadd52huq 64(%rcx),%ymm2,%ymm6 +{vex} vpmadd52huq 96(%rcx),%ymm2,%ymm7 +{vex} vpmadd52huq 128(%rcx),%ymm2,%ymm8 + leaq 168(%rsp),%rsp + movq 160(%r11),%r13 + + vpbroadcastq 160(%r11),%ymm1 + movq 160(%rsi),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r15 + movq %r12,%r10 + adcq $0,%r10 + + movq 8(%r8),%r13 + imulq %r15,%r13 + andq %rax,%r13 + + vmovq %r13,%xmm2 + vpbroadcastq %xmm2,%ymm2 + movq 160(%rcx),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r15 + adcq %r12,%r10 + + shrq $52,%r15 + salq $12,%r10 + orq %r10,%r15 + + leaq -168(%rsp),%rsp +{vex} vpmadd52luq 160(%rsi),%ymm1,%ymm4 +{vex} vpmadd52luq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52luq 224(%rsi),%ymm1,%ymm10 +{vex} vpmadd52luq 256(%rsi),%ymm1,%ymm11 +{vex} vpmadd52luq 288(%rsi),%ymm1,%ymm12 + +{vex} vpmadd52luq 160(%rcx),%ymm2,%ymm4 +{vex} vpmadd52luq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52luq 224(%rcx),%ymm2,%ymm10 +{vex} vpmadd52luq 256(%rcx),%ymm2,%ymm11 +{vex} vpmadd52luq 288(%rcx),%ymm2,%ymm12 + + + vmovdqu %ymm4,0(%rsp) + vmovdqu %ymm9,32(%rsp) + vmovdqu %ymm10,64(%rsp) + vmovdqu %ymm11,96(%rsp) + vmovdqu %ymm12,128(%rsp) + movq $0,160(%rsp) + + vmovdqu 8(%rsp),%ymm4 + vmovdqu 40(%rsp),%ymm9 + vmovdqu 72(%rsp),%ymm10 + vmovdqu 104(%rsp),%ymm11 + vmovdqu 136(%rsp),%ymm12 + + addq 8(%rsp),%r15 + +{vex} vpmadd52huq 160(%rsi),%ymm1,%ymm4 +{vex} vpmadd52huq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52huq 224(%rsi),%ymm1,%ymm10 +{vex} vpmadd52huq 256(%rsi),%ymm1,%ymm11 +{vex} vpmadd52huq 288(%rsi),%ymm1,%ymm12 + +{vex} vpmadd52huq 160(%rcx),%ymm2,%ymm4 +{vex} vpmadd52huq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52huq 224(%rcx),%ymm2,%ymm10 +{vex} vpmadd52huq 256(%rcx),%ymm2,%ymm11 +{vex} vpmadd52huq 288(%rcx),%ymm2,%ymm12 + leaq 168(%rsp),%rsp + leaq 8(%r11),%r11 + decl %ebx + jne .Lloop20 + + vmovq %r9,%xmm0 + vpbroadcastq %xmm0,%ymm0 + vpblendd $3,%ymm0,%ymm3,%ymm3 + + + + vpsrlq $52,%ymm3,%ymm0 + vpsrlq $52,%ymm5,%ymm1 + vpsrlq $52,%ymm6,%ymm2 + vpsrlq $52,%ymm7,%ymm13 + vpsrlq $52,%ymm8,%ymm14 + + + vpermq $144,%ymm14,%ymm14 + vpermq $3,%ymm13,%ymm15 + vblendpd $1,%ymm15,%ymm14,%ymm14 + + vpermq $144,%ymm13,%ymm13 + vpermq $3,%ymm2,%ymm15 + vblendpd $1,%ymm15,%ymm13,%ymm13 + + vpermq $144,%ymm2,%ymm2 + vpermq $3,%ymm1,%ymm15 + vblendpd $1,%ymm15,%ymm2,%ymm2 + + vpermq $144,%ymm1,%ymm1 + vpermq $3,%ymm0,%ymm15 + vblendpd $1,%ymm15,%ymm1,%ymm1 + + vpermq $144,%ymm0,%ymm0 + vpand .Lhigh64x3(%rip),%ymm0,%ymm0 + + + vpand .Lmask52x4(%rip),%ymm3,%ymm3 + vpand .Lmask52x4(%rip),%ymm5,%ymm5 + vpand .Lmask52x4(%rip),%ymm6,%ymm6 + vpand .Lmask52x4(%rip),%ymm7,%ymm7 + vpand .Lmask52x4(%rip),%ymm8,%ymm8 + + + vpaddq %ymm0,%ymm3,%ymm3 + vpaddq %ymm1,%ymm5,%ymm5 + vpaddq %ymm2,%ymm6,%ymm6 + vpaddq %ymm13,%ymm7,%ymm7 + vpaddq %ymm14,%ymm8,%ymm8 + + + + vpcmpgtq .Lmask52x4(%rip),%ymm3,%ymm0 + vpcmpgtq .Lmask52x4(%rip),%ymm5,%ymm1 + vpcmpgtq .Lmask52x4(%rip),%ymm6,%ymm2 + vpcmpgtq .Lmask52x4(%rip),%ymm7,%ymm13 + vpcmpgtq .Lmask52x4(%rip),%ymm8,%ymm14 + vmovmskpd %ymm0,%r14d + vmovmskpd %ymm1,%r13d + vmovmskpd %ymm2,%r12d + vmovmskpd %ymm13,%r11d + vmovmskpd %ymm14,%r10d + + + vpcmpeqq .Lmask52x4(%rip),%ymm3,%ymm0 + vpcmpeqq .Lmask52x4(%rip),%ymm5,%ymm1 + vpcmpeqq .Lmask52x4(%rip),%ymm6,%ymm2 + vpcmpeqq .Lmask52x4(%rip),%ymm7,%ymm13 + vpcmpeqq .Lmask52x4(%rip),%ymm8,%ymm14 + vmovmskpd %ymm0,%r9d + vmovmskpd %ymm1,%r8d + vmovmskpd %ymm2,%ebx + vmovmskpd %ymm13,%ecx + vmovmskpd %ymm14,%edx + + + + shlb $4,%r13b + orb %r13b,%r14b + shlb $4,%r11b + orb %r11b,%r12b + + addb %r14b,%r14b + adcb %r12b,%r12b + adcb %r10b,%r10b + + shlb $4,%r8b + orb %r8b,%r9b + shlb $4,%cl + orb %cl,%bl + + addb %r9b,%r14b + adcb %bl,%r12b + adcb %dl,%r10b + + xorb %r9b,%r14b + xorb %bl,%r12b + xorb %dl,%r10b + + leaq .Lkmasklut(%rip),%rdx + + movb %r14b,%r13b + andq $0xf,%r14 + vpsubq .Lmask52x4(%rip),%ymm3,%ymm0 + shlq $5,%r14 + vmovapd (%rdx,%r14,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm3,%ymm3 + + shrb $4,%r13b + andq $0xf,%r13 + vpsubq .Lmask52x4(%rip),%ymm5,%ymm0 + shlq $5,%r13 + vmovapd (%rdx,%r13,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm5,%ymm5 + + movb %r12b,%r11b + andq $0xf,%r12 + vpsubq .Lmask52x4(%rip),%ymm6,%ymm0 + shlq $5,%r12 + vmovapd (%rdx,%r12,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm6,%ymm6 + + shrb $4,%r11b + andq $0xf,%r11 + vpsubq .Lmask52x4(%rip),%ymm7,%ymm0 + shlq $5,%r11 + vmovapd (%rdx,%r11,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm7,%ymm7 + + andq $0xf,%r10 + vpsubq .Lmask52x4(%rip),%ymm8,%ymm0 + shlq $5,%r10 + vmovapd (%rdx,%r10,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm8,%ymm8 + + + vpand .Lmask52x4(%rip),%ymm3,%ymm3 + vpand .Lmask52x4(%rip),%ymm5,%ymm5 + vpand .Lmask52x4(%rip),%ymm6,%ymm6 + vpand .Lmask52x4(%rip),%ymm7,%ymm7 + vpand .Lmask52x4(%rip),%ymm8,%ymm8 + + vmovq %r15,%xmm0 + vpbroadcastq %xmm0,%ymm0 + vpblendd $3,%ymm0,%ymm4,%ymm4 + + + + vpsrlq $52,%ymm4,%ymm0 + vpsrlq $52,%ymm9,%ymm1 + vpsrlq $52,%ymm10,%ymm2 + vpsrlq $52,%ymm11,%ymm13 + vpsrlq $52,%ymm12,%ymm14 + + + vpermq $144,%ymm14,%ymm14 + vpermq $3,%ymm13,%ymm15 + vblendpd $1,%ymm15,%ymm14,%ymm14 + + vpermq $144,%ymm13,%ymm13 + vpermq $3,%ymm2,%ymm15 + vblendpd $1,%ymm15,%ymm13,%ymm13 + + vpermq $144,%ymm2,%ymm2 + vpermq $3,%ymm1,%ymm15 + vblendpd $1,%ymm15,%ymm2,%ymm2 + + vpermq $144,%ymm1,%ymm1 + vpermq $3,%ymm0,%ymm15 + vblendpd $1,%ymm15,%ymm1,%ymm1 + + vpermq $144,%ymm0,%ymm0 + vpand .Lhigh64x3(%rip),%ymm0,%ymm0 + + + vpand .Lmask52x4(%rip),%ymm4,%ymm4 + vpand .Lmask52x4(%rip),%ymm9,%ymm9 + vpand .Lmask52x4(%rip),%ymm10,%ymm10 + vpand .Lmask52x4(%rip),%ymm11,%ymm11 + vpand .Lmask52x4(%rip),%ymm12,%ymm12 + + + vpaddq %ymm0,%ymm4,%ymm4 + vpaddq %ymm1,%ymm9,%ymm9 + vpaddq %ymm2,%ymm10,%ymm10 + vpaddq %ymm13,%ymm11,%ymm11 + vpaddq %ymm14,%ymm12,%ymm12 + + + + vpcmpgtq .Lmask52x4(%rip),%ymm4,%ymm0 + vpcmpgtq .Lmask52x4(%rip),%ymm9,%ymm1 + vpcmpgtq .Lmask52x4(%rip),%ymm10,%ymm2 + vpcmpgtq .Lmask52x4(%rip),%ymm11,%ymm13 + vpcmpgtq .Lmask52x4(%rip),%ymm12,%ymm14 + vmovmskpd %ymm0,%r14d + vmovmskpd %ymm1,%r13d + vmovmskpd %ymm2,%r12d + vmovmskpd %ymm13,%r11d + vmovmskpd %ymm14,%r10d + + + vpcmpeqq .Lmask52x4(%rip),%ymm4,%ymm0 + vpcmpeqq .Lmask52x4(%rip),%ymm9,%ymm1 + vpcmpeqq .Lmask52x4(%rip),%ymm10,%ymm2 + vpcmpeqq .Lmask52x4(%rip),%ymm11,%ymm13 + vpcmpeqq .Lmask52x4(%rip),%ymm12,%ymm14 + vmovmskpd %ymm0,%r9d + vmovmskpd %ymm1,%r8d + vmovmskpd %ymm2,%ebx + vmovmskpd %ymm13,%ecx + vmovmskpd %ymm14,%edx + + + + shlb $4,%r13b + orb %r13b,%r14b + shlb $4,%r11b + orb %r11b,%r12b + + addb %r14b,%r14b + adcb %r12b,%r12b + adcb %r10b,%r10b + + shlb $4,%r8b + orb %r8b,%r9b + shlb $4,%cl + orb %cl,%bl + + addb %r9b,%r14b + adcb %bl,%r12b + adcb %dl,%r10b + + xorb %r9b,%r14b + xorb %bl,%r12b + xorb %dl,%r10b + + leaq .Lkmasklut(%rip),%rdx + + movb %r14b,%r13b + andq $0xf,%r14 + vpsubq .Lmask52x4(%rip),%ymm4,%ymm0 + shlq $5,%r14 + vmovapd (%rdx,%r14,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm4,%ymm4 + + shrb $4,%r13b + andq $0xf,%r13 + vpsubq .Lmask52x4(%rip),%ymm9,%ymm0 + shlq $5,%r13 + vmovapd (%rdx,%r13,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm9,%ymm9 + + movb %r12b,%r11b + andq $0xf,%r12 + vpsubq .Lmask52x4(%rip),%ymm10,%ymm0 + shlq $5,%r12 + vmovapd (%rdx,%r12,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm10,%ymm10 + + shrb $4,%r11b + andq $0xf,%r11 + vpsubq .Lmask52x4(%rip),%ymm11,%ymm0 + shlq $5,%r11 + vmovapd (%rdx,%r11,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm11,%ymm11 + + andq $0xf,%r10 + vpsubq .Lmask52x4(%rip),%ymm12,%ymm0 + shlq $5,%r10 + vmovapd (%rdx,%r10,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm12,%ymm12 + + + vpand .Lmask52x4(%rip),%ymm4,%ymm4 + vpand .Lmask52x4(%rip),%ymm9,%ymm9 + vpand .Lmask52x4(%rip),%ymm10,%ymm10 + vpand .Lmask52x4(%rip),%ymm11,%ymm11 + vpand .Lmask52x4(%rip),%ymm12,%ymm12 + + vmovdqu %ymm3,0(%rdi) + vmovdqu %ymm5,32(%rdi) + vmovdqu %ymm6,64(%rdi) + vmovdqu %ymm7,96(%rdi) + vmovdqu %ymm8,128(%rdi) + + vmovdqu %ymm4,160(%rdi) + vmovdqu %ymm9,192(%rdi) + vmovdqu %ymm10,224(%rdi) + vmovdqu %ymm11,256(%rdi) + vmovdqu %ymm12,288(%rdi) + + vzeroupper + movq 0(%rsp),%r15 +.cfi_restore %r15 + movq 8(%rsp),%r14 +.cfi_restore %r14 + movq 16(%rsp),%r13 +.cfi_restore %r13 + movq 24(%rsp),%r12 +.cfi_restore %r12 + movq 32(%rsp),%rbp +.cfi_restore %rbp + movq 40(%rsp),%rbx +.cfi_restore %rbx + leaq 48(%rsp),%rsp +.cfi_adjust_cfa_offset -48 +.Lossl_rsaz_amm52x20_x2_avxifma256_epilogue: + .byte 0xf3,0xc3 +.cfi_endproc +.size ossl_rsaz_amm52x20_x2_avxifma256, .-ossl_rsaz_amm52x20_x2_avxifma256 +.text + +.align 32 +.globl ossl_extract_multiplier_2x20_win5_avx +.type ossl_extract_multiplier_2x20_win5_avx,@function +ossl_extract_multiplier_2x20_win5_avx: +.cfi_startproc +.byte 243,15,30,250 + vmovapd .Lones(%rip),%ymm14 + vmovq %rdx,%xmm10 + vpbroadcastq %xmm10,%ymm12 + vmovq %rcx,%xmm10 + vpbroadcastq %xmm10,%ymm13 + leaq 10240(%rsi),%rax + + + vpxor %xmm0,%xmm0,%xmm0 + vmovapd %ymm0,%ymm11 + vmovapd %ymm0,%ymm1 + vmovapd %ymm0,%ymm2 + vmovapd %ymm0,%ymm3 + vmovapd %ymm0,%ymm4 + vmovapd %ymm0,%ymm5 + vmovapd %ymm0,%ymm6 + vmovapd %ymm0,%ymm7 + vmovapd %ymm0,%ymm8 + vmovapd %ymm0,%ymm9 + +.align 32 +.Lloop: + vpcmpeqq %ymm11,%ymm12,%ymm15 + vmovdqu 0(%rsi),%ymm10 + vblendvpd %ymm15,%ymm10,%ymm0,%ymm0 + vmovdqu 32(%rsi),%ymm10 + vblendvpd %ymm15,%ymm10,%ymm1,%ymm1 + vmovdqu 64(%rsi),%ymm10 + vblendvpd %ymm15,%ymm10,%ymm2,%ymm2 + vmovdqu 96(%rsi),%ymm10 + vblendvpd %ymm15,%ymm10,%ymm3,%ymm3 + vmovdqu 128(%rsi),%ymm10 + vblendvpd %ymm15,%ymm10,%ymm4,%ymm4 + vpcmpeqq %ymm11,%ymm13,%ymm15 + vmovdqu 160(%rsi),%ymm10 + vblendvpd %ymm15,%ymm10,%ymm5,%ymm5 + vmovdqu 192(%rsi),%ymm10 + vblendvpd %ymm15,%ymm10,%ymm6,%ymm6 + vmovdqu 224(%rsi),%ymm10 + vblendvpd %ymm15,%ymm10,%ymm7,%ymm7 + vmovdqu 256(%rsi),%ymm10 + vblendvpd %ymm15,%ymm10,%ymm8,%ymm8 + vmovdqu 288(%rsi),%ymm10 + vblendvpd %ymm15,%ymm10,%ymm9,%ymm9 + vpaddq %ymm14,%ymm11,%ymm11 + addq $320,%rsi + cmpq %rsi,%rax + jne .Lloop + vmovdqu %ymm0,0(%rdi) + vmovdqu %ymm1,32(%rdi) + vmovdqu %ymm2,64(%rdi) + vmovdqu %ymm3,96(%rdi) + vmovdqu %ymm4,128(%rdi) + vmovdqu %ymm5,160(%rdi) + vmovdqu %ymm6,192(%rdi) + vmovdqu %ymm7,224(%rdi) + vmovdqu %ymm8,256(%rdi) + vmovdqu %ymm9,288(%rdi) + .byte 0xf3,0xc3 +.cfi_endproc +.size ossl_extract_multiplier_2x20_win5_avx, .-ossl_extract_multiplier_2x20_win5_avx +.section .rodata +.align 32 +.Lones: +.quad 1,1,1,1 +.Lzeros: +.quad 0,0,0,0 diff --git a/contrib/openssl-cmake/asm/crypto/bn/rsaz-3k-avx512.s b/contrib/openssl-cmake/asm/crypto/bn/rsaz-3k-avx512.s index 909b794a68db..0a389896a031 100644 --- a/contrib/openssl-cmake/asm/crypto/bn/rsaz-3k-avx512.s +++ b/contrib/openssl-cmake/asm/crypto/bn/rsaz-3k-avx512.s @@ -657,7 +657,7 @@ ossl_rsaz_amm52x30_x1_ifma256: .byte 0xf3,0xc3 .cfi_endproc .size ossl_rsaz_amm52x30_x1_ifma256, .-ossl_rsaz_amm52x30_x1_ifma256 -.data +.section .rodata .align 32 .Lmask52x4: .quad 0xfffffffffffff @@ -1302,7 +1302,7 @@ ossl_extract_multiplier_2x30_win5: .byte 0xf3,0xc3 .cfi_endproc .size ossl_extract_multiplier_2x30_win5, .-ossl_extract_multiplier_2x30_win5 -.data +.section .rodata .align 32 .Lones: .quad 1,1,1,1 diff --git a/contrib/openssl-cmake/asm/crypto/bn/rsaz-3k-avxifma.s b/contrib/openssl-cmake/asm/crypto/bn/rsaz-3k-avxifma.s new file mode 100644 index 000000000000..5ee447b0053a --- /dev/null +++ b/contrib/openssl-cmake/asm/crypto/bn/rsaz-3k-avxifma.s @@ -0,0 +1,1747 @@ +.text + +.globl ossl_rsaz_amm52x30_x1_avxifma256 +.type ossl_rsaz_amm52x30_x1_avxifma256,@function +.align 32 +ossl_rsaz_amm52x30_x1_avxifma256: +.cfi_startproc +.byte 243,15,30,250 + pushq %rbx +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbx,-16 + pushq %rbp +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbp,-24 + pushq %r12 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r12,-32 + pushq %r13 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r13,-40 + pushq %r14 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r14,-48 + pushq %r15 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r15,-56 + + vpxor %ymm0,%ymm0,%ymm0 + vmovapd %ymm0,%ymm3 + vmovapd %ymm0,%ymm4 + vmovapd %ymm0,%ymm5 + vmovapd %ymm0,%ymm6 + vmovapd %ymm0,%ymm7 + vmovapd %ymm0,%ymm8 + vmovapd %ymm0,%ymm9 + vmovapd %ymm0,%ymm10 + + xorl %r9d,%r9d + + movq %rdx,%r11 + movq $0xfffffffffffff,%rax + + + movl $7,%ebx + +.align 32 +.Lloop7: + movq 0(%r11),%r13 + + vpbroadcastq 0(%r11),%ymm1 + movq 0(%rsi),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + movq %r12,%r10 + adcq $0,%r10 + + movq %r8,%r13 + imulq %r9,%r13 + andq %rax,%r13 + + vmovq %r13,%xmm2 + vpbroadcastq %xmm2,%ymm2 + movq 0(%rcx),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + adcq %r12,%r10 + + shrq $52,%r9 + salq $12,%r10 + orq %r10,%r9 + + leaq -264(%rsp),%rsp + +{vex} vpmadd52luq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52luq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52luq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52luq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52luq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52luq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52luq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52luq 224(%rsi),%ymm1,%ymm10 + +{vex} vpmadd52luq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52luq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52luq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52luq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52luq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52luq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52luq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52luq 224(%rcx),%ymm2,%ymm10 + + + vmovdqu %ymm3,0(%rsp) + vmovdqu %ymm4,32(%rsp) + vmovdqu %ymm5,64(%rsp) + vmovdqu %ymm6,96(%rsp) + vmovdqu %ymm7,128(%rsp) + vmovdqu %ymm8,160(%rsp) + vmovdqu %ymm9,192(%rsp) + vmovdqu %ymm10,224(%rsp) + movq $0,256(%rsp) + + vmovdqu 8(%rsp),%ymm3 + vmovdqu 40(%rsp),%ymm4 + vmovdqu 72(%rsp),%ymm5 + vmovdqu 104(%rsp),%ymm6 + vmovdqu 136(%rsp),%ymm7 + vmovdqu 168(%rsp),%ymm8 + vmovdqu 200(%rsp),%ymm9 + vmovdqu 232(%rsp),%ymm10 + + addq 8(%rsp),%r9 + +{vex} vpmadd52huq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52huq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52huq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52huq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52huq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52huq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52huq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52huq 224(%rsi),%ymm1,%ymm10 + +{vex} vpmadd52huq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52huq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52huq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52huq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52huq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52huq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52huq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52huq 224(%rcx),%ymm2,%ymm10 + + leaq 264(%rsp),%rsp + movq 8(%r11),%r13 + + vpbroadcastq 8(%r11),%ymm1 + movq 0(%rsi),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + movq %r12,%r10 + adcq $0,%r10 + + movq %r8,%r13 + imulq %r9,%r13 + andq %rax,%r13 + + vmovq %r13,%xmm2 + vpbroadcastq %xmm2,%ymm2 + movq 0(%rcx),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + adcq %r12,%r10 + + shrq $52,%r9 + salq $12,%r10 + orq %r10,%r9 + + leaq -264(%rsp),%rsp + +{vex} vpmadd52luq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52luq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52luq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52luq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52luq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52luq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52luq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52luq 224(%rsi),%ymm1,%ymm10 + +{vex} vpmadd52luq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52luq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52luq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52luq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52luq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52luq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52luq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52luq 224(%rcx),%ymm2,%ymm10 + + + vmovdqu %ymm3,0(%rsp) + vmovdqu %ymm4,32(%rsp) + vmovdqu %ymm5,64(%rsp) + vmovdqu %ymm6,96(%rsp) + vmovdqu %ymm7,128(%rsp) + vmovdqu %ymm8,160(%rsp) + vmovdqu %ymm9,192(%rsp) + vmovdqu %ymm10,224(%rsp) + movq $0,256(%rsp) + + vmovdqu 8(%rsp),%ymm3 + vmovdqu 40(%rsp),%ymm4 + vmovdqu 72(%rsp),%ymm5 + vmovdqu 104(%rsp),%ymm6 + vmovdqu 136(%rsp),%ymm7 + vmovdqu 168(%rsp),%ymm8 + vmovdqu 200(%rsp),%ymm9 + vmovdqu 232(%rsp),%ymm10 + + addq 8(%rsp),%r9 + +{vex} vpmadd52huq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52huq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52huq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52huq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52huq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52huq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52huq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52huq 224(%rsi),%ymm1,%ymm10 + +{vex} vpmadd52huq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52huq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52huq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52huq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52huq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52huq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52huq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52huq 224(%rcx),%ymm2,%ymm10 + + leaq 264(%rsp),%rsp + movq 16(%r11),%r13 + + vpbroadcastq 16(%r11),%ymm1 + movq 0(%rsi),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + movq %r12,%r10 + adcq $0,%r10 + + movq %r8,%r13 + imulq %r9,%r13 + andq %rax,%r13 + + vmovq %r13,%xmm2 + vpbroadcastq %xmm2,%ymm2 + movq 0(%rcx),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + adcq %r12,%r10 + + shrq $52,%r9 + salq $12,%r10 + orq %r10,%r9 + + leaq -264(%rsp),%rsp + +{vex} vpmadd52luq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52luq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52luq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52luq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52luq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52luq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52luq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52luq 224(%rsi),%ymm1,%ymm10 + +{vex} vpmadd52luq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52luq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52luq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52luq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52luq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52luq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52luq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52luq 224(%rcx),%ymm2,%ymm10 + + + vmovdqu %ymm3,0(%rsp) + vmovdqu %ymm4,32(%rsp) + vmovdqu %ymm5,64(%rsp) + vmovdqu %ymm6,96(%rsp) + vmovdqu %ymm7,128(%rsp) + vmovdqu %ymm8,160(%rsp) + vmovdqu %ymm9,192(%rsp) + vmovdqu %ymm10,224(%rsp) + movq $0,256(%rsp) + + vmovdqu 8(%rsp),%ymm3 + vmovdqu 40(%rsp),%ymm4 + vmovdqu 72(%rsp),%ymm5 + vmovdqu 104(%rsp),%ymm6 + vmovdqu 136(%rsp),%ymm7 + vmovdqu 168(%rsp),%ymm8 + vmovdqu 200(%rsp),%ymm9 + vmovdqu 232(%rsp),%ymm10 + + addq 8(%rsp),%r9 + +{vex} vpmadd52huq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52huq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52huq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52huq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52huq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52huq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52huq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52huq 224(%rsi),%ymm1,%ymm10 + +{vex} vpmadd52huq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52huq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52huq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52huq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52huq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52huq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52huq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52huq 224(%rcx),%ymm2,%ymm10 + + leaq 264(%rsp),%rsp + movq 24(%r11),%r13 + + vpbroadcastq 24(%r11),%ymm1 + movq 0(%rsi),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + movq %r12,%r10 + adcq $0,%r10 + + movq %r8,%r13 + imulq %r9,%r13 + andq %rax,%r13 + + vmovq %r13,%xmm2 + vpbroadcastq %xmm2,%ymm2 + movq 0(%rcx),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + adcq %r12,%r10 + + shrq $52,%r9 + salq $12,%r10 + orq %r10,%r9 + + leaq -264(%rsp),%rsp + +{vex} vpmadd52luq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52luq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52luq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52luq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52luq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52luq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52luq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52luq 224(%rsi),%ymm1,%ymm10 + +{vex} vpmadd52luq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52luq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52luq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52luq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52luq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52luq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52luq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52luq 224(%rcx),%ymm2,%ymm10 + + + vmovdqu %ymm3,0(%rsp) + vmovdqu %ymm4,32(%rsp) + vmovdqu %ymm5,64(%rsp) + vmovdqu %ymm6,96(%rsp) + vmovdqu %ymm7,128(%rsp) + vmovdqu %ymm8,160(%rsp) + vmovdqu %ymm9,192(%rsp) + vmovdqu %ymm10,224(%rsp) + movq $0,256(%rsp) + + vmovdqu 8(%rsp),%ymm3 + vmovdqu 40(%rsp),%ymm4 + vmovdqu 72(%rsp),%ymm5 + vmovdqu 104(%rsp),%ymm6 + vmovdqu 136(%rsp),%ymm7 + vmovdqu 168(%rsp),%ymm8 + vmovdqu 200(%rsp),%ymm9 + vmovdqu 232(%rsp),%ymm10 + + addq 8(%rsp),%r9 + +{vex} vpmadd52huq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52huq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52huq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52huq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52huq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52huq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52huq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52huq 224(%rsi),%ymm1,%ymm10 + +{vex} vpmadd52huq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52huq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52huq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52huq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52huq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52huq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52huq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52huq 224(%rcx),%ymm2,%ymm10 + + leaq 264(%rsp),%rsp + leaq 32(%r11),%r11 + decl %ebx + jne .Lloop7 + movq 0(%r11),%r13 + + vpbroadcastq 0(%r11),%ymm1 + movq 0(%rsi),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + movq %r12,%r10 + adcq $0,%r10 + + movq %r8,%r13 + imulq %r9,%r13 + andq %rax,%r13 + + vmovq %r13,%xmm2 + vpbroadcastq %xmm2,%ymm2 + movq 0(%rcx),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + adcq %r12,%r10 + + shrq $52,%r9 + salq $12,%r10 + orq %r10,%r9 + + leaq -264(%rsp),%rsp + +{vex} vpmadd52luq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52luq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52luq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52luq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52luq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52luq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52luq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52luq 224(%rsi),%ymm1,%ymm10 + +{vex} vpmadd52luq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52luq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52luq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52luq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52luq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52luq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52luq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52luq 224(%rcx),%ymm2,%ymm10 + + + vmovdqu %ymm3,0(%rsp) + vmovdqu %ymm4,32(%rsp) + vmovdqu %ymm5,64(%rsp) + vmovdqu %ymm6,96(%rsp) + vmovdqu %ymm7,128(%rsp) + vmovdqu %ymm8,160(%rsp) + vmovdqu %ymm9,192(%rsp) + vmovdqu %ymm10,224(%rsp) + movq $0,256(%rsp) + + vmovdqu 8(%rsp),%ymm3 + vmovdqu 40(%rsp),%ymm4 + vmovdqu 72(%rsp),%ymm5 + vmovdqu 104(%rsp),%ymm6 + vmovdqu 136(%rsp),%ymm7 + vmovdqu 168(%rsp),%ymm8 + vmovdqu 200(%rsp),%ymm9 + vmovdqu 232(%rsp),%ymm10 + + addq 8(%rsp),%r9 + +{vex} vpmadd52huq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52huq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52huq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52huq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52huq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52huq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52huq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52huq 224(%rsi),%ymm1,%ymm10 + +{vex} vpmadd52huq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52huq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52huq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52huq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52huq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52huq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52huq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52huq 224(%rcx),%ymm2,%ymm10 + + leaq 264(%rsp),%rsp + movq 8(%r11),%r13 + + vpbroadcastq 8(%r11),%ymm1 + movq 0(%rsi),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + movq %r12,%r10 + adcq $0,%r10 + + movq %r8,%r13 + imulq %r9,%r13 + andq %rax,%r13 + + vmovq %r13,%xmm2 + vpbroadcastq %xmm2,%ymm2 + movq 0(%rcx),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + adcq %r12,%r10 + + shrq $52,%r9 + salq $12,%r10 + orq %r10,%r9 + + leaq -264(%rsp),%rsp + +{vex} vpmadd52luq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52luq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52luq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52luq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52luq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52luq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52luq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52luq 224(%rsi),%ymm1,%ymm10 + +{vex} vpmadd52luq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52luq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52luq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52luq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52luq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52luq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52luq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52luq 224(%rcx),%ymm2,%ymm10 + + + vmovdqu %ymm3,0(%rsp) + vmovdqu %ymm4,32(%rsp) + vmovdqu %ymm5,64(%rsp) + vmovdqu %ymm6,96(%rsp) + vmovdqu %ymm7,128(%rsp) + vmovdqu %ymm8,160(%rsp) + vmovdqu %ymm9,192(%rsp) + vmovdqu %ymm10,224(%rsp) + movq $0,256(%rsp) + + vmovdqu 8(%rsp),%ymm3 + vmovdqu 40(%rsp),%ymm4 + vmovdqu 72(%rsp),%ymm5 + vmovdqu 104(%rsp),%ymm6 + vmovdqu 136(%rsp),%ymm7 + vmovdqu 168(%rsp),%ymm8 + vmovdqu 200(%rsp),%ymm9 + vmovdqu 232(%rsp),%ymm10 + + addq 8(%rsp),%r9 + +{vex} vpmadd52huq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52huq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52huq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52huq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52huq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52huq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52huq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52huq 224(%rsi),%ymm1,%ymm10 + +{vex} vpmadd52huq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52huq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52huq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52huq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52huq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52huq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52huq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52huq 224(%rcx),%ymm2,%ymm10 + + leaq 264(%rsp),%rsp + + vmovq %r9,%xmm0 + vpbroadcastq %xmm0,%ymm0 + vpblendd $3,%ymm0,%ymm3,%ymm3 + + + + vpsrlq $52,%ymm3,%ymm0 + vpsrlq $52,%ymm4,%ymm1 + vpsrlq $52,%ymm5,%ymm2 + vpsrlq $52,%ymm6,%ymm11 + vpsrlq $52,%ymm7,%ymm12 + vpsrlq $52,%ymm8,%ymm13 + vpsrlq $52,%ymm9,%ymm14 + vpsrlq $52,%ymm10,%ymm15 + + leaq -32(%rsp),%rsp + vmovupd %ymm3,(%rsp) + + + vpermq $144,%ymm15,%ymm15 + vpermq $3,%ymm14,%ymm3 + vblendpd $1,%ymm3,%ymm15,%ymm15 + + vpermq $144,%ymm14,%ymm14 + vpermq $3,%ymm13,%ymm3 + vblendpd $1,%ymm3,%ymm14,%ymm14 + + vpermq $144,%ymm13,%ymm13 + vpermq $3,%ymm12,%ymm3 + vblendpd $1,%ymm3,%ymm13,%ymm13 + + vpermq $144,%ymm12,%ymm12 + vpermq $3,%ymm11,%ymm3 + vblendpd $1,%ymm3,%ymm12,%ymm12 + + vpermq $144,%ymm11,%ymm11 + vpermq $3,%ymm2,%ymm3 + vblendpd $1,%ymm3,%ymm11,%ymm11 + + vpermq $144,%ymm2,%ymm2 + vpermq $3,%ymm1,%ymm3 + vblendpd $1,%ymm3,%ymm2,%ymm2 + + vpermq $144,%ymm1,%ymm1 + vpermq $3,%ymm0,%ymm3 + vblendpd $1,%ymm3,%ymm1,%ymm1 + + vpermq $144,%ymm0,%ymm0 + vpand .Lhigh64x3(%rip),%ymm0,%ymm0 + + vmovupd (%rsp),%ymm3 + leaq 32(%rsp),%rsp + + + vpand .Lmask52x4(%rip),%ymm3,%ymm3 + vpand .Lmask52x4(%rip),%ymm4,%ymm4 + vpand .Lmask52x4(%rip),%ymm5,%ymm5 + vpand .Lmask52x4(%rip),%ymm6,%ymm6 + vpand .Lmask52x4(%rip),%ymm7,%ymm7 + vpand .Lmask52x4(%rip),%ymm8,%ymm8 + vpand .Lmask52x4(%rip),%ymm9,%ymm9 + vpand .Lmask52x4(%rip),%ymm10,%ymm10 + + + vpaddq %ymm0,%ymm3,%ymm3 + vpaddq %ymm1,%ymm4,%ymm4 + vpaddq %ymm2,%ymm5,%ymm5 + vpaddq %ymm11,%ymm6,%ymm6 + vpaddq %ymm12,%ymm7,%ymm7 + vpaddq %ymm13,%ymm8,%ymm8 + vpaddq %ymm14,%ymm9,%ymm9 + vpaddq %ymm15,%ymm10,%ymm10 + + + + vpcmpgtq .Lmask52x4(%rip),%ymm3,%ymm0 + vpcmpgtq .Lmask52x4(%rip),%ymm4,%ymm1 + vmovmskpd %ymm0,%r14d + vmovmskpd %ymm1,%r13d + shlb $4,%r13b + orb %r13b,%r14b + + vpcmpgtq .Lmask52x4(%rip),%ymm5,%ymm2 + vpcmpgtq .Lmask52x4(%rip),%ymm6,%ymm11 + vmovmskpd %ymm2,%r13d + vmovmskpd %ymm11,%r12d + shlb $4,%r12b + orb %r12b,%r13b + + vpcmpgtq .Lmask52x4(%rip),%ymm7,%ymm12 + vpcmpgtq .Lmask52x4(%rip),%ymm8,%ymm13 + vmovmskpd %ymm12,%r12d + vmovmskpd %ymm13,%r11d + shlb $4,%r11b + orb %r11b,%r12b + + vpcmpgtq .Lmask52x4(%rip),%ymm9,%ymm14 + vpcmpgtq .Lmask52x4(%rip),%ymm10,%ymm15 + vmovmskpd %ymm14,%r11d + vmovmskpd %ymm15,%r10d + shlb $4,%r10b + orb %r10b,%r11b + + addb %r14b,%r14b + adcb %r13b,%r13b + adcb %r12b,%r12b + adcb %r11b,%r11b + + + vpcmpeqq .Lmask52x4(%rip),%ymm3,%ymm0 + vpcmpeqq .Lmask52x4(%rip),%ymm4,%ymm1 + vmovmskpd %ymm0,%r9d + vmovmskpd %ymm1,%r8d + shlb $4,%r8b + orb %r8b,%r9b + + vpcmpeqq .Lmask52x4(%rip),%ymm5,%ymm2 + vpcmpeqq .Lmask52x4(%rip),%ymm6,%ymm11 + vmovmskpd %ymm2,%r8d + vmovmskpd %ymm11,%edx + shlb $4,%dl + orb %dl,%r8b + + vpcmpeqq .Lmask52x4(%rip),%ymm7,%ymm12 + vpcmpeqq .Lmask52x4(%rip),%ymm8,%ymm13 + vmovmskpd %ymm12,%edx + vmovmskpd %ymm13,%ecx + shlb $4,%cl + orb %cl,%dl + + vpcmpeqq .Lmask52x4(%rip),%ymm9,%ymm14 + vpcmpeqq .Lmask52x4(%rip),%ymm10,%ymm15 + vmovmskpd %ymm14,%ecx + vmovmskpd %ymm15,%ebx + shlb $4,%bl + orb %bl,%cl + + addb %r9b,%r14b + adcb %r8b,%r13b + adcb %dl,%r12b + adcb %cl,%r11b + + xorb %r9b,%r14b + xorb %r8b,%r13b + xorb %dl,%r12b + xorb %cl,%r11b + + leaq .Lkmasklut(%rip),%rdx + + movb %r14b,%r10b + andq $0xf,%r14 + vpsubq .Lmask52x4(%rip),%ymm3,%ymm0 + shlq $5,%r14 + vmovapd (%rdx,%r14,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm3,%ymm3 + + shrb $4,%r10b + andq $0xf,%r10 + vpsubq .Lmask52x4(%rip),%ymm4,%ymm0 + shlq $5,%r10 + vmovapd (%rdx,%r10,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm4,%ymm4 + + movb %r13b,%r10b + andq $0xf,%r13 + vpsubq .Lmask52x4(%rip),%ymm5,%ymm0 + shlq $5,%r13 + vmovapd (%rdx,%r13,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm5,%ymm5 + + shrb $4,%r10b + andq $0xf,%r10 + vpsubq .Lmask52x4(%rip),%ymm6,%ymm0 + shlq $5,%r10 + vmovapd (%rdx,%r10,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm6,%ymm6 + + movb %r12b,%r10b + andq $0xf,%r12 + vpsubq .Lmask52x4(%rip),%ymm7,%ymm0 + shlq $5,%r12 + vmovapd (%rdx,%r12,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm7,%ymm7 + + shrb $4,%r10b + andq $0xf,%r10 + vpsubq .Lmask52x4(%rip),%ymm8,%ymm0 + shlq $5,%r10 + vmovapd (%rdx,%r10,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm8,%ymm8 + + movb %r11b,%r10b + andq $0xf,%r11 + vpsubq .Lmask52x4(%rip),%ymm9,%ymm0 + shlq $5,%r11 + vmovapd (%rdx,%r11,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm9,%ymm9 + + shrb $4,%r10b + andq $0xf,%r10 + vpsubq .Lmask52x4(%rip),%ymm10,%ymm0 + shlq $5,%r10 + vmovapd (%rdx,%r10,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm10,%ymm10 + + vpand .Lmask52x4(%rip),%ymm3,%ymm3 + vpand .Lmask52x4(%rip),%ymm4,%ymm4 + vpand .Lmask52x4(%rip),%ymm5,%ymm5 + vpand .Lmask52x4(%rip),%ymm6,%ymm6 + vpand .Lmask52x4(%rip),%ymm7,%ymm7 + vpand .Lmask52x4(%rip),%ymm8,%ymm8 + vpand .Lmask52x4(%rip),%ymm9,%ymm9 + + vpand .Lmask52x4(%rip),%ymm10,%ymm10 + + vmovdqu %ymm3,0(%rdi) + vmovdqu %ymm4,32(%rdi) + vmovdqu %ymm5,64(%rdi) + vmovdqu %ymm6,96(%rdi) + vmovdqu %ymm7,128(%rdi) + vmovdqu %ymm8,160(%rdi) + vmovdqu %ymm9,192(%rdi) + vmovdqu %ymm10,224(%rdi) + + vzeroupper + leaq (%rsp),%rax +.cfi_def_cfa_register %rax + movq 0(%rax),%r15 +.cfi_restore %r15 + movq 8(%rax),%r14 +.cfi_restore %r14 + movq 16(%rax),%r13 +.cfi_restore %r13 + movq 24(%rax),%r12 +.cfi_restore %r12 + movq 32(%rax),%rbp +.cfi_restore %rbp + movq 40(%rax),%rbx +.cfi_restore %rbx + leaq 48(%rax),%rsp +.cfi_def_cfa %rsp,8 +.Lossl_rsaz_amm52x30_x1_avxifma256_epilogue: + .byte 0xf3,0xc3 +.cfi_endproc +.size ossl_rsaz_amm52x30_x1_avxifma256, .-ossl_rsaz_amm52x30_x1_avxifma256 +.section .rodata +.align 32 +.Lmask52x4: +.quad 0xfffffffffffff +.quad 0xfffffffffffff +.quad 0xfffffffffffff +.quad 0xfffffffffffff +.Lhigh64x3: +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.Lkmasklut: + +.quad 0x0 +.quad 0x0 +.quad 0x0 +.quad 0x0 + +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0x0 +.quad 0x0 + +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0x0 + +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0x0 + +.quad 0x0 +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0x0 + +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0x0 + +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0x0 + +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0x0 + +.quad 0x0 +.quad 0x0 +.quad 0x0 +.quad 0xffffffffffffffff + +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0x0 +.quad 0xffffffffffffffff + +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0xffffffffffffffff + +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0xffffffffffffffff + +.quad 0x0 +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff + +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff + +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff + +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.text + +.globl ossl_rsaz_amm52x30_x2_avxifma256 +.type ossl_rsaz_amm52x30_x2_avxifma256,@function +.align 32 +ossl_rsaz_amm52x30_x2_avxifma256: +.cfi_startproc +.byte 243,15,30,250 + pushq %rbx +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbx,-16 + pushq %rbp +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbp,-24 + pushq %r12 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r12,-32 + pushq %r13 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r13,-40 + pushq %r14 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r14,-48 + pushq %r15 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r15,-56 + + vpxor %ymm0,%ymm0,%ymm0 + vmovapd %ymm0,%ymm3 + vmovapd %ymm0,%ymm4 + vmovapd %ymm0,%ymm5 + vmovapd %ymm0,%ymm6 + vmovapd %ymm0,%ymm7 + vmovapd %ymm0,%ymm8 + vmovapd %ymm0,%ymm9 + vmovapd %ymm0,%ymm10 + + xorl %r9d,%r9d + + movq %rdx,%r11 + movq $0xfffffffffffff,%rax + + movl $30,%ebx + +.align 32 +.Lloop30: + movq 0(%r11),%r13 + + vpbroadcastq 0(%r11),%ymm1 + movq 0(%rsi),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + movq %r12,%r10 + adcq $0,%r10 + + movq (%r8),%r13 + imulq %r9,%r13 + andq %rax,%r13 + + vmovq %r13,%xmm2 + vpbroadcastq %xmm2,%ymm2 + movq 0(%rcx),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + adcq %r12,%r10 + + shrq $52,%r9 + salq $12,%r10 + orq %r10,%r9 + + leaq -264(%rsp),%rsp + +{vex} vpmadd52luq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52luq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52luq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52luq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52luq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52luq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52luq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52luq 224(%rsi),%ymm1,%ymm10 + +{vex} vpmadd52luq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52luq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52luq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52luq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52luq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52luq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52luq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52luq 224(%rcx),%ymm2,%ymm10 + + + vmovdqu %ymm3,0(%rsp) + vmovdqu %ymm4,32(%rsp) + vmovdqu %ymm5,64(%rsp) + vmovdqu %ymm6,96(%rsp) + vmovdqu %ymm7,128(%rsp) + vmovdqu %ymm8,160(%rsp) + vmovdqu %ymm9,192(%rsp) + vmovdqu %ymm10,224(%rsp) + movq $0,256(%rsp) + + vmovdqu 8(%rsp),%ymm3 + vmovdqu 40(%rsp),%ymm4 + vmovdqu 72(%rsp),%ymm5 + vmovdqu 104(%rsp),%ymm6 + vmovdqu 136(%rsp),%ymm7 + vmovdqu 168(%rsp),%ymm8 + vmovdqu 200(%rsp),%ymm9 + vmovdqu 232(%rsp),%ymm10 + + addq 8(%rsp),%r9 + +{vex} vpmadd52huq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52huq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52huq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52huq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52huq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52huq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52huq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52huq 224(%rsi),%ymm1,%ymm10 + +{vex} vpmadd52huq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52huq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52huq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52huq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52huq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52huq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52huq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52huq 224(%rcx),%ymm2,%ymm10 + + leaq 264(%rsp),%rsp + leaq 8(%r11),%r11 + decl %ebx + jne .Lloop30 + + pushq %r11 + pushq %rsi + pushq %rcx + pushq %r8 + + vmovq %r9,%xmm0 + vpbroadcastq %xmm0,%ymm0 + vpblendd $3,%ymm0,%ymm3,%ymm3 + + + + vpsrlq $52,%ymm3,%ymm0 + vpsrlq $52,%ymm4,%ymm1 + vpsrlq $52,%ymm5,%ymm2 + vpsrlq $52,%ymm6,%ymm11 + vpsrlq $52,%ymm7,%ymm12 + vpsrlq $52,%ymm8,%ymm13 + vpsrlq $52,%ymm9,%ymm14 + vpsrlq $52,%ymm10,%ymm15 + + leaq -32(%rsp),%rsp + vmovupd %ymm3,(%rsp) + + + vpermq $144,%ymm15,%ymm15 + vpermq $3,%ymm14,%ymm3 + vblendpd $1,%ymm3,%ymm15,%ymm15 + + vpermq $144,%ymm14,%ymm14 + vpermq $3,%ymm13,%ymm3 + vblendpd $1,%ymm3,%ymm14,%ymm14 + + vpermq $144,%ymm13,%ymm13 + vpermq $3,%ymm12,%ymm3 + vblendpd $1,%ymm3,%ymm13,%ymm13 + + vpermq $144,%ymm12,%ymm12 + vpermq $3,%ymm11,%ymm3 + vblendpd $1,%ymm3,%ymm12,%ymm12 + + vpermq $144,%ymm11,%ymm11 + vpermq $3,%ymm2,%ymm3 + vblendpd $1,%ymm3,%ymm11,%ymm11 + + vpermq $144,%ymm2,%ymm2 + vpermq $3,%ymm1,%ymm3 + vblendpd $1,%ymm3,%ymm2,%ymm2 + + vpermq $144,%ymm1,%ymm1 + vpermq $3,%ymm0,%ymm3 + vblendpd $1,%ymm3,%ymm1,%ymm1 + + vpermq $144,%ymm0,%ymm0 + vpand .Lhigh64x3(%rip),%ymm0,%ymm0 + + vmovupd (%rsp),%ymm3 + leaq 32(%rsp),%rsp + + + vpand .Lmask52x4(%rip),%ymm3,%ymm3 + vpand .Lmask52x4(%rip),%ymm4,%ymm4 + vpand .Lmask52x4(%rip),%ymm5,%ymm5 + vpand .Lmask52x4(%rip),%ymm6,%ymm6 + vpand .Lmask52x4(%rip),%ymm7,%ymm7 + vpand .Lmask52x4(%rip),%ymm8,%ymm8 + vpand .Lmask52x4(%rip),%ymm9,%ymm9 + vpand .Lmask52x4(%rip),%ymm10,%ymm10 + + + vpaddq %ymm0,%ymm3,%ymm3 + vpaddq %ymm1,%ymm4,%ymm4 + vpaddq %ymm2,%ymm5,%ymm5 + vpaddq %ymm11,%ymm6,%ymm6 + vpaddq %ymm12,%ymm7,%ymm7 + vpaddq %ymm13,%ymm8,%ymm8 + vpaddq %ymm14,%ymm9,%ymm9 + vpaddq %ymm15,%ymm10,%ymm10 + + + + vpcmpgtq .Lmask52x4(%rip),%ymm3,%ymm0 + vpcmpgtq .Lmask52x4(%rip),%ymm4,%ymm1 + vmovmskpd %ymm0,%r14d + vmovmskpd %ymm1,%r13d + shlb $4,%r13b + orb %r13b,%r14b + + vpcmpgtq .Lmask52x4(%rip),%ymm5,%ymm2 + vpcmpgtq .Lmask52x4(%rip),%ymm6,%ymm11 + vmovmskpd %ymm2,%r13d + vmovmskpd %ymm11,%r12d + shlb $4,%r12b + orb %r12b,%r13b + + vpcmpgtq .Lmask52x4(%rip),%ymm7,%ymm12 + vpcmpgtq .Lmask52x4(%rip),%ymm8,%ymm13 + vmovmskpd %ymm12,%r12d + vmovmskpd %ymm13,%r11d + shlb $4,%r11b + orb %r11b,%r12b + + vpcmpgtq .Lmask52x4(%rip),%ymm9,%ymm14 + vpcmpgtq .Lmask52x4(%rip),%ymm10,%ymm15 + vmovmskpd %ymm14,%r11d + vmovmskpd %ymm15,%r10d + shlb $4,%r10b + orb %r10b,%r11b + + addb %r14b,%r14b + adcb %r13b,%r13b + adcb %r12b,%r12b + adcb %r11b,%r11b + + + vpcmpeqq .Lmask52x4(%rip),%ymm3,%ymm0 + vpcmpeqq .Lmask52x4(%rip),%ymm4,%ymm1 + vmovmskpd %ymm0,%r9d + vmovmskpd %ymm1,%r8d + shlb $4,%r8b + orb %r8b,%r9b + + vpcmpeqq .Lmask52x4(%rip),%ymm5,%ymm2 + vpcmpeqq .Lmask52x4(%rip),%ymm6,%ymm11 + vmovmskpd %ymm2,%r8d + vmovmskpd %ymm11,%edx + shlb $4,%dl + orb %dl,%r8b + + vpcmpeqq .Lmask52x4(%rip),%ymm7,%ymm12 + vpcmpeqq .Lmask52x4(%rip),%ymm8,%ymm13 + vmovmskpd %ymm12,%edx + vmovmskpd %ymm13,%ecx + shlb $4,%cl + orb %cl,%dl + + vpcmpeqq .Lmask52x4(%rip),%ymm9,%ymm14 + vpcmpeqq .Lmask52x4(%rip),%ymm10,%ymm15 + vmovmskpd %ymm14,%ecx + vmovmskpd %ymm15,%ebx + shlb $4,%bl + orb %bl,%cl + + addb %r9b,%r14b + adcb %r8b,%r13b + adcb %dl,%r12b + adcb %cl,%r11b + + xorb %r9b,%r14b + xorb %r8b,%r13b + xorb %dl,%r12b + xorb %cl,%r11b + + leaq .Lkmasklut(%rip),%rdx + + movb %r14b,%r10b + andq $0xf,%r14 + vpsubq .Lmask52x4(%rip),%ymm3,%ymm0 + shlq $5,%r14 + vmovapd (%rdx,%r14,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm3,%ymm3 + + shrb $4,%r10b + andq $0xf,%r10 + vpsubq .Lmask52x4(%rip),%ymm4,%ymm0 + shlq $5,%r10 + vmovapd (%rdx,%r10,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm4,%ymm4 + + movb %r13b,%r10b + andq $0xf,%r13 + vpsubq .Lmask52x4(%rip),%ymm5,%ymm0 + shlq $5,%r13 + vmovapd (%rdx,%r13,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm5,%ymm5 + + shrb $4,%r10b + andq $0xf,%r10 + vpsubq .Lmask52x4(%rip),%ymm6,%ymm0 + shlq $5,%r10 + vmovapd (%rdx,%r10,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm6,%ymm6 + + movb %r12b,%r10b + andq $0xf,%r12 + vpsubq .Lmask52x4(%rip),%ymm7,%ymm0 + shlq $5,%r12 + vmovapd (%rdx,%r12,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm7,%ymm7 + + shrb $4,%r10b + andq $0xf,%r10 + vpsubq .Lmask52x4(%rip),%ymm8,%ymm0 + shlq $5,%r10 + vmovapd (%rdx,%r10,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm8,%ymm8 + + movb %r11b,%r10b + andq $0xf,%r11 + vpsubq .Lmask52x4(%rip),%ymm9,%ymm0 + shlq $5,%r11 + vmovapd (%rdx,%r11,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm9,%ymm9 + + shrb $4,%r10b + andq $0xf,%r10 + vpsubq .Lmask52x4(%rip),%ymm10,%ymm0 + shlq $5,%r10 + vmovapd (%rdx,%r10,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm10,%ymm10 + + vpand .Lmask52x4(%rip),%ymm3,%ymm3 + vpand .Lmask52x4(%rip),%ymm4,%ymm4 + vpand .Lmask52x4(%rip),%ymm5,%ymm5 + vpand .Lmask52x4(%rip),%ymm6,%ymm6 + vpand .Lmask52x4(%rip),%ymm7,%ymm7 + vpand .Lmask52x4(%rip),%ymm8,%ymm8 + vpand .Lmask52x4(%rip),%ymm9,%ymm9 + + vpand .Lmask52x4(%rip),%ymm10,%ymm10 + popq %r8 + popq %rcx + popq %rsi + popq %r11 + + vmovdqu %ymm3,0(%rdi) + vmovdqu %ymm4,32(%rdi) + vmovdqu %ymm5,64(%rdi) + vmovdqu %ymm6,96(%rdi) + vmovdqu %ymm7,128(%rdi) + vmovdqu %ymm8,160(%rdi) + vmovdqu %ymm9,192(%rdi) + vmovdqu %ymm10,224(%rdi) + + xorl %r15d,%r15d + + leaq 16(%r11),%r11 + movq $0xfffffffffffff,%rax + + movl $30,%ebx + + vpxor %ymm0,%ymm0,%ymm0 + vmovapd %ymm0,%ymm3 + vmovapd %ymm0,%ymm4 + vmovapd %ymm0,%ymm5 + vmovapd %ymm0,%ymm6 + vmovapd %ymm0,%ymm7 + vmovapd %ymm0,%ymm8 + vmovapd %ymm0,%ymm9 + vmovapd %ymm0,%ymm10 +.align 32 +.Lloop40: + movq 0(%r11),%r13 + + vpbroadcastq 0(%r11),%ymm1 + movq 256(%rsi),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + movq %r12,%r10 + adcq $0,%r10 + + movq 8(%r8),%r13 + imulq %r9,%r13 + andq %rax,%r13 + + vmovq %r13,%xmm2 + vpbroadcastq %xmm2,%ymm2 + movq 256(%rcx),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + adcq %r12,%r10 + + shrq $52,%r9 + salq $12,%r10 + orq %r10,%r9 + + leaq -264(%rsp),%rsp + +{vex} vpmadd52luq 256(%rsi),%ymm1,%ymm3 +{vex} vpmadd52luq 288(%rsi),%ymm1,%ymm4 +{vex} vpmadd52luq 320(%rsi),%ymm1,%ymm5 +{vex} vpmadd52luq 352(%rsi),%ymm1,%ymm6 +{vex} vpmadd52luq 384(%rsi),%ymm1,%ymm7 +{vex} vpmadd52luq 416(%rsi),%ymm1,%ymm8 +{vex} vpmadd52luq 448(%rsi),%ymm1,%ymm9 +{vex} vpmadd52luq 480(%rsi),%ymm1,%ymm10 + +{vex} vpmadd52luq 256(%rcx),%ymm2,%ymm3 +{vex} vpmadd52luq 288(%rcx),%ymm2,%ymm4 +{vex} vpmadd52luq 320(%rcx),%ymm2,%ymm5 +{vex} vpmadd52luq 352(%rcx),%ymm2,%ymm6 +{vex} vpmadd52luq 384(%rcx),%ymm2,%ymm7 +{vex} vpmadd52luq 416(%rcx),%ymm2,%ymm8 +{vex} vpmadd52luq 448(%rcx),%ymm2,%ymm9 +{vex} vpmadd52luq 480(%rcx),%ymm2,%ymm10 + + + vmovdqu %ymm3,0(%rsp) + vmovdqu %ymm4,32(%rsp) + vmovdqu %ymm5,64(%rsp) + vmovdqu %ymm6,96(%rsp) + vmovdqu %ymm7,128(%rsp) + vmovdqu %ymm8,160(%rsp) + vmovdqu %ymm9,192(%rsp) + vmovdqu %ymm10,224(%rsp) + movq $0,256(%rsp) + + vmovdqu 8(%rsp),%ymm3 + vmovdqu 40(%rsp),%ymm4 + vmovdqu 72(%rsp),%ymm5 + vmovdqu 104(%rsp),%ymm6 + vmovdqu 136(%rsp),%ymm7 + vmovdqu 168(%rsp),%ymm8 + vmovdqu 200(%rsp),%ymm9 + vmovdqu 232(%rsp),%ymm10 + + addq 8(%rsp),%r9 + +{vex} vpmadd52huq 256(%rsi),%ymm1,%ymm3 +{vex} vpmadd52huq 288(%rsi),%ymm1,%ymm4 +{vex} vpmadd52huq 320(%rsi),%ymm1,%ymm5 +{vex} vpmadd52huq 352(%rsi),%ymm1,%ymm6 +{vex} vpmadd52huq 384(%rsi),%ymm1,%ymm7 +{vex} vpmadd52huq 416(%rsi),%ymm1,%ymm8 +{vex} vpmadd52huq 448(%rsi),%ymm1,%ymm9 +{vex} vpmadd52huq 480(%rsi),%ymm1,%ymm10 + +{vex} vpmadd52huq 256(%rcx),%ymm2,%ymm3 +{vex} vpmadd52huq 288(%rcx),%ymm2,%ymm4 +{vex} vpmadd52huq 320(%rcx),%ymm2,%ymm5 +{vex} vpmadd52huq 352(%rcx),%ymm2,%ymm6 +{vex} vpmadd52huq 384(%rcx),%ymm2,%ymm7 +{vex} vpmadd52huq 416(%rcx),%ymm2,%ymm8 +{vex} vpmadd52huq 448(%rcx),%ymm2,%ymm9 +{vex} vpmadd52huq 480(%rcx),%ymm2,%ymm10 + + leaq 264(%rsp),%rsp + leaq 8(%r11),%r11 + decl %ebx + jne .Lloop40 + + vmovq %r9,%xmm0 + vpbroadcastq %xmm0,%ymm0 + vpblendd $3,%ymm0,%ymm3,%ymm3 + + + + vpsrlq $52,%ymm3,%ymm0 + vpsrlq $52,%ymm4,%ymm1 + vpsrlq $52,%ymm5,%ymm2 + vpsrlq $52,%ymm6,%ymm11 + vpsrlq $52,%ymm7,%ymm12 + vpsrlq $52,%ymm8,%ymm13 + vpsrlq $52,%ymm9,%ymm14 + vpsrlq $52,%ymm10,%ymm15 + + leaq -32(%rsp),%rsp + vmovupd %ymm3,(%rsp) + + + vpermq $144,%ymm15,%ymm15 + vpermq $3,%ymm14,%ymm3 + vblendpd $1,%ymm3,%ymm15,%ymm15 + + vpermq $144,%ymm14,%ymm14 + vpermq $3,%ymm13,%ymm3 + vblendpd $1,%ymm3,%ymm14,%ymm14 + + vpermq $144,%ymm13,%ymm13 + vpermq $3,%ymm12,%ymm3 + vblendpd $1,%ymm3,%ymm13,%ymm13 + + vpermq $144,%ymm12,%ymm12 + vpermq $3,%ymm11,%ymm3 + vblendpd $1,%ymm3,%ymm12,%ymm12 + + vpermq $144,%ymm11,%ymm11 + vpermq $3,%ymm2,%ymm3 + vblendpd $1,%ymm3,%ymm11,%ymm11 + + vpermq $144,%ymm2,%ymm2 + vpermq $3,%ymm1,%ymm3 + vblendpd $1,%ymm3,%ymm2,%ymm2 + + vpermq $144,%ymm1,%ymm1 + vpermq $3,%ymm0,%ymm3 + vblendpd $1,%ymm3,%ymm1,%ymm1 + + vpermq $144,%ymm0,%ymm0 + vpand .Lhigh64x3(%rip),%ymm0,%ymm0 + + vmovupd (%rsp),%ymm3 + leaq 32(%rsp),%rsp + + + vpand .Lmask52x4(%rip),%ymm3,%ymm3 + vpand .Lmask52x4(%rip),%ymm4,%ymm4 + vpand .Lmask52x4(%rip),%ymm5,%ymm5 + vpand .Lmask52x4(%rip),%ymm6,%ymm6 + vpand .Lmask52x4(%rip),%ymm7,%ymm7 + vpand .Lmask52x4(%rip),%ymm8,%ymm8 + vpand .Lmask52x4(%rip),%ymm9,%ymm9 + vpand .Lmask52x4(%rip),%ymm10,%ymm10 + + + vpaddq %ymm0,%ymm3,%ymm3 + vpaddq %ymm1,%ymm4,%ymm4 + vpaddq %ymm2,%ymm5,%ymm5 + vpaddq %ymm11,%ymm6,%ymm6 + vpaddq %ymm12,%ymm7,%ymm7 + vpaddq %ymm13,%ymm8,%ymm8 + vpaddq %ymm14,%ymm9,%ymm9 + vpaddq %ymm15,%ymm10,%ymm10 + + + + vpcmpgtq .Lmask52x4(%rip),%ymm3,%ymm0 + vpcmpgtq .Lmask52x4(%rip),%ymm4,%ymm1 + vmovmskpd %ymm0,%r14d + vmovmskpd %ymm1,%r13d + shlb $4,%r13b + orb %r13b,%r14b + + vpcmpgtq .Lmask52x4(%rip),%ymm5,%ymm2 + vpcmpgtq .Lmask52x4(%rip),%ymm6,%ymm11 + vmovmskpd %ymm2,%r13d + vmovmskpd %ymm11,%r12d + shlb $4,%r12b + orb %r12b,%r13b + + vpcmpgtq .Lmask52x4(%rip),%ymm7,%ymm12 + vpcmpgtq .Lmask52x4(%rip),%ymm8,%ymm13 + vmovmskpd %ymm12,%r12d + vmovmskpd %ymm13,%r11d + shlb $4,%r11b + orb %r11b,%r12b + + vpcmpgtq .Lmask52x4(%rip),%ymm9,%ymm14 + vpcmpgtq .Lmask52x4(%rip),%ymm10,%ymm15 + vmovmskpd %ymm14,%r11d + vmovmskpd %ymm15,%r10d + shlb $4,%r10b + orb %r10b,%r11b + + addb %r14b,%r14b + adcb %r13b,%r13b + adcb %r12b,%r12b + adcb %r11b,%r11b + + + vpcmpeqq .Lmask52x4(%rip),%ymm3,%ymm0 + vpcmpeqq .Lmask52x4(%rip),%ymm4,%ymm1 + vmovmskpd %ymm0,%r9d + vmovmskpd %ymm1,%r8d + shlb $4,%r8b + orb %r8b,%r9b + + vpcmpeqq .Lmask52x4(%rip),%ymm5,%ymm2 + vpcmpeqq .Lmask52x4(%rip),%ymm6,%ymm11 + vmovmskpd %ymm2,%r8d + vmovmskpd %ymm11,%edx + shlb $4,%dl + orb %dl,%r8b + + vpcmpeqq .Lmask52x4(%rip),%ymm7,%ymm12 + vpcmpeqq .Lmask52x4(%rip),%ymm8,%ymm13 + vmovmskpd %ymm12,%edx + vmovmskpd %ymm13,%ecx + shlb $4,%cl + orb %cl,%dl + + vpcmpeqq .Lmask52x4(%rip),%ymm9,%ymm14 + vpcmpeqq .Lmask52x4(%rip),%ymm10,%ymm15 + vmovmskpd %ymm14,%ecx + vmovmskpd %ymm15,%ebx + shlb $4,%bl + orb %bl,%cl + + addb %r9b,%r14b + adcb %r8b,%r13b + adcb %dl,%r12b + adcb %cl,%r11b + + xorb %r9b,%r14b + xorb %r8b,%r13b + xorb %dl,%r12b + xorb %cl,%r11b + + leaq .Lkmasklut(%rip),%rdx + + movb %r14b,%r10b + andq $0xf,%r14 + vpsubq .Lmask52x4(%rip),%ymm3,%ymm0 + shlq $5,%r14 + vmovapd (%rdx,%r14,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm3,%ymm3 + + shrb $4,%r10b + andq $0xf,%r10 + vpsubq .Lmask52x4(%rip),%ymm4,%ymm0 + shlq $5,%r10 + vmovapd (%rdx,%r10,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm4,%ymm4 + + movb %r13b,%r10b + andq $0xf,%r13 + vpsubq .Lmask52x4(%rip),%ymm5,%ymm0 + shlq $5,%r13 + vmovapd (%rdx,%r13,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm5,%ymm5 + + shrb $4,%r10b + andq $0xf,%r10 + vpsubq .Lmask52x4(%rip),%ymm6,%ymm0 + shlq $5,%r10 + vmovapd (%rdx,%r10,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm6,%ymm6 + + movb %r12b,%r10b + andq $0xf,%r12 + vpsubq .Lmask52x4(%rip),%ymm7,%ymm0 + shlq $5,%r12 + vmovapd (%rdx,%r12,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm7,%ymm7 + + shrb $4,%r10b + andq $0xf,%r10 + vpsubq .Lmask52x4(%rip),%ymm8,%ymm0 + shlq $5,%r10 + vmovapd (%rdx,%r10,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm8,%ymm8 + + movb %r11b,%r10b + andq $0xf,%r11 + vpsubq .Lmask52x4(%rip),%ymm9,%ymm0 + shlq $5,%r11 + vmovapd (%rdx,%r11,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm9,%ymm9 + + shrb $4,%r10b + andq $0xf,%r10 + vpsubq .Lmask52x4(%rip),%ymm10,%ymm0 + shlq $5,%r10 + vmovapd (%rdx,%r10,1),%ymm2 + vblendvpd %ymm2,%ymm0,%ymm10,%ymm10 + + vpand .Lmask52x4(%rip),%ymm3,%ymm3 + vpand .Lmask52x4(%rip),%ymm4,%ymm4 + vpand .Lmask52x4(%rip),%ymm5,%ymm5 + vpand .Lmask52x4(%rip),%ymm6,%ymm6 + vpand .Lmask52x4(%rip),%ymm7,%ymm7 + vpand .Lmask52x4(%rip),%ymm8,%ymm8 + vpand .Lmask52x4(%rip),%ymm9,%ymm9 + + vpand .Lmask52x4(%rip),%ymm10,%ymm10 + + vmovdqu %ymm3,256(%rdi) + vmovdqu %ymm4,288(%rdi) + vmovdqu %ymm5,320(%rdi) + vmovdqu %ymm6,352(%rdi) + vmovdqu %ymm7,384(%rdi) + vmovdqu %ymm8,416(%rdi) + vmovdqu %ymm9,448(%rdi) + vmovdqu %ymm10,480(%rdi) + + vzeroupper + leaq (%rsp),%rax +.cfi_def_cfa_register %rax + movq 0(%rax),%r15 +.cfi_restore %r15 + movq 8(%rax),%r14 +.cfi_restore %r14 + movq 16(%rax),%r13 +.cfi_restore %r13 + movq 24(%rax),%r12 +.cfi_restore %r12 + movq 32(%rax),%rbp +.cfi_restore %rbp + movq 40(%rax),%rbx +.cfi_restore %rbx + leaq 48(%rax),%rsp +.cfi_def_cfa %rsp,8 +.Lossl_rsaz_amm52x30_x2_avxifma256_epilogue: + .byte 0xf3,0xc3 +.cfi_endproc +.size ossl_rsaz_amm52x30_x2_avxifma256, .-ossl_rsaz_amm52x30_x2_avxifma256 +.text + +.align 32 +.globl ossl_extract_multiplier_2x30_win5_avx +.type ossl_extract_multiplier_2x30_win5_avx,@function +ossl_extract_multiplier_2x30_win5_avx: +.cfi_startproc +.byte 243,15,30,250 + vmovapd .Lones(%rip),%ymm12 + vmovq %rdx,%xmm8 + vpbroadcastq %xmm8,%ymm10 + vmovq %rcx,%xmm8 + vpbroadcastq %xmm8,%ymm11 + leaq 16384(%rsi),%rax + + + vpxor %xmm0,%xmm0,%xmm0 + vmovapd %ymm0,%ymm9 + vmovapd %ymm0,%ymm1 + vmovapd %ymm0,%ymm2 + vmovapd %ymm0,%ymm3 + vmovapd %ymm0,%ymm4 + vmovapd %ymm0,%ymm5 + vmovapd %ymm0,%ymm6 + vmovapd %ymm0,%ymm7 + +.align 32 +.Lloop: + vpcmpeqq %ymm9,%ymm10,%ymm13 + vmovdqu 0(%rsi),%ymm8 + + vblendvpd %ymm13,%ymm8,%ymm0,%ymm0 + vmovdqu 32(%rsi),%ymm8 + + vblendvpd %ymm13,%ymm8,%ymm1,%ymm1 + vmovdqu 64(%rsi),%ymm8 + + vblendvpd %ymm13,%ymm8,%ymm2,%ymm2 + vmovdqu 96(%rsi),%ymm8 + + vblendvpd %ymm13,%ymm8,%ymm3,%ymm3 + vmovdqu 128(%rsi),%ymm8 + + vblendvpd %ymm13,%ymm8,%ymm4,%ymm4 + vmovdqu 160(%rsi),%ymm8 + + vblendvpd %ymm13,%ymm8,%ymm5,%ymm5 + vmovdqu 192(%rsi),%ymm8 + + vblendvpd %ymm13,%ymm8,%ymm6,%ymm6 + vmovdqu 224(%rsi),%ymm8 + + vblendvpd %ymm13,%ymm8,%ymm7,%ymm7 + vpaddq %ymm12,%ymm9,%ymm9 + addq $512,%rsi + cmpq %rsi,%rax + jne .Lloop + vmovdqu %ymm0,0(%rdi) + vmovdqu %ymm1,32(%rdi) + vmovdqu %ymm2,64(%rdi) + vmovdqu %ymm3,96(%rdi) + vmovdqu %ymm4,128(%rdi) + vmovdqu %ymm5,160(%rdi) + vmovdqu %ymm6,192(%rdi) + vmovdqu %ymm7,224(%rdi) + leaq -16384(%rax),%rsi + + + vpxor %xmm0,%xmm0,%xmm0 + vmovapd %ymm0,%ymm9 + vmovapd %ymm0,%ymm0 + vmovapd %ymm0,%ymm1 + vmovapd %ymm0,%ymm2 + vmovapd %ymm0,%ymm3 + vmovapd %ymm0,%ymm4 + vmovapd %ymm0,%ymm5 + vmovapd %ymm0,%ymm6 + vmovapd %ymm0,%ymm7 + +.align 32 +.Lloop_8_15: + vpcmpeqq %ymm9,%ymm11,%ymm13 + vmovdqu 256(%rsi),%ymm8 + + vblendvpd %ymm13,%ymm8,%ymm0,%ymm0 + vmovdqu 288(%rsi),%ymm8 + + vblendvpd %ymm13,%ymm8,%ymm1,%ymm1 + vmovdqu 320(%rsi),%ymm8 + + vblendvpd %ymm13,%ymm8,%ymm2,%ymm2 + vmovdqu 352(%rsi),%ymm8 + + vblendvpd %ymm13,%ymm8,%ymm3,%ymm3 + vmovdqu 384(%rsi),%ymm8 + + vblendvpd %ymm13,%ymm8,%ymm4,%ymm4 + vmovdqu 416(%rsi),%ymm8 + + vblendvpd %ymm13,%ymm8,%ymm5,%ymm5 + vmovdqu 448(%rsi),%ymm8 + + vblendvpd %ymm13,%ymm8,%ymm6,%ymm6 + vmovdqu 480(%rsi),%ymm8 + + vblendvpd %ymm13,%ymm8,%ymm7,%ymm7 + vpaddq %ymm12,%ymm9,%ymm9 + addq $512,%rsi + cmpq %rsi,%rax + jne .Lloop_8_15 + vmovdqu %ymm0,256(%rdi) + vmovdqu %ymm1,288(%rdi) + vmovdqu %ymm2,320(%rdi) + vmovdqu %ymm3,352(%rdi) + vmovdqu %ymm4,384(%rdi) + vmovdqu %ymm5,416(%rdi) + vmovdqu %ymm6,448(%rdi) + vmovdqu %ymm7,480(%rdi) + + .byte 0xf3,0xc3 +.cfi_endproc +.size ossl_extract_multiplier_2x30_win5_avx, .-ossl_extract_multiplier_2x30_win5_avx +.section .rodata +.align 32 +.Lones: +.quad 1,1,1,1 +.Lzeros: +.quad 0,0,0,0 diff --git a/contrib/openssl-cmake/asm/crypto/bn/rsaz-4k-avx512.s b/contrib/openssl-cmake/asm/crypto/bn/rsaz-4k-avx512.s index 5bf65841ac25..bd1ee59a1cea 100644 --- a/contrib/openssl-cmake/asm/crypto/bn/rsaz-4k-avx512.s +++ b/contrib/openssl-cmake/asm/crypto/bn/rsaz-4k-avx512.s @@ -592,7 +592,7 @@ ossl_rsaz_amm52x40_x1_ifma256: .byte 0xf3,0xc3 .cfi_endproc .size ossl_rsaz_amm52x40_x1_ifma256, .-ossl_rsaz_amm52x40_x1_ifma256 -.data +.section .rodata .align 32 .Lmask52x4: .quad 0xfffffffffffff @@ -1345,7 +1345,7 @@ ossl_extract_multiplier_2x40_win5: .byte 0xf3,0xc3 .cfi_endproc .size ossl_extract_multiplier_2x40_win5, .-ossl_extract_multiplier_2x40_win5 -.data +.section .rodata .align 32 .Lones: .quad 1,1,1,1 diff --git a/contrib/openssl-cmake/asm/crypto/bn/rsaz-4k-avxifma.s b/contrib/openssl-cmake/asm/crypto/bn/rsaz-4k-avxifma.s new file mode 100644 index 000000000000..32c6dfd33fb7 --- /dev/null +++ b/contrib/openssl-cmake/asm/crypto/bn/rsaz-4k-avxifma.s @@ -0,0 +1,1901 @@ +.text + +.globl ossl_rsaz_amm52x40_x1_avxifma256 +.type ossl_rsaz_amm52x40_x1_avxifma256,@function +.align 32 +ossl_rsaz_amm52x40_x1_avxifma256: +.cfi_startproc +.byte 243,15,30,250 + pushq %rbx +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbx,-16 + pushq %rbp +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbp,-24 + pushq %r12 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r12,-32 + pushq %r13 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r13,-40 + pushq %r14 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r14,-48 + pushq %r15 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r15,-56 + + vpxor %ymm0,%ymm0,%ymm0 + vmovapd %ymm0,%ymm3 + vmovapd %ymm0,%ymm4 + vmovapd %ymm0,%ymm5 + vmovapd %ymm0,%ymm6 + vmovapd %ymm0,%ymm7 + vmovapd %ymm0,%ymm8 + vmovapd %ymm0,%ymm9 + vmovapd %ymm0,%ymm10 + vmovapd %ymm0,%ymm11 + vmovapd %ymm0,%ymm12 + + xorl %r9d,%r9d + + movq %rdx,%r11 + movq $0xfffffffffffff,%rax + + + movl $10,%ebx + +.align 32 +.Lloop10: + movq 0(%r11),%r13 + + vpbroadcastq 0(%r11),%ymm1 + movq 0(%rsi),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + movq %r12,%r10 + adcq $0,%r10 + + movq %r8,%r13 + imulq %r9,%r13 + andq %rax,%r13 + + vmovq %r13,%xmm2 + vpbroadcastq %xmm2,%ymm2 + movq 0(%rcx),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + adcq %r12,%r10 + + shrq $52,%r9 + salq $12,%r10 + orq %r10,%r9 + + leaq -328(%rsp),%rsp + +{vex} vpmadd52luq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52luq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52luq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52luq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52luq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52luq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52luq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52luq 224(%rsi),%ymm1,%ymm10 +{vex} vpmadd52luq 256(%rsi),%ymm1,%ymm11 +{vex} vpmadd52luq 288(%rsi),%ymm1,%ymm12 + +{vex} vpmadd52luq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52luq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52luq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52luq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52luq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52luq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52luq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52luq 224(%rcx),%ymm2,%ymm10 +{vex} vpmadd52luq 256(%rcx),%ymm2,%ymm11 +{vex} vpmadd52luq 288(%rcx),%ymm2,%ymm12 + vmovdqu %ymm3,0(%rsp) + vmovdqu %ymm4,32(%rsp) + vmovdqu %ymm5,64(%rsp) + vmovdqu %ymm6,96(%rsp) + vmovdqu %ymm7,128(%rsp) + vmovdqu %ymm8,160(%rsp) + vmovdqu %ymm9,192(%rsp) + vmovdqu %ymm10,224(%rsp) + vmovdqu %ymm11,256(%rsp) + vmovdqu %ymm12,288(%rsp) + movq $0,320(%rsp) + + vmovdqu 8(%rsp),%ymm3 + vmovdqu 40(%rsp),%ymm4 + vmovdqu 72(%rsp),%ymm5 + vmovdqu 104(%rsp),%ymm6 + vmovdqu 136(%rsp),%ymm7 + vmovdqu 168(%rsp),%ymm8 + vmovdqu 200(%rsp),%ymm9 + vmovdqu 232(%rsp),%ymm10 + vmovdqu 264(%rsp),%ymm11 + vmovdqu 296(%rsp),%ymm12 + + addq 8(%rsp),%r9 + +{vex} vpmadd52huq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52huq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52huq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52huq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52huq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52huq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52huq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52huq 224(%rsi),%ymm1,%ymm10 +{vex} vpmadd52huq 256(%rsi),%ymm1,%ymm11 +{vex} vpmadd52huq 288(%rsi),%ymm1,%ymm12 + +{vex} vpmadd52huq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52huq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52huq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52huq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52huq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52huq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52huq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52huq 224(%rcx),%ymm2,%ymm10 +{vex} vpmadd52huq 256(%rcx),%ymm2,%ymm11 +{vex} vpmadd52huq 288(%rcx),%ymm2,%ymm12 + leaq 328(%rsp),%rsp + movq 8(%r11),%r13 + + vpbroadcastq 8(%r11),%ymm1 + movq 0(%rsi),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + movq %r12,%r10 + adcq $0,%r10 + + movq %r8,%r13 + imulq %r9,%r13 + andq %rax,%r13 + + vmovq %r13,%xmm2 + vpbroadcastq %xmm2,%ymm2 + movq 0(%rcx),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + adcq %r12,%r10 + + shrq $52,%r9 + salq $12,%r10 + orq %r10,%r9 + + leaq -328(%rsp),%rsp + +{vex} vpmadd52luq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52luq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52luq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52luq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52luq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52luq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52luq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52luq 224(%rsi),%ymm1,%ymm10 +{vex} vpmadd52luq 256(%rsi),%ymm1,%ymm11 +{vex} vpmadd52luq 288(%rsi),%ymm1,%ymm12 + +{vex} vpmadd52luq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52luq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52luq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52luq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52luq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52luq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52luq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52luq 224(%rcx),%ymm2,%ymm10 +{vex} vpmadd52luq 256(%rcx),%ymm2,%ymm11 +{vex} vpmadd52luq 288(%rcx),%ymm2,%ymm12 + vmovdqu %ymm3,0(%rsp) + vmovdqu %ymm4,32(%rsp) + vmovdqu %ymm5,64(%rsp) + vmovdqu %ymm6,96(%rsp) + vmovdqu %ymm7,128(%rsp) + vmovdqu %ymm8,160(%rsp) + vmovdqu %ymm9,192(%rsp) + vmovdqu %ymm10,224(%rsp) + vmovdqu %ymm11,256(%rsp) + vmovdqu %ymm12,288(%rsp) + movq $0,320(%rsp) + + vmovdqu 8(%rsp),%ymm3 + vmovdqu 40(%rsp),%ymm4 + vmovdqu 72(%rsp),%ymm5 + vmovdqu 104(%rsp),%ymm6 + vmovdqu 136(%rsp),%ymm7 + vmovdqu 168(%rsp),%ymm8 + vmovdqu 200(%rsp),%ymm9 + vmovdqu 232(%rsp),%ymm10 + vmovdqu 264(%rsp),%ymm11 + vmovdqu 296(%rsp),%ymm12 + + addq 8(%rsp),%r9 + +{vex} vpmadd52huq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52huq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52huq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52huq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52huq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52huq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52huq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52huq 224(%rsi),%ymm1,%ymm10 +{vex} vpmadd52huq 256(%rsi),%ymm1,%ymm11 +{vex} vpmadd52huq 288(%rsi),%ymm1,%ymm12 + +{vex} vpmadd52huq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52huq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52huq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52huq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52huq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52huq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52huq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52huq 224(%rcx),%ymm2,%ymm10 +{vex} vpmadd52huq 256(%rcx),%ymm2,%ymm11 +{vex} vpmadd52huq 288(%rcx),%ymm2,%ymm12 + leaq 328(%rsp),%rsp + movq 16(%r11),%r13 + + vpbroadcastq 16(%r11),%ymm1 + movq 0(%rsi),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + movq %r12,%r10 + adcq $0,%r10 + + movq %r8,%r13 + imulq %r9,%r13 + andq %rax,%r13 + + vmovq %r13,%xmm2 + vpbroadcastq %xmm2,%ymm2 + movq 0(%rcx),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + adcq %r12,%r10 + + shrq $52,%r9 + salq $12,%r10 + orq %r10,%r9 + + leaq -328(%rsp),%rsp + +{vex} vpmadd52luq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52luq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52luq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52luq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52luq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52luq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52luq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52luq 224(%rsi),%ymm1,%ymm10 +{vex} vpmadd52luq 256(%rsi),%ymm1,%ymm11 +{vex} vpmadd52luq 288(%rsi),%ymm1,%ymm12 + +{vex} vpmadd52luq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52luq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52luq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52luq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52luq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52luq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52luq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52luq 224(%rcx),%ymm2,%ymm10 +{vex} vpmadd52luq 256(%rcx),%ymm2,%ymm11 +{vex} vpmadd52luq 288(%rcx),%ymm2,%ymm12 + vmovdqu %ymm3,0(%rsp) + vmovdqu %ymm4,32(%rsp) + vmovdqu %ymm5,64(%rsp) + vmovdqu %ymm6,96(%rsp) + vmovdqu %ymm7,128(%rsp) + vmovdqu %ymm8,160(%rsp) + vmovdqu %ymm9,192(%rsp) + vmovdqu %ymm10,224(%rsp) + vmovdqu %ymm11,256(%rsp) + vmovdqu %ymm12,288(%rsp) + movq $0,320(%rsp) + + vmovdqu 8(%rsp),%ymm3 + vmovdqu 40(%rsp),%ymm4 + vmovdqu 72(%rsp),%ymm5 + vmovdqu 104(%rsp),%ymm6 + vmovdqu 136(%rsp),%ymm7 + vmovdqu 168(%rsp),%ymm8 + vmovdqu 200(%rsp),%ymm9 + vmovdqu 232(%rsp),%ymm10 + vmovdqu 264(%rsp),%ymm11 + vmovdqu 296(%rsp),%ymm12 + + addq 8(%rsp),%r9 + +{vex} vpmadd52huq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52huq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52huq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52huq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52huq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52huq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52huq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52huq 224(%rsi),%ymm1,%ymm10 +{vex} vpmadd52huq 256(%rsi),%ymm1,%ymm11 +{vex} vpmadd52huq 288(%rsi),%ymm1,%ymm12 + +{vex} vpmadd52huq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52huq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52huq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52huq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52huq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52huq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52huq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52huq 224(%rcx),%ymm2,%ymm10 +{vex} vpmadd52huq 256(%rcx),%ymm2,%ymm11 +{vex} vpmadd52huq 288(%rcx),%ymm2,%ymm12 + leaq 328(%rsp),%rsp + movq 24(%r11),%r13 + + vpbroadcastq 24(%r11),%ymm1 + movq 0(%rsi),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + movq %r12,%r10 + adcq $0,%r10 + + movq %r8,%r13 + imulq %r9,%r13 + andq %rax,%r13 + + vmovq %r13,%xmm2 + vpbroadcastq %xmm2,%ymm2 + movq 0(%rcx),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + adcq %r12,%r10 + + shrq $52,%r9 + salq $12,%r10 + orq %r10,%r9 + + leaq -328(%rsp),%rsp + +{vex} vpmadd52luq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52luq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52luq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52luq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52luq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52luq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52luq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52luq 224(%rsi),%ymm1,%ymm10 +{vex} vpmadd52luq 256(%rsi),%ymm1,%ymm11 +{vex} vpmadd52luq 288(%rsi),%ymm1,%ymm12 + +{vex} vpmadd52luq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52luq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52luq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52luq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52luq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52luq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52luq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52luq 224(%rcx),%ymm2,%ymm10 +{vex} vpmadd52luq 256(%rcx),%ymm2,%ymm11 +{vex} vpmadd52luq 288(%rcx),%ymm2,%ymm12 + vmovdqu %ymm3,0(%rsp) + vmovdqu %ymm4,32(%rsp) + vmovdqu %ymm5,64(%rsp) + vmovdqu %ymm6,96(%rsp) + vmovdqu %ymm7,128(%rsp) + vmovdqu %ymm8,160(%rsp) + vmovdqu %ymm9,192(%rsp) + vmovdqu %ymm10,224(%rsp) + vmovdqu %ymm11,256(%rsp) + vmovdqu %ymm12,288(%rsp) + movq $0,320(%rsp) + + vmovdqu 8(%rsp),%ymm3 + vmovdqu 40(%rsp),%ymm4 + vmovdqu 72(%rsp),%ymm5 + vmovdqu 104(%rsp),%ymm6 + vmovdqu 136(%rsp),%ymm7 + vmovdqu 168(%rsp),%ymm8 + vmovdqu 200(%rsp),%ymm9 + vmovdqu 232(%rsp),%ymm10 + vmovdqu 264(%rsp),%ymm11 + vmovdqu 296(%rsp),%ymm12 + + addq 8(%rsp),%r9 + +{vex} vpmadd52huq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52huq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52huq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52huq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52huq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52huq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52huq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52huq 224(%rsi),%ymm1,%ymm10 +{vex} vpmadd52huq 256(%rsi),%ymm1,%ymm11 +{vex} vpmadd52huq 288(%rsi),%ymm1,%ymm12 + +{vex} vpmadd52huq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52huq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52huq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52huq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52huq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52huq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52huq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52huq 224(%rcx),%ymm2,%ymm10 +{vex} vpmadd52huq 256(%rcx),%ymm2,%ymm11 +{vex} vpmadd52huq 288(%rcx),%ymm2,%ymm12 + leaq 328(%rsp),%rsp + leaq 32(%r11),%r11 + decl %ebx + jne .Lloop10 + + vmovq %r9,%xmm0 + vpbroadcastq %xmm0,%ymm0 + vpblendd $3,%ymm0,%ymm3,%ymm3 + + leaq -640(%rsp),%rsp + vmovupd %ymm3,0(%rsp) + vmovupd %ymm4,32(%rsp) + vmovupd %ymm5,64(%rsp) + vmovupd %ymm6,96(%rsp) + vmovupd %ymm7,128(%rsp) + vmovupd %ymm8,160(%rsp) + vmovupd %ymm9,192(%rsp) + vmovupd %ymm10,224(%rsp) + vmovupd %ymm11,256(%rsp) + vmovupd %ymm12,288(%rsp) + + + + vpsrlq $52,%ymm3,%ymm3 + vpsrlq $52,%ymm4,%ymm4 + vpsrlq $52,%ymm5,%ymm5 + vpsrlq $52,%ymm6,%ymm6 + vpsrlq $52,%ymm7,%ymm7 + vpsrlq $52,%ymm8,%ymm8 + vpsrlq $52,%ymm9,%ymm9 + vpsrlq $52,%ymm10,%ymm10 + vpsrlq $52,%ymm11,%ymm11 + vpsrlq $52,%ymm12,%ymm12 + + + vpermq $144,%ymm12,%ymm12 + vpermq $3,%ymm11,%ymm13 + vblendpd $1,%ymm13,%ymm12,%ymm12 + + vpermq $144,%ymm11,%ymm11 + vpermq $3,%ymm10,%ymm13 + vblendpd $1,%ymm13,%ymm11,%ymm11 + + vpermq $144,%ymm10,%ymm10 + vpermq $3,%ymm9,%ymm13 + vblendpd $1,%ymm13,%ymm10,%ymm10 + + vpermq $144,%ymm9,%ymm9 + vpermq $3,%ymm8,%ymm13 + vblendpd $1,%ymm13,%ymm9,%ymm9 + + vpermq $144,%ymm8,%ymm8 + vpermq $3,%ymm7,%ymm13 + vblendpd $1,%ymm13,%ymm8,%ymm8 + + vpermq $144,%ymm7,%ymm7 + vpermq $3,%ymm6,%ymm13 + vblendpd $1,%ymm13,%ymm7,%ymm7 + + vpermq $144,%ymm6,%ymm6 + vpermq $3,%ymm5,%ymm13 + vblendpd $1,%ymm13,%ymm6,%ymm6 + + vpermq $144,%ymm5,%ymm5 + vpermq $3,%ymm4,%ymm13 + vblendpd $1,%ymm13,%ymm5,%ymm5 + + vpermq $144,%ymm4,%ymm4 + vpermq $3,%ymm3,%ymm13 + vblendpd $1,%ymm13,%ymm4,%ymm4 + + vpermq $144,%ymm3,%ymm3 + vpand .Lhigh64x3(%rip),%ymm3,%ymm3 + + vmovupd %ymm3,320(%rsp) + vmovupd %ymm4,352(%rsp) + vmovupd %ymm5,384(%rsp) + vmovupd %ymm6,416(%rsp) + vmovupd %ymm7,448(%rsp) + vmovupd %ymm8,480(%rsp) + vmovupd %ymm9,512(%rsp) + vmovupd %ymm10,544(%rsp) + vmovupd %ymm11,576(%rsp) + vmovupd %ymm12,608(%rsp) + + vmovupd 0(%rsp),%ymm3 + vmovupd 32(%rsp),%ymm4 + vmovupd 64(%rsp),%ymm5 + vmovupd 96(%rsp),%ymm6 + vmovupd 128(%rsp),%ymm7 + vmovupd 160(%rsp),%ymm8 + vmovupd 192(%rsp),%ymm9 + vmovupd 224(%rsp),%ymm10 + vmovupd 256(%rsp),%ymm11 + vmovupd 288(%rsp),%ymm12 + + + vpand .Lmask52x4(%rip),%ymm3,%ymm3 + vpand .Lmask52x4(%rip),%ymm4,%ymm4 + vpand .Lmask52x4(%rip),%ymm5,%ymm5 + vpand .Lmask52x4(%rip),%ymm6,%ymm6 + vpand .Lmask52x4(%rip),%ymm7,%ymm7 + vpand .Lmask52x4(%rip),%ymm8,%ymm8 + vpand .Lmask52x4(%rip),%ymm9,%ymm9 + vpand .Lmask52x4(%rip),%ymm10,%ymm10 + vpand .Lmask52x4(%rip),%ymm11,%ymm11 + vpand .Lmask52x4(%rip),%ymm12,%ymm12 + + + vpaddq 320(%rsp),%ymm3,%ymm3 + vpaddq 352(%rsp),%ymm4,%ymm4 + vpaddq 384(%rsp),%ymm5,%ymm5 + vpaddq 416(%rsp),%ymm6,%ymm6 + vpaddq 448(%rsp),%ymm7,%ymm7 + vpaddq 480(%rsp),%ymm8,%ymm8 + vpaddq 512(%rsp),%ymm9,%ymm9 + vpaddq 544(%rsp),%ymm10,%ymm10 + vpaddq 576(%rsp),%ymm11,%ymm11 + vpaddq 608(%rsp),%ymm12,%ymm12 + + leaq 640(%rsp),%rsp + + + + vpcmpgtq .Lmask52x4(%rip),%ymm3,%ymm13 + vmovmskpd %ymm13,%r14d + vpcmpgtq .Lmask52x4(%rip),%ymm4,%ymm13 + vmovmskpd %ymm13,%r13d + shlb $4,%r13b + orb %r13b,%r14b + + vpcmpgtq .Lmask52x4(%rip),%ymm5,%ymm13 + vmovmskpd %ymm13,%r13d + vpcmpgtq .Lmask52x4(%rip),%ymm6,%ymm13 + vmovmskpd %ymm13,%r12d + shlb $4,%r12b + orb %r12b,%r13b + + vpcmpgtq .Lmask52x4(%rip),%ymm7,%ymm13 + vmovmskpd %ymm13,%r12d + vpcmpgtq .Lmask52x4(%rip),%ymm8,%ymm13 + vmovmskpd %ymm13,%r11d + shlb $4,%r11b + orb %r11b,%r12b + + vpcmpgtq .Lmask52x4(%rip),%ymm9,%ymm13 + vmovmskpd %ymm13,%r11d + vpcmpgtq .Lmask52x4(%rip),%ymm10,%ymm13 + vmovmskpd %ymm13,%r10d + shlb $4,%r10b + orb %r10b,%r11b + + vpcmpgtq .Lmask52x4(%rip),%ymm11,%ymm13 + vmovmskpd %ymm13,%r10d + vpcmpgtq .Lmask52x4(%rip),%ymm12,%ymm13 + vmovmskpd %ymm13,%r9d + shlb $4,%r9b + orb %r9b,%r10b + + addb %r14b,%r14b + adcb %r13b,%r13b + adcb %r12b,%r12b + adcb %r11b,%r11b + adcb %r10b,%r10b + + + vpcmpeqq .Lmask52x4(%rip),%ymm3,%ymm13 + vmovmskpd %ymm13,%r9d + vpcmpeqq .Lmask52x4(%rip),%ymm4,%ymm13 + vmovmskpd %ymm13,%r8d + shlb $4,%r8b + orb %r8b,%r9b + + vpcmpeqq .Lmask52x4(%rip),%ymm5,%ymm13 + vmovmskpd %ymm13,%r8d + vpcmpeqq .Lmask52x4(%rip),%ymm6,%ymm13 + vmovmskpd %ymm13,%edx + shlb $4,%dl + orb %dl,%r8b + + vpcmpeqq .Lmask52x4(%rip),%ymm7,%ymm13 + vmovmskpd %ymm13,%edx + vpcmpeqq .Lmask52x4(%rip),%ymm8,%ymm13 + vmovmskpd %ymm13,%ecx + shlb $4,%cl + orb %cl,%dl + + vpcmpeqq .Lmask52x4(%rip),%ymm9,%ymm13 + vmovmskpd %ymm13,%ecx + vpcmpeqq .Lmask52x4(%rip),%ymm10,%ymm13 + vmovmskpd %ymm13,%ebx + shlb $4,%bl + orb %bl,%cl + + vpcmpeqq .Lmask52x4(%rip),%ymm11,%ymm13 + vmovmskpd %ymm13,%ebx + vpcmpeqq .Lmask52x4(%rip),%ymm12,%ymm13 + vmovmskpd %ymm13,%eax + shlb $4,%al + orb %al,%bl + + addb %r9b,%r14b + adcb %r8b,%r13b + adcb %dl,%r12b + adcb %cl,%r11b + adcb %bl,%r10b + + xorb %r9b,%r14b + xorb %r8b,%r13b + xorb %dl,%r12b + xorb %cl,%r11b + xorb %bl,%r10b + + pushq %r9 + pushq %r8 + + leaq .Lkmasklut(%rip),%r8 + + movb %r14b,%r9b + andq $0xf,%r14 + vpsubq .Lmask52x4(%rip),%ymm3,%ymm13 + shlq $5,%r14 + vmovapd (%r8,%r14,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm3,%ymm3 + + shrb $4,%r9b + andq $0xf,%r9 + vpsubq .Lmask52x4(%rip),%ymm4,%ymm13 + shlq $5,%r9 + vmovapd (%r8,%r9,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm4,%ymm4 + + movb %r13b,%r9b + andq $0xf,%r13 + vpsubq .Lmask52x4(%rip),%ymm5,%ymm13 + shlq $5,%r13 + vmovapd (%r8,%r13,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm5,%ymm5 + + shrb $4,%r9b + andq $0xf,%r9 + vpsubq .Lmask52x4(%rip),%ymm6,%ymm13 + shlq $5,%r9 + vmovapd (%r8,%r9,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm6,%ymm6 + + movb %r12b,%r9b + andq $0xf,%r12 + vpsubq .Lmask52x4(%rip),%ymm7,%ymm13 + shlq $5,%r12 + vmovapd (%r8,%r12,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm7,%ymm7 + + shrb $4,%r9b + andq $0xf,%r9 + vpsubq .Lmask52x4(%rip),%ymm8,%ymm13 + shlq $5,%r9 + vmovapd (%r8,%r9,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm8,%ymm8 + + movb %r11b,%r9b + andq $0xf,%r11 + vpsubq .Lmask52x4(%rip),%ymm9,%ymm13 + shlq $5,%r11 + vmovapd (%r8,%r11,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm9,%ymm9 + + shrb $4,%r9b + andq $0xf,%r9 + vpsubq .Lmask52x4(%rip),%ymm10,%ymm13 + shlq $5,%r9 + vmovapd (%r8,%r9,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm10,%ymm10 + + movb %r10b,%r9b + andq $0xf,%r10 + vpsubq .Lmask52x4(%rip),%ymm11,%ymm13 + shlq $5,%r10 + vmovapd (%r8,%r10,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm11,%ymm11 + + shrb $4,%r9b + andq $0xf,%r9 + vpsubq .Lmask52x4(%rip),%ymm12,%ymm13 + shlq $5,%r9 + vmovapd (%r8,%r9,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm12,%ymm12 + + popq %r8 + popq %r9 + + vpand .Lmask52x4(%rip),%ymm3,%ymm3 + vpand .Lmask52x4(%rip),%ymm4,%ymm4 + vpand .Lmask52x4(%rip),%ymm5,%ymm5 + vpand .Lmask52x4(%rip),%ymm6,%ymm6 + vpand .Lmask52x4(%rip),%ymm7,%ymm7 + vpand .Lmask52x4(%rip),%ymm8,%ymm8 + vpand .Lmask52x4(%rip),%ymm9,%ymm9 + + vpand .Lmask52x4(%rip),%ymm10,%ymm10 + vpand .Lmask52x4(%rip),%ymm11,%ymm11 + vpand .Lmask52x4(%rip),%ymm12,%ymm12 + + vmovdqu %ymm3,0(%rdi) + vmovdqu %ymm4,32(%rdi) + vmovdqu %ymm5,64(%rdi) + vmovdqu %ymm6,96(%rdi) + vmovdqu %ymm7,128(%rdi) + vmovdqu %ymm8,160(%rdi) + vmovdqu %ymm9,192(%rdi) + vmovdqu %ymm10,224(%rdi) + vmovdqu %ymm11,256(%rdi) + vmovdqu %ymm12,288(%rdi) + + vzeroupper + leaq (%rsp),%rax +.cfi_def_cfa_register %rax + movq 0(%rax),%r15 +.cfi_restore %r15 + movq 8(%rax),%r14 +.cfi_restore %r14 + movq 16(%rax),%r13 +.cfi_restore %r13 + movq 24(%rax),%r12 +.cfi_restore %r12 + movq 32(%rax),%rbp +.cfi_restore %rbp + movq 40(%rax),%rbx +.cfi_restore %rbx + leaq 48(%rax),%rsp +.cfi_def_cfa %rsp,8 +.Lossl_rsaz_amm52x40_x1_avxifma256_epilogue: + + .byte 0xf3,0xc3 +.cfi_endproc +.size ossl_rsaz_amm52x40_x1_avxifma256, .-ossl_rsaz_amm52x40_x1_avxifma256 +.section .rodata +.align 32 +.Lmask52x4: +.quad 0xfffffffffffff +.quad 0xfffffffffffff +.quad 0xfffffffffffff +.quad 0xfffffffffffff +.Lhigh64x3: +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.Lkmasklut: + +.quad 0x0 +.quad 0x0 +.quad 0x0 +.quad 0x0 + +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0x0 +.quad 0x0 + +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0x0 + +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0x0 + +.quad 0x0 +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0x0 + +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0x0 + +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0x0 + +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0x0 + +.quad 0x0 +.quad 0x0 +.quad 0x0 +.quad 0xffffffffffffffff + +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0x0 +.quad 0xffffffffffffffff + +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0xffffffffffffffff + +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0xffffffffffffffff + +.quad 0x0 +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff + +.quad 0xffffffffffffffff +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff + +.quad 0x0 +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff + +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.quad 0xffffffffffffffff +.text + +.globl ossl_rsaz_amm52x40_x2_avxifma256 +.type ossl_rsaz_amm52x40_x2_avxifma256,@function +.align 32 +ossl_rsaz_amm52x40_x2_avxifma256: +.cfi_startproc +.byte 243,15,30,250 + pushq %rbx +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbx,-16 + pushq %rbp +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbp,-24 + pushq %r12 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r12,-32 + pushq %r13 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r13,-40 + pushq %r14 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r14,-48 + pushq %r15 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r15,-56 + + vpxor %ymm0,%ymm0,%ymm0 + vmovapd %ymm0,%ymm3 + vmovapd %ymm0,%ymm4 + vmovapd %ymm0,%ymm5 + vmovapd %ymm0,%ymm6 + vmovapd %ymm0,%ymm7 + vmovapd %ymm0,%ymm8 + vmovapd %ymm0,%ymm9 + vmovapd %ymm0,%ymm10 + vmovapd %ymm0,%ymm11 + vmovapd %ymm0,%ymm12 + + xorl %r9d,%r9d + + movq %rdx,%r11 + movq $0xfffffffffffff,%rax + + movl $40,%ebx + +.align 32 +.Lloop40: + movq 0(%r11),%r13 + + vpbroadcastq 0(%r11),%ymm1 + movq 0(%rsi),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + movq %r12,%r10 + adcq $0,%r10 + + movq (%r8),%r13 + imulq %r9,%r13 + andq %rax,%r13 + + vmovq %r13,%xmm2 + vpbroadcastq %xmm2,%ymm2 + movq 0(%rcx),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + adcq %r12,%r10 + + shrq $52,%r9 + salq $12,%r10 + orq %r10,%r9 + + leaq -328(%rsp),%rsp + +{vex} vpmadd52luq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52luq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52luq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52luq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52luq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52luq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52luq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52luq 224(%rsi),%ymm1,%ymm10 +{vex} vpmadd52luq 256(%rsi),%ymm1,%ymm11 +{vex} vpmadd52luq 288(%rsi),%ymm1,%ymm12 + +{vex} vpmadd52luq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52luq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52luq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52luq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52luq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52luq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52luq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52luq 224(%rcx),%ymm2,%ymm10 +{vex} vpmadd52luq 256(%rcx),%ymm2,%ymm11 +{vex} vpmadd52luq 288(%rcx),%ymm2,%ymm12 + vmovdqu %ymm3,0(%rsp) + vmovdqu %ymm4,32(%rsp) + vmovdqu %ymm5,64(%rsp) + vmovdqu %ymm6,96(%rsp) + vmovdqu %ymm7,128(%rsp) + vmovdqu %ymm8,160(%rsp) + vmovdqu %ymm9,192(%rsp) + vmovdqu %ymm10,224(%rsp) + vmovdqu %ymm11,256(%rsp) + vmovdqu %ymm12,288(%rsp) + movq $0,320(%rsp) + + vmovdqu 8(%rsp),%ymm3 + vmovdqu 40(%rsp),%ymm4 + vmovdqu 72(%rsp),%ymm5 + vmovdqu 104(%rsp),%ymm6 + vmovdqu 136(%rsp),%ymm7 + vmovdqu 168(%rsp),%ymm8 + vmovdqu 200(%rsp),%ymm9 + vmovdqu 232(%rsp),%ymm10 + vmovdqu 264(%rsp),%ymm11 + vmovdqu 296(%rsp),%ymm12 + + addq 8(%rsp),%r9 + +{vex} vpmadd52huq 0(%rsi),%ymm1,%ymm3 +{vex} vpmadd52huq 32(%rsi),%ymm1,%ymm4 +{vex} vpmadd52huq 64(%rsi),%ymm1,%ymm5 +{vex} vpmadd52huq 96(%rsi),%ymm1,%ymm6 +{vex} vpmadd52huq 128(%rsi),%ymm1,%ymm7 +{vex} vpmadd52huq 160(%rsi),%ymm1,%ymm8 +{vex} vpmadd52huq 192(%rsi),%ymm1,%ymm9 +{vex} vpmadd52huq 224(%rsi),%ymm1,%ymm10 +{vex} vpmadd52huq 256(%rsi),%ymm1,%ymm11 +{vex} vpmadd52huq 288(%rsi),%ymm1,%ymm12 + +{vex} vpmadd52huq 0(%rcx),%ymm2,%ymm3 +{vex} vpmadd52huq 32(%rcx),%ymm2,%ymm4 +{vex} vpmadd52huq 64(%rcx),%ymm2,%ymm5 +{vex} vpmadd52huq 96(%rcx),%ymm2,%ymm6 +{vex} vpmadd52huq 128(%rcx),%ymm2,%ymm7 +{vex} vpmadd52huq 160(%rcx),%ymm2,%ymm8 +{vex} vpmadd52huq 192(%rcx),%ymm2,%ymm9 +{vex} vpmadd52huq 224(%rcx),%ymm2,%ymm10 +{vex} vpmadd52huq 256(%rcx),%ymm2,%ymm11 +{vex} vpmadd52huq 288(%rcx),%ymm2,%ymm12 + leaq 328(%rsp),%rsp + leaq 8(%r11),%r11 + decl %ebx + jne .Lloop40 + + pushq %r11 + pushq %rsi + pushq %rcx + pushq %r8 + + vmovq %r9,%xmm0 + vpbroadcastq %xmm0,%ymm0 + vpblendd $3,%ymm0,%ymm3,%ymm3 + + leaq -640(%rsp),%rsp + vmovupd %ymm3,0(%rsp) + vmovupd %ymm4,32(%rsp) + vmovupd %ymm5,64(%rsp) + vmovupd %ymm6,96(%rsp) + vmovupd %ymm7,128(%rsp) + vmovupd %ymm8,160(%rsp) + vmovupd %ymm9,192(%rsp) + vmovupd %ymm10,224(%rsp) + vmovupd %ymm11,256(%rsp) + vmovupd %ymm12,288(%rsp) + + + + vpsrlq $52,%ymm3,%ymm3 + vpsrlq $52,%ymm4,%ymm4 + vpsrlq $52,%ymm5,%ymm5 + vpsrlq $52,%ymm6,%ymm6 + vpsrlq $52,%ymm7,%ymm7 + vpsrlq $52,%ymm8,%ymm8 + vpsrlq $52,%ymm9,%ymm9 + vpsrlq $52,%ymm10,%ymm10 + vpsrlq $52,%ymm11,%ymm11 + vpsrlq $52,%ymm12,%ymm12 + + + vpermq $144,%ymm12,%ymm12 + vpermq $3,%ymm11,%ymm13 + vblendpd $1,%ymm13,%ymm12,%ymm12 + + vpermq $144,%ymm11,%ymm11 + vpermq $3,%ymm10,%ymm13 + vblendpd $1,%ymm13,%ymm11,%ymm11 + + vpermq $144,%ymm10,%ymm10 + vpermq $3,%ymm9,%ymm13 + vblendpd $1,%ymm13,%ymm10,%ymm10 + + vpermq $144,%ymm9,%ymm9 + vpermq $3,%ymm8,%ymm13 + vblendpd $1,%ymm13,%ymm9,%ymm9 + + vpermq $144,%ymm8,%ymm8 + vpermq $3,%ymm7,%ymm13 + vblendpd $1,%ymm13,%ymm8,%ymm8 + + vpermq $144,%ymm7,%ymm7 + vpermq $3,%ymm6,%ymm13 + vblendpd $1,%ymm13,%ymm7,%ymm7 + + vpermq $144,%ymm6,%ymm6 + vpermq $3,%ymm5,%ymm13 + vblendpd $1,%ymm13,%ymm6,%ymm6 + + vpermq $144,%ymm5,%ymm5 + vpermq $3,%ymm4,%ymm13 + vblendpd $1,%ymm13,%ymm5,%ymm5 + + vpermq $144,%ymm4,%ymm4 + vpermq $3,%ymm3,%ymm13 + vblendpd $1,%ymm13,%ymm4,%ymm4 + + vpermq $144,%ymm3,%ymm3 + vpand .Lhigh64x3(%rip),%ymm3,%ymm3 + + vmovupd %ymm3,320(%rsp) + vmovupd %ymm4,352(%rsp) + vmovupd %ymm5,384(%rsp) + vmovupd %ymm6,416(%rsp) + vmovupd %ymm7,448(%rsp) + vmovupd %ymm8,480(%rsp) + vmovupd %ymm9,512(%rsp) + vmovupd %ymm10,544(%rsp) + vmovupd %ymm11,576(%rsp) + vmovupd %ymm12,608(%rsp) + + vmovupd 0(%rsp),%ymm3 + vmovupd 32(%rsp),%ymm4 + vmovupd 64(%rsp),%ymm5 + vmovupd 96(%rsp),%ymm6 + vmovupd 128(%rsp),%ymm7 + vmovupd 160(%rsp),%ymm8 + vmovupd 192(%rsp),%ymm9 + vmovupd 224(%rsp),%ymm10 + vmovupd 256(%rsp),%ymm11 + vmovupd 288(%rsp),%ymm12 + + + vpand .Lmask52x4(%rip),%ymm3,%ymm3 + vpand .Lmask52x4(%rip),%ymm4,%ymm4 + vpand .Lmask52x4(%rip),%ymm5,%ymm5 + vpand .Lmask52x4(%rip),%ymm6,%ymm6 + vpand .Lmask52x4(%rip),%ymm7,%ymm7 + vpand .Lmask52x4(%rip),%ymm8,%ymm8 + vpand .Lmask52x4(%rip),%ymm9,%ymm9 + vpand .Lmask52x4(%rip),%ymm10,%ymm10 + vpand .Lmask52x4(%rip),%ymm11,%ymm11 + vpand .Lmask52x4(%rip),%ymm12,%ymm12 + + + vpaddq 320(%rsp),%ymm3,%ymm3 + vpaddq 352(%rsp),%ymm4,%ymm4 + vpaddq 384(%rsp),%ymm5,%ymm5 + vpaddq 416(%rsp),%ymm6,%ymm6 + vpaddq 448(%rsp),%ymm7,%ymm7 + vpaddq 480(%rsp),%ymm8,%ymm8 + vpaddq 512(%rsp),%ymm9,%ymm9 + vpaddq 544(%rsp),%ymm10,%ymm10 + vpaddq 576(%rsp),%ymm11,%ymm11 + vpaddq 608(%rsp),%ymm12,%ymm12 + + leaq 640(%rsp),%rsp + + + + vpcmpgtq .Lmask52x4(%rip),%ymm3,%ymm13 + vmovmskpd %ymm13,%r14d + vpcmpgtq .Lmask52x4(%rip),%ymm4,%ymm13 + vmovmskpd %ymm13,%r13d + shlb $4,%r13b + orb %r13b,%r14b + + vpcmpgtq .Lmask52x4(%rip),%ymm5,%ymm13 + vmovmskpd %ymm13,%r13d + vpcmpgtq .Lmask52x4(%rip),%ymm6,%ymm13 + vmovmskpd %ymm13,%r12d + shlb $4,%r12b + orb %r12b,%r13b + + vpcmpgtq .Lmask52x4(%rip),%ymm7,%ymm13 + vmovmskpd %ymm13,%r12d + vpcmpgtq .Lmask52x4(%rip),%ymm8,%ymm13 + vmovmskpd %ymm13,%r11d + shlb $4,%r11b + orb %r11b,%r12b + + vpcmpgtq .Lmask52x4(%rip),%ymm9,%ymm13 + vmovmskpd %ymm13,%r11d + vpcmpgtq .Lmask52x4(%rip),%ymm10,%ymm13 + vmovmskpd %ymm13,%r10d + shlb $4,%r10b + orb %r10b,%r11b + + vpcmpgtq .Lmask52x4(%rip),%ymm11,%ymm13 + vmovmskpd %ymm13,%r10d + vpcmpgtq .Lmask52x4(%rip),%ymm12,%ymm13 + vmovmskpd %ymm13,%r9d + shlb $4,%r9b + orb %r9b,%r10b + + addb %r14b,%r14b + adcb %r13b,%r13b + adcb %r12b,%r12b + adcb %r11b,%r11b + adcb %r10b,%r10b + + + vpcmpeqq .Lmask52x4(%rip),%ymm3,%ymm13 + vmovmskpd %ymm13,%r9d + vpcmpeqq .Lmask52x4(%rip),%ymm4,%ymm13 + vmovmskpd %ymm13,%r8d + shlb $4,%r8b + orb %r8b,%r9b + + vpcmpeqq .Lmask52x4(%rip),%ymm5,%ymm13 + vmovmskpd %ymm13,%r8d + vpcmpeqq .Lmask52x4(%rip),%ymm6,%ymm13 + vmovmskpd %ymm13,%edx + shlb $4,%dl + orb %dl,%r8b + + vpcmpeqq .Lmask52x4(%rip),%ymm7,%ymm13 + vmovmskpd %ymm13,%edx + vpcmpeqq .Lmask52x4(%rip),%ymm8,%ymm13 + vmovmskpd %ymm13,%ecx + shlb $4,%cl + orb %cl,%dl + + vpcmpeqq .Lmask52x4(%rip),%ymm9,%ymm13 + vmovmskpd %ymm13,%ecx + vpcmpeqq .Lmask52x4(%rip),%ymm10,%ymm13 + vmovmskpd %ymm13,%ebx + shlb $4,%bl + orb %bl,%cl + + vpcmpeqq .Lmask52x4(%rip),%ymm11,%ymm13 + vmovmskpd %ymm13,%ebx + vpcmpeqq .Lmask52x4(%rip),%ymm12,%ymm13 + vmovmskpd %ymm13,%eax + shlb $4,%al + orb %al,%bl + + addb %r9b,%r14b + adcb %r8b,%r13b + adcb %dl,%r12b + adcb %cl,%r11b + adcb %bl,%r10b + + xorb %r9b,%r14b + xorb %r8b,%r13b + xorb %dl,%r12b + xorb %cl,%r11b + xorb %bl,%r10b + + pushq %r9 + pushq %r8 + + leaq .Lkmasklut(%rip),%r8 + + movb %r14b,%r9b + andq $0xf,%r14 + vpsubq .Lmask52x4(%rip),%ymm3,%ymm13 + shlq $5,%r14 + vmovapd (%r8,%r14,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm3,%ymm3 + + shrb $4,%r9b + andq $0xf,%r9 + vpsubq .Lmask52x4(%rip),%ymm4,%ymm13 + shlq $5,%r9 + vmovapd (%r8,%r9,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm4,%ymm4 + + movb %r13b,%r9b + andq $0xf,%r13 + vpsubq .Lmask52x4(%rip),%ymm5,%ymm13 + shlq $5,%r13 + vmovapd (%r8,%r13,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm5,%ymm5 + + shrb $4,%r9b + andq $0xf,%r9 + vpsubq .Lmask52x4(%rip),%ymm6,%ymm13 + shlq $5,%r9 + vmovapd (%r8,%r9,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm6,%ymm6 + + movb %r12b,%r9b + andq $0xf,%r12 + vpsubq .Lmask52x4(%rip),%ymm7,%ymm13 + shlq $5,%r12 + vmovapd (%r8,%r12,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm7,%ymm7 + + shrb $4,%r9b + andq $0xf,%r9 + vpsubq .Lmask52x4(%rip),%ymm8,%ymm13 + shlq $5,%r9 + vmovapd (%r8,%r9,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm8,%ymm8 + + movb %r11b,%r9b + andq $0xf,%r11 + vpsubq .Lmask52x4(%rip),%ymm9,%ymm13 + shlq $5,%r11 + vmovapd (%r8,%r11,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm9,%ymm9 + + shrb $4,%r9b + andq $0xf,%r9 + vpsubq .Lmask52x4(%rip),%ymm10,%ymm13 + shlq $5,%r9 + vmovapd (%r8,%r9,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm10,%ymm10 + + movb %r10b,%r9b + andq $0xf,%r10 + vpsubq .Lmask52x4(%rip),%ymm11,%ymm13 + shlq $5,%r10 + vmovapd (%r8,%r10,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm11,%ymm11 + + shrb $4,%r9b + andq $0xf,%r9 + vpsubq .Lmask52x4(%rip),%ymm12,%ymm13 + shlq $5,%r9 + vmovapd (%r8,%r9,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm12,%ymm12 + + popq %r8 + popq %r9 + + vpand .Lmask52x4(%rip),%ymm3,%ymm3 + vpand .Lmask52x4(%rip),%ymm4,%ymm4 + vpand .Lmask52x4(%rip),%ymm5,%ymm5 + vpand .Lmask52x4(%rip),%ymm6,%ymm6 + vpand .Lmask52x4(%rip),%ymm7,%ymm7 + vpand .Lmask52x4(%rip),%ymm8,%ymm8 + vpand .Lmask52x4(%rip),%ymm9,%ymm9 + + vpand .Lmask52x4(%rip),%ymm10,%ymm10 + vpand .Lmask52x4(%rip),%ymm11,%ymm11 + vpand .Lmask52x4(%rip),%ymm12,%ymm12 + + popq %r8 + popq %rcx + popq %rsi + popq %r11 + + vmovdqu %ymm3,0(%rdi) + vmovdqu %ymm4,32(%rdi) + vmovdqu %ymm5,64(%rdi) + vmovdqu %ymm6,96(%rdi) + vmovdqu %ymm7,128(%rdi) + vmovdqu %ymm8,160(%rdi) + vmovdqu %ymm9,192(%rdi) + vmovdqu %ymm10,224(%rdi) + vmovdqu %ymm11,256(%rdi) + vmovdqu %ymm12,288(%rdi) + + xorl %r15d,%r15d + + movq $0xfffffffffffff,%rax + + movl $40,%ebx + + vpxor %ymm0,%ymm0,%ymm0 + vmovapd %ymm0,%ymm3 + vmovapd %ymm0,%ymm4 + vmovapd %ymm0,%ymm5 + vmovapd %ymm0,%ymm6 + vmovapd %ymm0,%ymm7 + vmovapd %ymm0,%ymm8 + vmovapd %ymm0,%ymm9 + vmovapd %ymm0,%ymm10 + vmovapd %ymm0,%ymm11 + vmovapd %ymm0,%ymm12 +.align 32 +.Lloop40_1: + movq 0(%r11),%r13 + + vpbroadcastq 0(%r11),%ymm1 + movq 320(%rsi),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + movq %r12,%r10 + adcq $0,%r10 + + movq 8(%r8),%r13 + imulq %r9,%r13 + andq %rax,%r13 + + vmovq %r13,%xmm2 + vpbroadcastq %xmm2,%ymm2 + movq 320(%rcx),%rdx + mulxq %r13,%r13,%r12 + addq %r13,%r9 + adcq %r12,%r10 + + shrq $52,%r9 + salq $12,%r10 + orq %r10,%r9 + + leaq -328(%rsp),%rsp + +{vex} vpmadd52luq 320(%rsi),%ymm1,%ymm3 +{vex} vpmadd52luq 352(%rsi),%ymm1,%ymm4 +{vex} vpmadd52luq 384(%rsi),%ymm1,%ymm5 +{vex} vpmadd52luq 416(%rsi),%ymm1,%ymm6 +{vex} vpmadd52luq 448(%rsi),%ymm1,%ymm7 +{vex} vpmadd52luq 480(%rsi),%ymm1,%ymm8 +{vex} vpmadd52luq 512(%rsi),%ymm1,%ymm9 +{vex} vpmadd52luq 544(%rsi),%ymm1,%ymm10 +{vex} vpmadd52luq 576(%rsi),%ymm1,%ymm11 +{vex} vpmadd52luq 608(%rsi),%ymm1,%ymm12 + +{vex} vpmadd52luq 320(%rcx),%ymm2,%ymm3 +{vex} vpmadd52luq 352(%rcx),%ymm2,%ymm4 +{vex} vpmadd52luq 384(%rcx),%ymm2,%ymm5 +{vex} vpmadd52luq 416(%rcx),%ymm2,%ymm6 +{vex} vpmadd52luq 448(%rcx),%ymm2,%ymm7 +{vex} vpmadd52luq 480(%rcx),%ymm2,%ymm8 +{vex} vpmadd52luq 512(%rcx),%ymm2,%ymm9 +{vex} vpmadd52luq 544(%rcx),%ymm2,%ymm10 +{vex} vpmadd52luq 576(%rcx),%ymm2,%ymm11 +{vex} vpmadd52luq 608(%rcx),%ymm2,%ymm12 + vmovdqu %ymm3,0(%rsp) + vmovdqu %ymm4,32(%rsp) + vmovdqu %ymm5,64(%rsp) + vmovdqu %ymm6,96(%rsp) + vmovdqu %ymm7,128(%rsp) + vmovdqu %ymm8,160(%rsp) + vmovdqu %ymm9,192(%rsp) + vmovdqu %ymm10,224(%rsp) + vmovdqu %ymm11,256(%rsp) + vmovdqu %ymm12,288(%rsp) + movq $0,320(%rsp) + + vmovdqu 8(%rsp),%ymm3 + vmovdqu 40(%rsp),%ymm4 + vmovdqu 72(%rsp),%ymm5 + vmovdqu 104(%rsp),%ymm6 + vmovdqu 136(%rsp),%ymm7 + vmovdqu 168(%rsp),%ymm8 + vmovdqu 200(%rsp),%ymm9 + vmovdqu 232(%rsp),%ymm10 + vmovdqu 264(%rsp),%ymm11 + vmovdqu 296(%rsp),%ymm12 + + addq 8(%rsp),%r9 + +{vex} vpmadd52huq 320(%rsi),%ymm1,%ymm3 +{vex} vpmadd52huq 352(%rsi),%ymm1,%ymm4 +{vex} vpmadd52huq 384(%rsi),%ymm1,%ymm5 +{vex} vpmadd52huq 416(%rsi),%ymm1,%ymm6 +{vex} vpmadd52huq 448(%rsi),%ymm1,%ymm7 +{vex} vpmadd52huq 480(%rsi),%ymm1,%ymm8 +{vex} vpmadd52huq 512(%rsi),%ymm1,%ymm9 +{vex} vpmadd52huq 544(%rsi),%ymm1,%ymm10 +{vex} vpmadd52huq 576(%rsi),%ymm1,%ymm11 +{vex} vpmadd52huq 608(%rsi),%ymm1,%ymm12 + +{vex} vpmadd52huq 320(%rcx),%ymm2,%ymm3 +{vex} vpmadd52huq 352(%rcx),%ymm2,%ymm4 +{vex} vpmadd52huq 384(%rcx),%ymm2,%ymm5 +{vex} vpmadd52huq 416(%rcx),%ymm2,%ymm6 +{vex} vpmadd52huq 448(%rcx),%ymm2,%ymm7 +{vex} vpmadd52huq 480(%rcx),%ymm2,%ymm8 +{vex} vpmadd52huq 512(%rcx),%ymm2,%ymm9 +{vex} vpmadd52huq 544(%rcx),%ymm2,%ymm10 +{vex} vpmadd52huq 576(%rcx),%ymm2,%ymm11 +{vex} vpmadd52huq 608(%rcx),%ymm2,%ymm12 + leaq 328(%rsp),%rsp + leaq 8(%r11),%r11 + decl %ebx + jne .Lloop40_1 + + vmovq %r9,%xmm0 + vpbroadcastq %xmm0,%ymm0 + vpblendd $3,%ymm0,%ymm3,%ymm3 + + leaq -640(%rsp),%rsp + vmovupd %ymm3,0(%rsp) + vmovupd %ymm4,32(%rsp) + vmovupd %ymm5,64(%rsp) + vmovupd %ymm6,96(%rsp) + vmovupd %ymm7,128(%rsp) + vmovupd %ymm8,160(%rsp) + vmovupd %ymm9,192(%rsp) + vmovupd %ymm10,224(%rsp) + vmovupd %ymm11,256(%rsp) + vmovupd %ymm12,288(%rsp) + + + + vpsrlq $52,%ymm3,%ymm3 + vpsrlq $52,%ymm4,%ymm4 + vpsrlq $52,%ymm5,%ymm5 + vpsrlq $52,%ymm6,%ymm6 + vpsrlq $52,%ymm7,%ymm7 + vpsrlq $52,%ymm8,%ymm8 + vpsrlq $52,%ymm9,%ymm9 + vpsrlq $52,%ymm10,%ymm10 + vpsrlq $52,%ymm11,%ymm11 + vpsrlq $52,%ymm12,%ymm12 + + + vpermq $144,%ymm12,%ymm12 + vpermq $3,%ymm11,%ymm13 + vblendpd $1,%ymm13,%ymm12,%ymm12 + + vpermq $144,%ymm11,%ymm11 + vpermq $3,%ymm10,%ymm13 + vblendpd $1,%ymm13,%ymm11,%ymm11 + + vpermq $144,%ymm10,%ymm10 + vpermq $3,%ymm9,%ymm13 + vblendpd $1,%ymm13,%ymm10,%ymm10 + + vpermq $144,%ymm9,%ymm9 + vpermq $3,%ymm8,%ymm13 + vblendpd $1,%ymm13,%ymm9,%ymm9 + + vpermq $144,%ymm8,%ymm8 + vpermq $3,%ymm7,%ymm13 + vblendpd $1,%ymm13,%ymm8,%ymm8 + + vpermq $144,%ymm7,%ymm7 + vpermq $3,%ymm6,%ymm13 + vblendpd $1,%ymm13,%ymm7,%ymm7 + + vpermq $144,%ymm6,%ymm6 + vpermq $3,%ymm5,%ymm13 + vblendpd $1,%ymm13,%ymm6,%ymm6 + + vpermq $144,%ymm5,%ymm5 + vpermq $3,%ymm4,%ymm13 + vblendpd $1,%ymm13,%ymm5,%ymm5 + + vpermq $144,%ymm4,%ymm4 + vpermq $3,%ymm3,%ymm13 + vblendpd $1,%ymm13,%ymm4,%ymm4 + + vpermq $144,%ymm3,%ymm3 + vpand .Lhigh64x3(%rip),%ymm3,%ymm3 + + vmovupd %ymm3,320(%rsp) + vmovupd %ymm4,352(%rsp) + vmovupd %ymm5,384(%rsp) + vmovupd %ymm6,416(%rsp) + vmovupd %ymm7,448(%rsp) + vmovupd %ymm8,480(%rsp) + vmovupd %ymm9,512(%rsp) + vmovupd %ymm10,544(%rsp) + vmovupd %ymm11,576(%rsp) + vmovupd %ymm12,608(%rsp) + + vmovupd 0(%rsp),%ymm3 + vmovupd 32(%rsp),%ymm4 + vmovupd 64(%rsp),%ymm5 + vmovupd 96(%rsp),%ymm6 + vmovupd 128(%rsp),%ymm7 + vmovupd 160(%rsp),%ymm8 + vmovupd 192(%rsp),%ymm9 + vmovupd 224(%rsp),%ymm10 + vmovupd 256(%rsp),%ymm11 + vmovupd 288(%rsp),%ymm12 + + + vpand .Lmask52x4(%rip),%ymm3,%ymm3 + vpand .Lmask52x4(%rip),%ymm4,%ymm4 + vpand .Lmask52x4(%rip),%ymm5,%ymm5 + vpand .Lmask52x4(%rip),%ymm6,%ymm6 + vpand .Lmask52x4(%rip),%ymm7,%ymm7 + vpand .Lmask52x4(%rip),%ymm8,%ymm8 + vpand .Lmask52x4(%rip),%ymm9,%ymm9 + vpand .Lmask52x4(%rip),%ymm10,%ymm10 + vpand .Lmask52x4(%rip),%ymm11,%ymm11 + vpand .Lmask52x4(%rip),%ymm12,%ymm12 + + + vpaddq 320(%rsp),%ymm3,%ymm3 + vpaddq 352(%rsp),%ymm4,%ymm4 + vpaddq 384(%rsp),%ymm5,%ymm5 + vpaddq 416(%rsp),%ymm6,%ymm6 + vpaddq 448(%rsp),%ymm7,%ymm7 + vpaddq 480(%rsp),%ymm8,%ymm8 + vpaddq 512(%rsp),%ymm9,%ymm9 + vpaddq 544(%rsp),%ymm10,%ymm10 + vpaddq 576(%rsp),%ymm11,%ymm11 + vpaddq 608(%rsp),%ymm12,%ymm12 + + leaq 640(%rsp),%rsp + + + + vpcmpgtq .Lmask52x4(%rip),%ymm3,%ymm13 + vmovmskpd %ymm13,%r14d + vpcmpgtq .Lmask52x4(%rip),%ymm4,%ymm13 + vmovmskpd %ymm13,%r13d + shlb $4,%r13b + orb %r13b,%r14b + + vpcmpgtq .Lmask52x4(%rip),%ymm5,%ymm13 + vmovmskpd %ymm13,%r13d + vpcmpgtq .Lmask52x4(%rip),%ymm6,%ymm13 + vmovmskpd %ymm13,%r12d + shlb $4,%r12b + orb %r12b,%r13b + + vpcmpgtq .Lmask52x4(%rip),%ymm7,%ymm13 + vmovmskpd %ymm13,%r12d + vpcmpgtq .Lmask52x4(%rip),%ymm8,%ymm13 + vmovmskpd %ymm13,%r11d + shlb $4,%r11b + orb %r11b,%r12b + + vpcmpgtq .Lmask52x4(%rip),%ymm9,%ymm13 + vmovmskpd %ymm13,%r11d + vpcmpgtq .Lmask52x4(%rip),%ymm10,%ymm13 + vmovmskpd %ymm13,%r10d + shlb $4,%r10b + orb %r10b,%r11b + + vpcmpgtq .Lmask52x4(%rip),%ymm11,%ymm13 + vmovmskpd %ymm13,%r10d + vpcmpgtq .Lmask52x4(%rip),%ymm12,%ymm13 + vmovmskpd %ymm13,%r9d + shlb $4,%r9b + orb %r9b,%r10b + + addb %r14b,%r14b + adcb %r13b,%r13b + adcb %r12b,%r12b + adcb %r11b,%r11b + adcb %r10b,%r10b + + + vpcmpeqq .Lmask52x4(%rip),%ymm3,%ymm13 + vmovmskpd %ymm13,%r9d + vpcmpeqq .Lmask52x4(%rip),%ymm4,%ymm13 + vmovmskpd %ymm13,%r8d + shlb $4,%r8b + orb %r8b,%r9b + + vpcmpeqq .Lmask52x4(%rip),%ymm5,%ymm13 + vmovmskpd %ymm13,%r8d + vpcmpeqq .Lmask52x4(%rip),%ymm6,%ymm13 + vmovmskpd %ymm13,%edx + shlb $4,%dl + orb %dl,%r8b + + vpcmpeqq .Lmask52x4(%rip),%ymm7,%ymm13 + vmovmskpd %ymm13,%edx + vpcmpeqq .Lmask52x4(%rip),%ymm8,%ymm13 + vmovmskpd %ymm13,%ecx + shlb $4,%cl + orb %cl,%dl + + vpcmpeqq .Lmask52x4(%rip),%ymm9,%ymm13 + vmovmskpd %ymm13,%ecx + vpcmpeqq .Lmask52x4(%rip),%ymm10,%ymm13 + vmovmskpd %ymm13,%ebx + shlb $4,%bl + orb %bl,%cl + + vpcmpeqq .Lmask52x4(%rip),%ymm11,%ymm13 + vmovmskpd %ymm13,%ebx + vpcmpeqq .Lmask52x4(%rip),%ymm12,%ymm13 + vmovmskpd %ymm13,%eax + shlb $4,%al + orb %al,%bl + + addb %r9b,%r14b + adcb %r8b,%r13b + adcb %dl,%r12b + adcb %cl,%r11b + adcb %bl,%r10b + + xorb %r9b,%r14b + xorb %r8b,%r13b + xorb %dl,%r12b + xorb %cl,%r11b + xorb %bl,%r10b + + pushq %r9 + pushq %r8 + + leaq .Lkmasklut(%rip),%r8 + + movb %r14b,%r9b + andq $0xf,%r14 + vpsubq .Lmask52x4(%rip),%ymm3,%ymm13 + shlq $5,%r14 + vmovapd (%r8,%r14,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm3,%ymm3 + + shrb $4,%r9b + andq $0xf,%r9 + vpsubq .Lmask52x4(%rip),%ymm4,%ymm13 + shlq $5,%r9 + vmovapd (%r8,%r9,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm4,%ymm4 + + movb %r13b,%r9b + andq $0xf,%r13 + vpsubq .Lmask52x4(%rip),%ymm5,%ymm13 + shlq $5,%r13 + vmovapd (%r8,%r13,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm5,%ymm5 + + shrb $4,%r9b + andq $0xf,%r9 + vpsubq .Lmask52x4(%rip),%ymm6,%ymm13 + shlq $5,%r9 + vmovapd (%r8,%r9,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm6,%ymm6 + + movb %r12b,%r9b + andq $0xf,%r12 + vpsubq .Lmask52x4(%rip),%ymm7,%ymm13 + shlq $5,%r12 + vmovapd (%r8,%r12,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm7,%ymm7 + + shrb $4,%r9b + andq $0xf,%r9 + vpsubq .Lmask52x4(%rip),%ymm8,%ymm13 + shlq $5,%r9 + vmovapd (%r8,%r9,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm8,%ymm8 + + movb %r11b,%r9b + andq $0xf,%r11 + vpsubq .Lmask52x4(%rip),%ymm9,%ymm13 + shlq $5,%r11 + vmovapd (%r8,%r11,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm9,%ymm9 + + shrb $4,%r9b + andq $0xf,%r9 + vpsubq .Lmask52x4(%rip),%ymm10,%ymm13 + shlq $5,%r9 + vmovapd (%r8,%r9,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm10,%ymm10 + + movb %r10b,%r9b + andq $0xf,%r10 + vpsubq .Lmask52x4(%rip),%ymm11,%ymm13 + shlq $5,%r10 + vmovapd (%r8,%r10,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm11,%ymm11 + + shrb $4,%r9b + andq $0xf,%r9 + vpsubq .Lmask52x4(%rip),%ymm12,%ymm13 + shlq $5,%r9 + vmovapd (%r8,%r9,1),%ymm14 + vblendvpd %ymm14,%ymm13,%ymm12,%ymm12 + + popq %r8 + popq %r9 + + vpand .Lmask52x4(%rip),%ymm3,%ymm3 + vpand .Lmask52x4(%rip),%ymm4,%ymm4 + vpand .Lmask52x4(%rip),%ymm5,%ymm5 + vpand .Lmask52x4(%rip),%ymm6,%ymm6 + vpand .Lmask52x4(%rip),%ymm7,%ymm7 + vpand .Lmask52x4(%rip),%ymm8,%ymm8 + vpand .Lmask52x4(%rip),%ymm9,%ymm9 + + vpand .Lmask52x4(%rip),%ymm10,%ymm10 + vpand .Lmask52x4(%rip),%ymm11,%ymm11 + vpand .Lmask52x4(%rip),%ymm12,%ymm12 + + vmovdqu %ymm3,320(%rdi) + vmovdqu %ymm4,352(%rdi) + vmovdqu %ymm5,384(%rdi) + vmovdqu %ymm6,416(%rdi) + vmovdqu %ymm7,448(%rdi) + vmovdqu %ymm8,480(%rdi) + vmovdqu %ymm9,512(%rdi) + vmovdqu %ymm10,544(%rdi) + vmovdqu %ymm11,576(%rdi) + vmovdqu %ymm12,608(%rdi) + + vzeroupper + leaq (%rsp),%rax +.cfi_def_cfa_register %rax + movq 0(%rax),%r15 +.cfi_restore %r15 + movq 8(%rax),%r14 +.cfi_restore %r14 + movq 16(%rax),%r13 +.cfi_restore %r13 + movq 24(%rax),%r12 +.cfi_restore %r12 + movq 32(%rax),%rbp +.cfi_restore %rbp + movq 40(%rax),%rbx +.cfi_restore %rbx + leaq 48(%rax),%rsp +.cfi_def_cfa %rsp,8 +.Lossl_rsaz_amm52x40_x2_avxifma256_epilogue: + .byte 0xf3,0xc3 +.cfi_endproc +.size ossl_rsaz_amm52x40_x2_avxifma256, .-ossl_rsaz_amm52x40_x2_avxifma256 +.text + +.align 32 +.globl ossl_extract_multiplier_2x40_win5_avx +.type ossl_extract_multiplier_2x40_win5_avx,@function +ossl_extract_multiplier_2x40_win5_avx: +.cfi_startproc +.byte 243,15,30,250 + vmovapd .Lones(%rip),%ymm14 + vmovq %rdx,%xmm10 + vpbroadcastq %xmm10,%ymm12 + vmovq %rcx,%xmm10 + vpbroadcastq %xmm10,%ymm13 + leaq 20480(%rsi),%rax + + + movq %rsi,%r10 + + + vpxor %xmm0,%xmm0,%xmm0 + vmovapd %ymm0,%ymm1 + vmovapd %ymm0,%ymm2 + vmovapd %ymm0,%ymm3 + vmovapd %ymm0,%ymm4 + vmovapd %ymm0,%ymm5 + vmovapd %ymm0,%ymm6 + vmovapd %ymm0,%ymm7 + vmovapd %ymm0,%ymm8 + vmovapd %ymm0,%ymm9 + vpxor %ymm11,%ymm11,%ymm11 +.align 32 +.Lloop_0: + vpcmpeqq %ymm11,%ymm12,%ymm15 + vmovdqu 0(%rsi),%ymm10 + + vblendvpd %ymm15,%ymm10,%ymm0,%ymm0 + vmovdqu 32(%rsi),%ymm10 + + vblendvpd %ymm15,%ymm10,%ymm1,%ymm1 + vmovdqu 64(%rsi),%ymm10 + + vblendvpd %ymm15,%ymm10,%ymm2,%ymm2 + vmovdqu 96(%rsi),%ymm10 + + vblendvpd %ymm15,%ymm10,%ymm3,%ymm3 + vmovdqu 128(%rsi),%ymm10 + + vblendvpd %ymm15,%ymm10,%ymm4,%ymm4 + vmovdqu 160(%rsi),%ymm10 + + vblendvpd %ymm15,%ymm10,%ymm5,%ymm5 + vmovdqu 192(%rsi),%ymm10 + + vblendvpd %ymm15,%ymm10,%ymm6,%ymm6 + vmovdqu 224(%rsi),%ymm10 + + vblendvpd %ymm15,%ymm10,%ymm7,%ymm7 + vmovdqu 256(%rsi),%ymm10 + + vblendvpd %ymm15,%ymm10,%ymm8,%ymm8 + vmovdqu 288(%rsi),%ymm10 + + vblendvpd %ymm15,%ymm10,%ymm9,%ymm9 + vpaddq %ymm14,%ymm11,%ymm11 + addq $640,%rsi + cmpq %rsi,%rax + jne .Lloop_0 + vmovdqu %ymm0,0(%rdi) + vmovdqu %ymm1,32(%rdi) + vmovdqu %ymm2,64(%rdi) + vmovdqu %ymm3,96(%rdi) + vmovdqu %ymm4,128(%rdi) + vmovdqu %ymm5,160(%rdi) + vmovdqu %ymm6,192(%rdi) + vmovdqu %ymm7,224(%rdi) + vmovdqu %ymm8,256(%rdi) + vmovdqu %ymm9,288(%rdi) + movq %r10,%rsi + vpxor %ymm11,%ymm11,%ymm11 +.align 32 +.Lloop_320: + vpcmpeqq %ymm11,%ymm13,%ymm15 + vmovdqu 320(%rsi),%ymm10 + + vblendvpd %ymm15,%ymm10,%ymm0,%ymm0 + vmovdqu 352(%rsi),%ymm10 + + vblendvpd %ymm15,%ymm10,%ymm1,%ymm1 + vmovdqu 384(%rsi),%ymm10 + + vblendvpd %ymm15,%ymm10,%ymm2,%ymm2 + vmovdqu 416(%rsi),%ymm10 + + vblendvpd %ymm15,%ymm10,%ymm3,%ymm3 + vmovdqu 448(%rsi),%ymm10 + + vblendvpd %ymm15,%ymm10,%ymm4,%ymm4 + vmovdqu 480(%rsi),%ymm10 + + vblendvpd %ymm15,%ymm10,%ymm5,%ymm5 + vmovdqu 512(%rsi),%ymm10 + + vblendvpd %ymm15,%ymm10,%ymm6,%ymm6 + vmovdqu 544(%rsi),%ymm10 + + vblendvpd %ymm15,%ymm10,%ymm7,%ymm7 + vmovdqu 576(%rsi),%ymm10 + + vblendvpd %ymm15,%ymm10,%ymm8,%ymm8 + vmovdqu 608(%rsi),%ymm10 + + vblendvpd %ymm15,%ymm10,%ymm9,%ymm9 + vpaddq %ymm14,%ymm11,%ymm11 + addq $640,%rsi + cmpq %rsi,%rax + jne .Lloop_320 + vmovdqu %ymm0,320(%rdi) + vmovdqu %ymm1,352(%rdi) + vmovdqu %ymm2,384(%rdi) + vmovdqu %ymm3,416(%rdi) + vmovdqu %ymm4,448(%rdi) + vmovdqu %ymm5,480(%rdi) + vmovdqu %ymm6,512(%rdi) + vmovdqu %ymm7,544(%rdi) + vmovdqu %ymm8,576(%rdi) + vmovdqu %ymm9,608(%rdi) + + .byte 0xf3,0xc3 +.cfi_endproc +.size ossl_extract_multiplier_2x40_win5_avx, .-ossl_extract_multiplier_2x40_win5_avx +.section .rodata +.align 32 +.Lones: +.quad 1,1,1,1 +.Lzeros: +.quad 0,0,0,0 diff --git a/contrib/openssl-cmake/asm/crypto/bn/rsaz-avx2.s b/contrib/openssl-cmake/asm/crypto/bn/rsaz-avx2.s index ebba040c34fb..e078b0000a75 100644 --- a/contrib/openssl-cmake/asm/crypto/bn/rsaz-avx2.s +++ b/contrib/openssl-cmake/asm/crypto/bn/rsaz-avx2.s @@ -1730,6 +1730,7 @@ rsaz_avx2_eligible: .byte 0xf3,0xc3 .size rsaz_avx2_eligible,.-rsaz_avx2_eligible +.section .rodata .align 64 .Land_mask: .quad 0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff @@ -1741,4 +1742,5 @@ rsaz_avx2_eligible: .long 0,0,0,0, 1,1,1,1 .long 2,2,2,2, 3,3,3,3 .long 4,4,4,4, 4,4,4,4 +.previous .align 64 diff --git a/contrib/openssl-cmake/asm/crypto/bn/rsaz-x86_64.s b/contrib/openssl-cmake/asm/crypto/bn/rsaz-x86_64.s index d5025b23cd66..8247a82277a2 100644 --- a/contrib/openssl-cmake/asm/crypto/bn/rsaz-x86_64.s +++ b/contrib/openssl-cmake/asm/crypto/bn/rsaz-x86_64.s @@ -2009,7 +2009,9 @@ rsaz_512_gather4: .cfi_endproc .size rsaz_512_gather4,.-rsaz_512_gather4 +.section .rodata .align 64 .Linc: .long 0,0, 1,1 .long 2,2, 2,2 +.previous diff --git a/contrib/openssl-cmake/asm/crypto/bn/x86_64-mont5.s b/contrib/openssl-cmake/asm/crypto/bn/x86_64-mont5.s index 3a3b8741145c..7d76c0e5505d 100644 --- a/contrib/openssl-cmake/asm/crypto/bn/x86_64-mont5.s +++ b/contrib/openssl-cmake/asm/crypto/bn/x86_64-mont5.s @@ -3596,8 +3596,10 @@ bn_gather5: .LSEH_end_bn_gather5: .cfi_endproc .size bn_gather5,.-bn_gather5 +.section .rodata .align 64 .Linc: .long 0,0, 1,1 .long 2,2, 2,2 .byte 77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,119,105,116,104,32,115,99,97,116,116,101,114,47,103,97,116,104,101,114,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.previous diff --git a/contrib/openssl-cmake/asm/crypto/camellia/cmll-x86_64.s b/contrib/openssl-cmake/asm/crypto/camellia/cmll-x86_64.s index ea8a79343fd4..c845f97c7b0e 100644 --- a/contrib/openssl-cmake/asm/crypto/camellia/cmll-x86_64.s +++ b/contrib/openssl-cmake/asm/crypto/camellia/cmll-x86_64.s @@ -1144,6 +1144,7 @@ Camellia_Ekeygen: .byte 0xf3,0xc3 .cfi_endproc .size Camellia_Ekeygen,.-Camellia_Ekeygen +.section .rodata .align 64 .LCamellia_SIGMA: .long 0x3bcc908b, 0xa09e667f, 0x4caa73b2, 0xb67ae858 @@ -1663,6 +1664,7 @@ Camellia_Ekeygen: .long 0x008f8f8f,0xe300e3e3 .long 0x00010101,0x40004040 .long 0x003d3d3d,0x4f004f4f +.text .globl Camellia_cbc_encrypt .type Camellia_cbc_encrypt,@function .align 16 diff --git a/contrib/openssl-cmake/asm/crypto/chacha/chacha-armv8-sve.S b/contrib/openssl-cmake/asm/crypto/chacha/chacha-armv8-sve.S index 29fd6b144093..e64c2544d1b4 100644 --- a/contrib/openssl-cmake/asm/crypto/chacha/chacha-armv8-sve.S +++ b/contrib/openssl-cmake/asm/crypto/chacha/chacha-armv8-sve.S @@ -1,4 +1,4 @@ -// Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +// Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. // // Licensed under the Apache License 2.0 (the "License"). You may not use // this file except in compliance with the License. You can obtain a copy @@ -18,11 +18,19 @@ .hidden OPENSSL_armcap_P .text + +.section .rodata .align 5 +.type _chacha_sve_consts,%object +_chacha_sve_consts: .Lchacha20_consts: .quad 0x3320646e61707865,0x6b20657479622d32 // endian-neutral .Lrot8: .word 0x02010003,0x04040404,0x02010003,0x04040404 +.size _chacha_sve_consts,.-_chacha_sve_consts + +.previous + .globl ChaCha20_ctr32_sve .type ChaCha20_ctr32_sve,%function .align 5 @@ -41,7 +49,8 @@ ChaCha20_ctr32_sve: 1: cmp x5,4 b.le .Lreturn - adr x6,.Lrot8 + adrp x6,.Lrot8 + add x6,x6,#:lo12:.Lrot8 ldp w9,w10,[x6] .inst 0x04aa4d3f //index z31.s,w9,w10 2: @@ -59,7 +68,8 @@ ChaCha20_ctr32_sve: stp x28,x29,[sp,160] str x30,[sp,176] - adr x6,.Lchacha20_consts + adrp x6,.Lchacha20_consts + add x6,x6,#:lo12:.Lchacha20_consts ldp x23,x24,[x6] ldp x25,x26,[x3] ldp x27,x28,[x3, 16] @@ -610,13 +620,29 @@ ChaCha20_ctr32_sve: .endif #ifdef __AARCH64EB__ rev x7,x7 +.inst 0x05a48000 //revb z0.s,p0/m,z0.s +.inst 0x05a48084 //revb z4.s,p0/m,z4.s rev x9,x9 +.inst 0x05a48108 //revb z8.s,p0/m,z8.s +.inst 0x05a4818c //revb z12.s,p0/m,z12.s rev x11,x11 +.inst 0x05a48021 //revb z1.s,p0/m,z1.s +.inst 0x05a480a5 //revb z5.s,p0/m,z5.s rev x13,x13 +.inst 0x05a48129 //revb z9.s,p0/m,z9.s +.inst 0x05a481ad //revb z13.s,p0/m,z13.s rev x15,x15 +.inst 0x05a48042 //revb z2.s,p0/m,z2.s +.inst 0x05a480c6 //revb z6.s,p0/m,z6.s rev x17,x17 +.inst 0x05a4814a //revb z10.s,p0/m,z10.s +.inst 0x05a481ce //revb z14.s,p0/m,z14.s rev x19,x19 +.inst 0x05a48063 //revb z3.s,p0/m,z3.s +.inst 0x05a480e7 //revb z7.s,p0/m,z7.s rev x21,x21 +.inst 0x05a4816b //revb z11.s,p0/m,z11.s +.inst 0x05a481ef //revb z15.s,p0/m,z15.s #endif .if mixin == 1 add x29,x29,#1 @@ -824,37 +850,13 @@ ChaCha20_ctr32_sve: eor x21,x21,x22 .endif .inst 0xa540a031 //ld1w {z17.s},p0/z,[x1,#0,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48231 //revb z17.s,p0/m,z17.s -#endif .inst 0xa541a032 //ld1w {z18.s},p0/z,[x1,#1,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48252 //revb z18.s,p0/m,z18.s -#endif .inst 0xa542a033 //ld1w {z19.s},p0/z,[x1,#2,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48273 //revb z19.s,p0/m,z19.s -#endif .inst 0xa543a034 //ld1w {z20.s},p0/z,[x1,#3,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48294 //revb z20.s,p0/m,z20.s -#endif .inst 0xa544a035 //ld1w {z21.s},p0/z,[x1,#4,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482b5 //revb z21.s,p0/m,z21.s -#endif .inst 0xa545a036 //ld1w {z22.s},p0/z,[x1,#5,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482d6 //revb z22.s,p0/m,z22.s -#endif .inst 0xa546a037 //ld1w {z23.s},p0/z,[x1,#6,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482f7 //revb z23.s,p0/m,z23.s -#endif .inst 0xa547a038 //ld1w {z24.s},p0/z,[x1,#7,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48318 //revb z24.s,p0/m,z24.s -#endif .inst 0x04215101 //addvl x1,x1,8 .inst 0x04b13000 //eor z0.d,z0.d,z17.d .inst 0x04b23084 //eor z4.d,z4.d,z18.d @@ -865,37 +867,13 @@ ChaCha20_ctr32_sve: .inst 0x04b73129 //eor z9.d,z9.d,z23.d .inst 0x04b831ad //eor z13.d,z13.d,z24.d .inst 0xa540a031 //ld1w {z17.s},p0/z,[x1,#0,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48231 //revb z17.s,p0/m,z17.s -#endif .inst 0xa541a032 //ld1w {z18.s},p0/z,[x1,#1,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48252 //revb z18.s,p0/m,z18.s -#endif .inst 0xa542a033 //ld1w {z19.s},p0/z,[x1,#2,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48273 //revb z19.s,p0/m,z19.s -#endif .inst 0xa543a034 //ld1w {z20.s},p0/z,[x1,#3,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48294 //revb z20.s,p0/m,z20.s -#endif .inst 0xa544a035 //ld1w {z21.s},p0/z,[x1,#4,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482b5 //revb z21.s,p0/m,z21.s -#endif .inst 0xa545a036 //ld1w {z22.s},p0/z,[x1,#5,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482d6 //revb z22.s,p0/m,z22.s -#endif .inst 0xa546a037 //ld1w {z23.s},p0/z,[x1,#6,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482f7 //revb z23.s,p0/m,z23.s -#endif .inst 0xa547a038 //ld1w {z24.s},p0/z,[x1,#7,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48318 //revb z24.s,p0/m,z24.s -#endif .inst 0x04215101 //addvl x1,x1,8 .if mixin == 1 stp x7,x9,[x0],#16 @@ -917,70 +895,22 @@ ChaCha20_ctr32_sve: .endif .inst 0x04b7316b //eor z11.d,z11.d,z23.d .inst 0x04b831ef //eor z15.d,z15.d,z24.d -#ifdef __AARCH64EB__ -.inst 0x05a48000 //revb z0.s,p0/m,z0.s -#endif .inst 0xe540e000 //st1w {z0.s},p0,[x0,#0,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48084 //revb z4.s,p0/m,z4.s -#endif .inst 0xe541e004 //st1w {z4.s},p0,[x0,#1,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48108 //revb z8.s,p0/m,z8.s -#endif .inst 0xe542e008 //st1w {z8.s},p0,[x0,#2,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a4818c //revb z12.s,p0/m,z12.s -#endif .inst 0xe543e00c //st1w {z12.s},p0,[x0,#3,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48021 //revb z1.s,p0/m,z1.s -#endif .inst 0xe544e001 //st1w {z1.s},p0,[x0,#4,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a480a5 //revb z5.s,p0/m,z5.s -#endif .inst 0xe545e005 //st1w {z5.s},p0,[x0,#5,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48129 //revb z9.s,p0/m,z9.s -#endif .inst 0xe546e009 //st1w {z9.s},p0,[x0,#6,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a481ad //revb z13.s,p0/m,z13.s -#endif .inst 0xe547e00d //st1w {z13.s},p0,[x0,#7,MUL VL] .inst 0x04205100 //addvl x0,x0,8 -#ifdef __AARCH64EB__ -.inst 0x05a48042 //revb z2.s,p0/m,z2.s -#endif .inst 0xe540e002 //st1w {z2.s},p0,[x0,#0,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a480c6 //revb z6.s,p0/m,z6.s -#endif .inst 0xe541e006 //st1w {z6.s},p0,[x0,#1,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a4814a //revb z10.s,p0/m,z10.s -#endif .inst 0xe542e00a //st1w {z10.s},p0,[x0,#2,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a481ce //revb z14.s,p0/m,z14.s -#endif .inst 0xe543e00e //st1w {z14.s},p0,[x0,#3,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48063 //revb z3.s,p0/m,z3.s -#endif .inst 0xe544e003 //st1w {z3.s},p0,[x0,#4,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a480e7 //revb z7.s,p0/m,z7.s -#endif .inst 0xe545e007 //st1w {z7.s},p0,[x0,#5,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a4816b //revb z11.s,p0/m,z11.s -#endif .inst 0xe546e00b //st1w {z11.s},p0,[x0,#6,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a481ef //revb z15.s,p0/m,z15.s -#endif .inst 0xe547e00f //st1w {z15.s},p0,[x0,#7,MUL VL] .inst 0x04205100 //addvl x0,x0,8 210: @@ -1517,13 +1447,29 @@ ChaCha20_ctr32_sve: .endif #ifdef __AARCH64EB__ rev x7,x7 +.inst 0x05a48000 //revb z0.s,p0/m,z0.s +.inst 0x05a48084 //revb z4.s,p0/m,z4.s rev x9,x9 +.inst 0x05a48108 //revb z8.s,p0/m,z8.s +.inst 0x05a4818c //revb z12.s,p0/m,z12.s rev x11,x11 +.inst 0x05a48021 //revb z1.s,p0/m,z1.s +.inst 0x05a480a5 //revb z5.s,p0/m,z5.s rev x13,x13 +.inst 0x05a48129 //revb z9.s,p0/m,z9.s +.inst 0x05a481ad //revb z13.s,p0/m,z13.s rev x15,x15 +.inst 0x05a48042 //revb z2.s,p0/m,z2.s +.inst 0x05a480c6 //revb z6.s,p0/m,z6.s rev x17,x17 +.inst 0x05a4814a //revb z10.s,p0/m,z10.s +.inst 0x05a481ce //revb z14.s,p0/m,z14.s rev x19,x19 +.inst 0x05a48063 //revb z3.s,p0/m,z3.s +.inst 0x05a480e7 //revb z7.s,p0/m,z7.s rev x21,x21 +.inst 0x05a4816b //revb z11.s,p0/m,z11.s +.inst 0x05a481ef //revb z15.s,p0/m,z15.s #endif .if mixin == 1 add x29,x29,#1 @@ -1731,37 +1677,13 @@ ChaCha20_ctr32_sve: eor x21,x21,x22 .endif .inst 0xa540a031 //ld1w {z17.s},p0/z,[x1,#0,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48231 //revb z17.s,p0/m,z17.s -#endif .inst 0xa541a032 //ld1w {z18.s},p0/z,[x1,#1,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48252 //revb z18.s,p0/m,z18.s -#endif .inst 0xa542a033 //ld1w {z19.s},p0/z,[x1,#2,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48273 //revb z19.s,p0/m,z19.s -#endif .inst 0xa543a034 //ld1w {z20.s},p0/z,[x1,#3,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48294 //revb z20.s,p0/m,z20.s -#endif .inst 0xa544a035 //ld1w {z21.s},p0/z,[x1,#4,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482b5 //revb z21.s,p0/m,z21.s -#endif .inst 0xa545a036 //ld1w {z22.s},p0/z,[x1,#5,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482d6 //revb z22.s,p0/m,z22.s -#endif .inst 0xa546a037 //ld1w {z23.s},p0/z,[x1,#6,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482f7 //revb z23.s,p0/m,z23.s -#endif .inst 0xa547a038 //ld1w {z24.s},p0/z,[x1,#7,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48318 //revb z24.s,p0/m,z24.s -#endif .inst 0x04215101 //addvl x1,x1,8 .inst 0x04b13000 //eor z0.d,z0.d,z17.d .inst 0x04b23084 //eor z4.d,z4.d,z18.d @@ -1772,37 +1694,13 @@ ChaCha20_ctr32_sve: .inst 0x04b73129 //eor z9.d,z9.d,z23.d .inst 0x04b831ad //eor z13.d,z13.d,z24.d .inst 0xa540a031 //ld1w {z17.s},p0/z,[x1,#0,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48231 //revb z17.s,p0/m,z17.s -#endif .inst 0xa541a032 //ld1w {z18.s},p0/z,[x1,#1,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48252 //revb z18.s,p0/m,z18.s -#endif .inst 0xa542a033 //ld1w {z19.s},p0/z,[x1,#2,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48273 //revb z19.s,p0/m,z19.s -#endif .inst 0xa543a034 //ld1w {z20.s},p0/z,[x1,#3,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48294 //revb z20.s,p0/m,z20.s -#endif .inst 0xa544a035 //ld1w {z21.s},p0/z,[x1,#4,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482b5 //revb z21.s,p0/m,z21.s -#endif .inst 0xa545a036 //ld1w {z22.s},p0/z,[x1,#5,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482d6 //revb z22.s,p0/m,z22.s -#endif .inst 0xa546a037 //ld1w {z23.s},p0/z,[x1,#6,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482f7 //revb z23.s,p0/m,z23.s -#endif .inst 0xa547a038 //ld1w {z24.s},p0/z,[x1,#7,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48318 //revb z24.s,p0/m,z24.s -#endif .inst 0x04215101 //addvl x1,x1,8 .if mixin == 1 stp x7,x9,[x0],#16 @@ -1824,70 +1722,22 @@ ChaCha20_ctr32_sve: .endif .inst 0x04b7316b //eor z11.d,z11.d,z23.d .inst 0x04b831ef //eor z15.d,z15.d,z24.d -#ifdef __AARCH64EB__ -.inst 0x05a48000 //revb z0.s,p0/m,z0.s -#endif .inst 0xe540e000 //st1w {z0.s},p0,[x0,#0,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48084 //revb z4.s,p0/m,z4.s -#endif .inst 0xe541e004 //st1w {z4.s},p0,[x0,#1,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48108 //revb z8.s,p0/m,z8.s -#endif .inst 0xe542e008 //st1w {z8.s},p0,[x0,#2,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a4818c //revb z12.s,p0/m,z12.s -#endif .inst 0xe543e00c //st1w {z12.s},p0,[x0,#3,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48021 //revb z1.s,p0/m,z1.s -#endif .inst 0xe544e001 //st1w {z1.s},p0,[x0,#4,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a480a5 //revb z5.s,p0/m,z5.s -#endif .inst 0xe545e005 //st1w {z5.s},p0,[x0,#5,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48129 //revb z9.s,p0/m,z9.s -#endif .inst 0xe546e009 //st1w {z9.s},p0,[x0,#6,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a481ad //revb z13.s,p0/m,z13.s -#endif .inst 0xe547e00d //st1w {z13.s},p0,[x0,#7,MUL VL] .inst 0x04205100 //addvl x0,x0,8 -#ifdef __AARCH64EB__ -.inst 0x05a48042 //revb z2.s,p0/m,z2.s -#endif .inst 0xe540e002 //st1w {z2.s},p0,[x0,#0,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a480c6 //revb z6.s,p0/m,z6.s -#endif .inst 0xe541e006 //st1w {z6.s},p0,[x0,#1,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a4814a //revb z10.s,p0/m,z10.s -#endif .inst 0xe542e00a //st1w {z10.s},p0,[x0,#2,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a481ce //revb z14.s,p0/m,z14.s -#endif .inst 0xe543e00e //st1w {z14.s},p0,[x0,#3,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48063 //revb z3.s,p0/m,z3.s -#endif .inst 0xe544e003 //st1w {z3.s},p0,[x0,#4,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a480e7 //revb z7.s,p0/m,z7.s -#endif .inst 0xe545e007 //st1w {z7.s},p0,[x0,#5,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a4816b //revb z11.s,p0/m,z11.s -#endif .inst 0xe546e00b //st1w {z11.s},p0,[x0,#6,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a481ef //revb z15.s,p0/m,z15.s -#endif .inst 0xe547e00f //st1w {z15.s},p0,[x0,#7,MUL VL] .inst 0x04205100 //addvl x0,x0,8 210: @@ -2498,13 +2348,29 @@ ChaCha20_ctr32_sve: .endif #ifdef __AARCH64EB__ rev x7,x7 +.inst 0x05a48000 //revb z0.s,p0/m,z0.s +.inst 0x05a48084 //revb z4.s,p0/m,z4.s rev x9,x9 +.inst 0x05a48108 //revb z8.s,p0/m,z8.s +.inst 0x05a4818c //revb z12.s,p0/m,z12.s rev x11,x11 +.inst 0x05a48021 //revb z1.s,p0/m,z1.s +.inst 0x05a480a5 //revb z5.s,p0/m,z5.s rev x13,x13 +.inst 0x05a48129 //revb z9.s,p0/m,z9.s +.inst 0x05a481ad //revb z13.s,p0/m,z13.s rev x15,x15 +.inst 0x05a48042 //revb z2.s,p0/m,z2.s +.inst 0x05a480c6 //revb z6.s,p0/m,z6.s rev x17,x17 +.inst 0x05a4814a //revb z10.s,p0/m,z10.s +.inst 0x05a481ce //revb z14.s,p0/m,z14.s rev x19,x19 +.inst 0x05a48063 //revb z3.s,p0/m,z3.s +.inst 0x05a480e7 //revb z7.s,p0/m,z7.s rev x21,x21 +.inst 0x05a4816b //revb z11.s,p0/m,z11.s +.inst 0x05a481ef //revb z15.s,p0/m,z15.s #endif .if mixin == 1 add x29,x29,#1 @@ -2712,37 +2578,13 @@ ChaCha20_ctr32_sve: eor x21,x21,x22 .endif .inst 0xa540a031 //ld1w {z17.s},p0/z,[x1,#0,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48231 //revb z17.s,p0/m,z17.s -#endif .inst 0xa541a032 //ld1w {z18.s},p0/z,[x1,#1,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48252 //revb z18.s,p0/m,z18.s -#endif .inst 0xa542a033 //ld1w {z19.s},p0/z,[x1,#2,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48273 //revb z19.s,p0/m,z19.s -#endif .inst 0xa543a034 //ld1w {z20.s},p0/z,[x1,#3,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48294 //revb z20.s,p0/m,z20.s -#endif .inst 0xa544a035 //ld1w {z21.s},p0/z,[x1,#4,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482b5 //revb z21.s,p0/m,z21.s -#endif .inst 0xa545a036 //ld1w {z22.s},p0/z,[x1,#5,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482d6 //revb z22.s,p0/m,z22.s -#endif .inst 0xa546a037 //ld1w {z23.s},p0/z,[x1,#6,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482f7 //revb z23.s,p0/m,z23.s -#endif .inst 0xa547a038 //ld1w {z24.s},p0/z,[x1,#7,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48318 //revb z24.s,p0/m,z24.s -#endif .inst 0x04215101 //addvl x1,x1,8 .inst 0x04b13000 //eor z0.d,z0.d,z17.d .inst 0x04b23084 //eor z4.d,z4.d,z18.d @@ -2753,37 +2595,13 @@ ChaCha20_ctr32_sve: .inst 0x04b73129 //eor z9.d,z9.d,z23.d .inst 0x04b831ad //eor z13.d,z13.d,z24.d .inst 0xa540a031 //ld1w {z17.s},p0/z,[x1,#0,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48231 //revb z17.s,p0/m,z17.s -#endif .inst 0xa541a032 //ld1w {z18.s},p0/z,[x1,#1,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48252 //revb z18.s,p0/m,z18.s -#endif .inst 0xa542a033 //ld1w {z19.s},p0/z,[x1,#2,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48273 //revb z19.s,p0/m,z19.s -#endif .inst 0xa543a034 //ld1w {z20.s},p0/z,[x1,#3,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48294 //revb z20.s,p0/m,z20.s -#endif .inst 0xa544a035 //ld1w {z21.s},p0/z,[x1,#4,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482b5 //revb z21.s,p0/m,z21.s -#endif .inst 0xa545a036 //ld1w {z22.s},p0/z,[x1,#5,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482d6 //revb z22.s,p0/m,z22.s -#endif .inst 0xa546a037 //ld1w {z23.s},p0/z,[x1,#6,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482f7 //revb z23.s,p0/m,z23.s -#endif .inst 0xa547a038 //ld1w {z24.s},p0/z,[x1,#7,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48318 //revb z24.s,p0/m,z24.s -#endif .inst 0x04215101 //addvl x1,x1,8 .if mixin == 1 stp x7,x9,[x0],#16 @@ -2805,70 +2623,22 @@ ChaCha20_ctr32_sve: .endif .inst 0x04b7316b //eor z11.d,z11.d,z23.d .inst 0x04b831ef //eor z15.d,z15.d,z24.d -#ifdef __AARCH64EB__ -.inst 0x05a48000 //revb z0.s,p0/m,z0.s -#endif .inst 0xe540e000 //st1w {z0.s},p0,[x0,#0,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48084 //revb z4.s,p0/m,z4.s -#endif .inst 0xe541e004 //st1w {z4.s},p0,[x0,#1,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48108 //revb z8.s,p0/m,z8.s -#endif .inst 0xe542e008 //st1w {z8.s},p0,[x0,#2,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a4818c //revb z12.s,p0/m,z12.s -#endif .inst 0xe543e00c //st1w {z12.s},p0,[x0,#3,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48021 //revb z1.s,p0/m,z1.s -#endif .inst 0xe544e001 //st1w {z1.s},p0,[x0,#4,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a480a5 //revb z5.s,p0/m,z5.s -#endif .inst 0xe545e005 //st1w {z5.s},p0,[x0,#5,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48129 //revb z9.s,p0/m,z9.s -#endif .inst 0xe546e009 //st1w {z9.s},p0,[x0,#6,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a481ad //revb z13.s,p0/m,z13.s -#endif .inst 0xe547e00d //st1w {z13.s},p0,[x0,#7,MUL VL] .inst 0x04205100 //addvl x0,x0,8 -#ifdef __AARCH64EB__ -.inst 0x05a48042 //revb z2.s,p0/m,z2.s -#endif .inst 0xe540e002 //st1w {z2.s},p0,[x0,#0,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a480c6 //revb z6.s,p0/m,z6.s -#endif .inst 0xe541e006 //st1w {z6.s},p0,[x0,#1,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a4814a //revb z10.s,p0/m,z10.s -#endif .inst 0xe542e00a //st1w {z10.s},p0,[x0,#2,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a481ce //revb z14.s,p0/m,z14.s -#endif .inst 0xe543e00e //st1w {z14.s},p0,[x0,#3,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48063 //revb z3.s,p0/m,z3.s -#endif .inst 0xe544e003 //st1w {z3.s},p0,[x0,#4,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a480e7 //revb z7.s,p0/m,z7.s -#endif .inst 0xe545e007 //st1w {z7.s},p0,[x0,#5,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a4816b //revb z11.s,p0/m,z11.s -#endif .inst 0xe546e00b //st1w {z11.s},p0,[x0,#6,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a481ef //revb z15.s,p0/m,z15.s -#endif .inst 0xe547e00f //st1w {z15.s},p0,[x0,#7,MUL VL] .inst 0x04205100 //addvl x0,x0,8 210: @@ -3472,13 +3242,29 @@ ChaCha20_ctr32_sve: .endif #ifdef __AARCH64EB__ rev x7,x7 +.inst 0x05a48000 //revb z0.s,p0/m,z0.s +.inst 0x05a48084 //revb z4.s,p0/m,z4.s rev x9,x9 +.inst 0x05a48108 //revb z8.s,p0/m,z8.s +.inst 0x05a4818c //revb z12.s,p0/m,z12.s rev x11,x11 +.inst 0x05a48021 //revb z1.s,p0/m,z1.s +.inst 0x05a480a5 //revb z5.s,p0/m,z5.s rev x13,x13 +.inst 0x05a48129 //revb z9.s,p0/m,z9.s +.inst 0x05a481ad //revb z13.s,p0/m,z13.s rev x15,x15 +.inst 0x05a48042 //revb z2.s,p0/m,z2.s +.inst 0x05a480c6 //revb z6.s,p0/m,z6.s rev x17,x17 +.inst 0x05a4814a //revb z10.s,p0/m,z10.s +.inst 0x05a481ce //revb z14.s,p0/m,z14.s rev x19,x19 +.inst 0x05a48063 //revb z3.s,p0/m,z3.s +.inst 0x05a480e7 //revb z7.s,p0/m,z7.s rev x21,x21 +.inst 0x05a4816b //revb z11.s,p0/m,z11.s +.inst 0x05a481ef //revb z15.s,p0/m,z15.s #endif .if mixin == 1 add x29,x29,#1 @@ -3686,37 +3472,13 @@ ChaCha20_ctr32_sve: eor x21,x21,x22 .endif .inst 0xa540a031 //ld1w {z17.s},p0/z,[x1,#0,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48231 //revb z17.s,p0/m,z17.s -#endif .inst 0xa541a032 //ld1w {z18.s},p0/z,[x1,#1,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48252 //revb z18.s,p0/m,z18.s -#endif .inst 0xa542a033 //ld1w {z19.s},p0/z,[x1,#2,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48273 //revb z19.s,p0/m,z19.s -#endif .inst 0xa543a034 //ld1w {z20.s},p0/z,[x1,#3,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48294 //revb z20.s,p0/m,z20.s -#endif .inst 0xa544a035 //ld1w {z21.s},p0/z,[x1,#4,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482b5 //revb z21.s,p0/m,z21.s -#endif .inst 0xa545a036 //ld1w {z22.s},p0/z,[x1,#5,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482d6 //revb z22.s,p0/m,z22.s -#endif .inst 0xa546a037 //ld1w {z23.s},p0/z,[x1,#6,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482f7 //revb z23.s,p0/m,z23.s -#endif .inst 0xa547a038 //ld1w {z24.s},p0/z,[x1,#7,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48318 //revb z24.s,p0/m,z24.s -#endif .inst 0x04215101 //addvl x1,x1,8 .inst 0x04b13000 //eor z0.d,z0.d,z17.d .inst 0x04b23084 //eor z4.d,z4.d,z18.d @@ -3727,37 +3489,13 @@ ChaCha20_ctr32_sve: .inst 0x04b73129 //eor z9.d,z9.d,z23.d .inst 0x04b831ad //eor z13.d,z13.d,z24.d .inst 0xa540a031 //ld1w {z17.s},p0/z,[x1,#0,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48231 //revb z17.s,p0/m,z17.s -#endif .inst 0xa541a032 //ld1w {z18.s},p0/z,[x1,#1,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48252 //revb z18.s,p0/m,z18.s -#endif .inst 0xa542a033 //ld1w {z19.s},p0/z,[x1,#2,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48273 //revb z19.s,p0/m,z19.s -#endif .inst 0xa543a034 //ld1w {z20.s},p0/z,[x1,#3,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48294 //revb z20.s,p0/m,z20.s -#endif .inst 0xa544a035 //ld1w {z21.s},p0/z,[x1,#4,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482b5 //revb z21.s,p0/m,z21.s -#endif .inst 0xa545a036 //ld1w {z22.s},p0/z,[x1,#5,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482d6 //revb z22.s,p0/m,z22.s -#endif .inst 0xa546a037 //ld1w {z23.s},p0/z,[x1,#6,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a482f7 //revb z23.s,p0/m,z23.s -#endif .inst 0xa547a038 //ld1w {z24.s},p0/z,[x1,#7,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48318 //revb z24.s,p0/m,z24.s -#endif .inst 0x04215101 //addvl x1,x1,8 .if mixin == 1 stp x7,x9,[x0],#16 @@ -3779,70 +3517,22 @@ ChaCha20_ctr32_sve: .endif .inst 0x04b7316b //eor z11.d,z11.d,z23.d .inst 0x04b831ef //eor z15.d,z15.d,z24.d -#ifdef __AARCH64EB__ -.inst 0x05a48000 //revb z0.s,p0/m,z0.s -#endif .inst 0xe540e000 //st1w {z0.s},p0,[x0,#0,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48084 //revb z4.s,p0/m,z4.s -#endif .inst 0xe541e004 //st1w {z4.s},p0,[x0,#1,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48108 //revb z8.s,p0/m,z8.s -#endif .inst 0xe542e008 //st1w {z8.s},p0,[x0,#2,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a4818c //revb z12.s,p0/m,z12.s -#endif .inst 0xe543e00c //st1w {z12.s},p0,[x0,#3,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48021 //revb z1.s,p0/m,z1.s -#endif .inst 0xe544e001 //st1w {z1.s},p0,[x0,#4,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a480a5 //revb z5.s,p0/m,z5.s -#endif .inst 0xe545e005 //st1w {z5.s},p0,[x0,#5,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48129 //revb z9.s,p0/m,z9.s -#endif .inst 0xe546e009 //st1w {z9.s},p0,[x0,#6,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a481ad //revb z13.s,p0/m,z13.s -#endif .inst 0xe547e00d //st1w {z13.s},p0,[x0,#7,MUL VL] .inst 0x04205100 //addvl x0,x0,8 -#ifdef __AARCH64EB__ -.inst 0x05a48042 //revb z2.s,p0/m,z2.s -#endif .inst 0xe540e002 //st1w {z2.s},p0,[x0,#0,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a480c6 //revb z6.s,p0/m,z6.s -#endif .inst 0xe541e006 //st1w {z6.s},p0,[x0,#1,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a4814a //revb z10.s,p0/m,z10.s -#endif .inst 0xe542e00a //st1w {z10.s},p0,[x0,#2,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a481ce //revb z14.s,p0/m,z14.s -#endif .inst 0xe543e00e //st1w {z14.s},p0,[x0,#3,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a48063 //revb z3.s,p0/m,z3.s -#endif .inst 0xe544e003 //st1w {z3.s},p0,[x0,#4,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a480e7 //revb z7.s,p0/m,z7.s -#endif .inst 0xe545e007 //st1w {z7.s},p0,[x0,#5,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a4816b //revb z11.s,p0/m,z11.s -#endif .inst 0xe546e00b //st1w {z11.s},p0,[x0,#6,MUL VL] -#ifdef __AARCH64EB__ -.inst 0x05a481ef //revb z15.s,p0/m,z15.s -#endif .inst 0xe547e00f //st1w {z15.s},p0,[x0,#7,MUL VL] .inst 0x04205100 //addvl x0,x0,8 210: diff --git a/contrib/openssl-cmake/asm/crypto/chacha/chacha-armv8.S b/contrib/openssl-cmake/asm/crypto/chacha/chacha-armv8.S index 02991495b1fe..ca9d709ed670 100644 --- a/contrib/openssl-cmake/asm/crypto/chacha/chacha-armv8.S +++ b/contrib/openssl-cmake/asm/crypto/chacha/chacha-armv8.S @@ -6,7 +6,7 @@ #endif -.text +.section .rodata .align 5 .Lsigma: @@ -18,6 +18,8 @@ .byte 67,104,97,67,104,97,50,48,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,64,100,111,116,45,97,115,109,0 .align 2 +.text + .globl ChaCha20_ctr32_dflt .type ChaCha20_ctr32_dflt,%function .align 5 @@ -37,7 +39,8 @@ ChaCha20_ctr32_dflt: stp x29,x30,[sp,#-96]! add x29,sp,#0 - adr x5,.Lsigma + adrp x5,.Lsigma + add x5,x5,#:lo12:.Lsigma stp x19,x20,[sp,#16] stp x21,x22,[sp,#32] stp x23,x24,[sp,#48] @@ -352,7 +355,8 @@ ChaCha20_neon: stp x29,x30,[sp,#-96]! add x29,sp,#0 - adr x5,.Lsigma + adrp x5,.Lsigma + add x5,x5,#:lo12:.Lsigma stp x19,x20,[sp,#16] stp x21,x22,[sp,#32] stp x23,x24,[sp,#48] @@ -925,7 +929,8 @@ ChaCha20_512_neon: stp x29,x30,[sp,#-96]! add x29,sp,#0 - adr x5,.Lsigma + adrp x5,.Lsigma + add x5,x5,#:lo12:.Lsigma stp x19,x20,[sp,#16] stp x21,x22,[sp,#32] stp x23,x24,[sp,#48] diff --git a/contrib/openssl-cmake/asm/crypto/chacha/chacha-x86_64.s b/contrib/openssl-cmake/asm/crypto/chacha/chacha-x86_64.s index 1812bc84b141..b692d97aad77 100644 --- a/contrib/openssl-cmake/asm/crypto/chacha/chacha-x86_64.s +++ b/contrib/openssl-cmake/asm/crypto/chacha/chacha-x86_64.s @@ -2,6 +2,7 @@ +.section .rodata .align 64 .Lzero: .long 0,0,0,0 @@ -33,6 +34,7 @@ .Lsigma: .byte 101,120,112,97,110,100,32,51,50,45,98,121,116,101,32,107,0 .byte 67,104,97,67,104,97,50,48,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.previous .globl ChaCha20_ctr32 .type ChaCha20_ctr32,@function .align 64 diff --git a/contrib/openssl-cmake/asm/crypto/ec/ecp_nistz256-armv8.S b/contrib/openssl-cmake/asm/crypto/ec/ecp_nistz256-armv8.S index fe01319a3500..5e97928ee122 100644 --- a/contrib/openssl-cmake/asm/crypto/ec/ecp_nistz256-armv8.S +++ b/contrib/openssl-cmake/asm/crypto/ec/ecp_nistz256-armv8.S @@ -1,6 +1,6 @@ #include "arm_arch.h" -.text +.section .rodata .globl ecp_nistz256_precomputed .type ecp_nistz256_precomputed,%object .align 12 @@ -2390,6 +2390,8 @@ ecp_nistz256_precomputed: .byte 69,67,80,95,78,73,83,84,90,50,53,54,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 2 +.text + // void ecp_nistz256_to_mont(BN_ULONG x0[4],const BN_ULONG x1[4]); .globl ecp_nistz256_to_mont .type ecp_nistz256_to_mont,%function @@ -2400,12 +2402,16 @@ ecp_nistz256_to_mont: add x29,sp,#0 stp x19,x20,[sp,#16] - ldr x3,.LRR // bp[0] + adrp x3,.LRR + ldr x3,[x3,#:lo12:.LRR] // bp[0] ldp x4,x5,[x1] ldp x6,x7,[x1,#16] - ldr x12,.Lpoly+8 - ldr x13,.Lpoly+24 - adr x2,.LRR // &bp[0] + adrp x13,.Lpoly + add x13,x13,#:lo12:.Lpoly + ldr x12,[x13,#8] + ldr x13,[x13,#24] + adrp x2,.LRR + add x2,x2,#:lo12:.LRR bl __ecp_nistz256_mul_mont @@ -2428,9 +2434,12 @@ ecp_nistz256_from_mont: mov x3,#1 // bp[0] ldp x4,x5,[x1] ldp x6,x7,[x1,#16] - ldr x12,.Lpoly+8 - ldr x13,.Lpoly+24 - adr x2,.Lone // &bp[0] + adrp x13,.Lpoly + add x13,x13,#:lo12:.Lpoly + ldr x12,[x13,#8] + ldr x13,[x13,#24] + adrp x2,.Lone + add x2,x2,#:lo12:.Lone bl __ecp_nistz256_mul_mont @@ -2454,8 +2463,10 @@ ecp_nistz256_mul_mont: ldr x3,[x2] // bp[0] ldp x4,x5,[x1] ldp x6,x7,[x1,#16] - ldr x12,.Lpoly+8 - ldr x13,.Lpoly+24 + adrp x13,.Lpoly + add x13,x13,#:lo12:.Lpoly + ldr x12,[x13,#8] + ldr x13,[x13,#24] bl __ecp_nistz256_mul_mont @@ -2477,8 +2488,10 @@ ecp_nistz256_sqr_mont: ldp x4,x5,[x1] ldp x6,x7,[x1,#16] - ldr x12,.Lpoly+8 - ldr x13,.Lpoly+24 + adrp x13,.Lpoly + add x13,x13,#:lo12:.Lpoly + ldr x12,[x13,#8] + ldr x13,[x13,#24] bl __ecp_nistz256_sqr_mont @@ -2502,8 +2515,10 @@ ecp_nistz256_add: ldp x8,x9,[x2] ldp x16,x17,[x1,#16] ldp x10,x11,[x2,#16] - ldr x12,.Lpoly+8 - ldr x13,.Lpoly+24 + adrp x13,.Lpoly + add x13,x13,#:lo12:.Lpoly + ldr x12,[x13,#8] + ldr x13,[x13,#24] bl __ecp_nistz256_add @@ -2523,8 +2538,10 @@ ecp_nistz256_div_by_2: ldp x14,x15,[x1] ldp x16,x17,[x1,#16] - ldr x12,.Lpoly+8 - ldr x13,.Lpoly+24 + adrp x13,.Lpoly + add x13,x13,#:lo12:.Lpoly + ldr x12,[x13,#8] + ldr x13,[x13,#24] bl __ecp_nistz256_div_by_2 @@ -2544,8 +2561,10 @@ ecp_nistz256_mul_by_2: ldp x14,x15,[x1] ldp x16,x17,[x1,#16] - ldr x12,.Lpoly+8 - ldr x13,.Lpoly+24 + adrp x13,.Lpoly + add x13,x13,#:lo12:.Lpoly + ldr x12,[x13,#8] + ldr x13,[x13,#24] mov x8,x14 mov x9,x15 mov x10,x16 @@ -2569,8 +2588,10 @@ ecp_nistz256_mul_by_3: ldp x14,x15,[x1] ldp x16,x17,[x1,#16] - ldr x12,.Lpoly+8 - ldr x13,.Lpoly+24 + adrp x13,.Lpoly + add x13,x13,#:lo12:.Lpoly + ldr x12,[x13,#8] + ldr x13,[x13,#24] mov x8,x14 mov x9,x15 mov x10,x16 @@ -2606,8 +2627,10 @@ ecp_nistz256_sub: ldp x14,x15,[x1] ldp x16,x17,[x1,#16] - ldr x12,.Lpoly+8 - ldr x13,.Lpoly+24 + adrp x13,.Lpoly + add x13,x13,#:lo12:.Lpoly + ldr x12,[x13,#8] + ldr x13,[x13,#24] bl __ecp_nistz256_sub_from @@ -2630,8 +2653,10 @@ ecp_nistz256_neg: mov x15,xzr mov x16,xzr mov x17,xzr - ldr x12,.Lpoly+8 - ldr x13,.Lpoly+24 + adrp x13,.Lpoly + add x13,x13,#:lo12:.Lpoly + ldr x12,[x13,#8] + ldr x13,[x13,#24] bl __ecp_nistz256_sub_from @@ -3026,9 +3051,11 @@ ecp_nistz256_point_double: mov x21,x0 ldp x16,x17,[x1,#48] mov x22,x1 - ldr x12,.Lpoly+8 + adrp x13,.Lpoly + add x13,x13,#:lo12:.Lpoly + ldr x12,[x13,#8] mov x8,x14 - ldr x13,.Lpoly+24 + ldr x13,[x13,#24] mov x9,x15 ldp x4,x5,[x22,#64] // forward load for p256_sqr_mont mov x10,x16 @@ -3171,8 +3198,10 @@ ecp_nistz256_point_add: mov x21,x0 mov x22,x1 mov x23,x2 - ldr x12,.Lpoly+8 - ldr x13,.Lpoly+24 + adrp x13,.Lpoly + add x13,x13,#:lo12:.Lpoly + ldr x12,[x13,#8] + ldr x13,[x13,#24] orr x8,x4,x5 orr x10,x6,x7 orr x25,x8,x10 @@ -3422,8 +3451,10 @@ ecp_nistz256_point_add_affine: mov x21,x0 mov x22,x1 mov x23,x2 - ldr x12,.Lpoly+8 - ldr x13,.Lpoly+24 + adrp x13,.Lpoly + add x13,x13,#:lo12:.Lpoly + ldr x12,[x13,#8] + ldr x13,[x13,#24] ldp x4,x5,[x1,#64] // in1_z ldp x6,x7,[x1,#64+16] @@ -3569,7 +3600,8 @@ ecp_nistz256_point_add_affine: ldp x10,x11,[x23,#0+48] stp x14,x15,[x21,#0] stp x16,x17,[x21,#0+16] - adr x23,.Lone_mont-64 + adrp x23,.Lone_mont-64 + add x23,x23,#:lo12:.Lone_mont-64 ldp x14,x15,[x22,#32] // in1 cmp x24,#0 // ~, remember? ldp x16,x17,[x22,#32+16] @@ -3627,7 +3659,8 @@ ecp_nistz256_ord_mul_mont: stp x21,x22,[sp,#32] stp x23,x24,[sp,#48] - adr x23,.Lord + adrp x23,.Lord + add x23,x23,#:lo12:.Lord ldr x3,[x2] // bp[0] ldp x4,x5,[x1] ldp x6,x7,[x1,#16] @@ -3837,7 +3870,8 @@ ecp_nistz256_ord_sqr_mont: stp x21,x22,[sp,#32] stp x23,x24,[sp,#48] - adr x23,.Lord + adrp x23,.Lord + add x23,x23,#:lo12:.Lord ldp x4,x5,[x1] ldp x6,x7,[x1,#16] diff --git a/contrib/openssl-cmake/asm/crypto/ec/ecp_nistz256-x86_64.s b/contrib/openssl-cmake/asm/crypto/ec/ecp_nistz256-x86_64.s index 80569cae0466..66cdedf67a44 100644 --- a/contrib/openssl-cmake/asm/crypto/ec/ecp_nistz256-x86_64.s +++ b/contrib/openssl-cmake/asm/crypto/ec/ecp_nistz256-x86_64.s @@ -1,4 +1,4 @@ -.text +.section .rodata .globl ecp_nistz256_precomputed .type ecp_nistz256_precomputed,@object .align 4096 @@ -2376,6 +2376,7 @@ ecp_nistz256_precomputed: +.section .rodata .align 64 .Lpoly: .quad 0xffffffffffffffff, 0x00000000ffffffff, 0x0000000000000000, 0xffffffff00000001 @@ -2398,6 +2399,7 @@ ecp_nistz256_precomputed: .quad 0xf3b9cac2fc632551, 0xbce6faada7179e84, 0xffffffffffffffff, 0xffffffff00000000 .LordK: .quad 0xccd1c8aaee00bc4f +.previous .globl ecp_nistz256_mul_by_2 .type ecp_nistz256_mul_by_2,@function diff --git a/contrib/openssl-cmake/asm/crypto/ec/ecp_sm2p256-armv8.S b/contrib/openssl-cmake/asm/crypto/ec/ecp_sm2p256-armv8.S index 844ff68c6779..50497f60a699 100644 --- a/contrib/openssl-cmake/asm/crypto/ec/ecp_sm2p256-armv8.S +++ b/contrib/openssl-cmake/asm/crypto/ec/ecp_sm2p256-armv8.S @@ -1,6 +1,6 @@ #include "arm_arch.h" .arch armv8-a -.text +.section .rodata .align 5 // The polynomial p @@ -16,6 +16,8 @@ .Lord_div_2: .quad 0xa9ddfa049ceaa092,0xb901efb590e30295,0xffffffffffffffff,0x7fffffff7fffffff +.text + // void bn_rshift1(BN_ULONG *a); .globl bn_rshift1 .type bn_rshift1,%function @@ -84,7 +86,8 @@ ecp_sm2p256_div_by_2: lsr x10,x10,#1 // Load mod - adr x2,.Lpoly_div_2 + adrp x2,.Lpoly_div_2 + add x2,x2,#:lo12:.Lpoly_div_2 ldp x11,x12,[x2] ldp x13,x14,[x2,#16] @@ -127,7 +130,8 @@ ecp_sm2p256_div_by_2_mod_ord: lsr x10,x10,#1 // Load mod - adr x2,.Lord_div_2 + adrp x2,.Lord_div_2 + add x2,x2,#:lo12:.Lord_div_2 ldp x11,x12,[x2] ldp x13,x14,[x2,#16] @@ -173,7 +177,8 @@ ecp_sm2p256_mul_by_3: mov x6,x10 // Sub polynomial - adr x2,.Lpoly + adrp x2,.Lpoly + add x2,x2,#:lo12:.Lpoly ldp x11,x12,[x2] ldp x13,x14,[x2,#16] subs x7,x7,x11 @@ -203,7 +208,8 @@ ecp_sm2p256_mul_by_3: mov x6,x10 // Sub polynomial - adr x2,.Lpoly + adrp x2,.Lpoly + add x2,x2,#:lo12:.Lpoly ldp x11,x12,[x2] ldp x13,x14,[x2,#16] subs x7,x7,x11 @@ -244,7 +250,8 @@ ecp_sm2p256_add: adc x15,xzr,xzr // Load polynomial - adr x2,.Lpoly + adrp x2,.Lpoly + add x2,x2,#:lo12:.Lpoly ldp x11,x12,[x2] ldp x13,x14,[x2,#16] @@ -293,7 +300,8 @@ ecp_sm2p256_sub: sbc x15,xzr,xzr // Load polynomial - adr x2,.Lpoly + adrp x2,.Lpoly + add x2,x2,#:lo12:.Lpoly ldp x11,x12,[x2] ldp x13,x14,[x2,#16] @@ -342,7 +350,8 @@ ecp_sm2p256_sub_mod_ord: sbc x15,xzr,xzr // Load polynomial - adr x2,.Lord + adrp x2,.Lord + add x2,x2,#:lo12:.Lord ldp x11,x12,[x2] ldp x13,x14,[x2,#16] @@ -520,7 +529,8 @@ ecp_sm2p256_sub_mod_ord: mov x13,x9 mov x14,x10 - adr x3,.Lpoly + adrp x3,.Lpoly + add x3,x3,#:lo12:.Lpoly ldp x4,x5,[x3] ldp x6,x15,[x3,#16] diff --git a/contrib/openssl-cmake/asm/crypto/loongarch64cpuid.S b/contrib/openssl-cmake/asm/crypto/loongarch64cpuid.S index 16e9f19570a7..b8ba7d3e831b 100644 --- a/contrib/openssl-cmake/asm/crypto/loongarch64cpuid.S +++ b/contrib/openssl-cmake/asm/crypto/loongarch64cpuid.S @@ -65,5 +65,5 @@ OPENSSL_cleanse: .globl OPENSSL_rdtsc .type OPENSSL_rdtsc,@function OPENSSL_rdtsc: - move $r4,$r0 - jr $r1 + rdtimel.w $r4,$r0 + jr $r1 diff --git a/contrib/openssl-cmake/asm/crypto/md5/asm/md5-aarch64.S b/contrib/openssl-cmake/asm/crypto/md5/asm/md5-aarch64.S index 67e477fd5225..b6f8777c9fd0 100644 --- a/contrib/openssl-cmake/asm/crypto/md5/asm/md5-aarch64.S +++ b/contrib/openssl-cmake/asm/crypto/md5/asm/md5-aarch64.S @@ -207,165 +207,165 @@ ossl_md5_blocks_loop: add w9, w9, w13 // Add constant 0x49b40821 add w9, w9, w6 // Add aux function result ror w9, w9, #10 // Rotate left s=22 bits - bic x6, x8, x17 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) + bic x6, x8, x17 // Aux function round 2 (~z & y) add w9, w8, w9 // Add X parameter round 1 B=FF(B, C, D, A, 0x49b40821, s=22, M[15]) - and x13, x9, x17 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) - orr x6, x6, x13 // End aux function round 2 G(x,y,z)=((x&z)|(~z&y)) movz x13, #0x2562 // .Load lower half of constant 0xf61e2562 movk x13, #0xf61e, lsl #16 // .Load upper half of constant 0xf61e2562 add w4, w4, w20 // Add dest value add w4, w4, w13 // Add constant 0xf61e2562 - add w4, w4, w6 // Add aux function result + and x13, x9, x17 // Aux function round 2 (x & z) + add w4, w4, w6 // Add (~z & y) + add w4, w4, w13 // Add (x & z) ror w4, w4, #27 // Rotate left s=5 bits - bic x6, x9, x8 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) + bic x6, x9, x8 // Aux function round 2 (~z & y) add w4, w9, w4 // Add X parameter round 2 A=GG(A, B, C, D, 0xf61e2562, s=5, M[1]) - and x13, x4, x8 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) - orr x6, x6, x13 // End aux function round 2 G(x,y,z)=((x&z)|(~z&y)) movz x13, #0xb340 // .Load lower half of constant 0xc040b340 movk x13, #0xc040, lsl #16 // .Load upper half of constant 0xc040b340 add w17, w17, w7 // Add dest value add w17, w17, w13 // Add constant 0xc040b340 - add w17, w17, w6 // Add aux function result + and x13, x4, x8 // Aux function round 2 (x & z) + add w17, w17, w6 // Add (~z & y) + add w17, w17, w13 // Add (x & z) ror w17, w17, #23 // Rotate left s=9 bits - bic x6, x4, x9 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) + bic x6, x4, x9 // Aux function round 2 (~z & y) add w17, w4, w17 // Add X parameter round 2 D=GG(D, A, B, C, 0xc040b340, s=9, M[6]) - and x13, x17, x9 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) - orr x6, x6, x13 // End aux function round 2 G(x,y,z)=((x&z)|(~z&y)) movz x13, #0x5a51 // .Load lower half of constant 0x265e5a51 movk x13, #0x265e, lsl #16 // .Load upper half of constant 0x265e5a51 add w8, w8, w25 // Add dest value add w8, w8, w13 // Add constant 0x265e5a51 - add w8, w8, w6 // Add aux function result + and x13, x17, x9 // Aux function round 2 (x & z) + add w8, w8, w6 // Add (~z & y) + add w8, w8, w13 // Add (x & z) ror w8, w8, #18 // Rotate left s=14 bits - bic x6, x17, x4 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) + bic x6, x17, x4 // Aux function round 2 (~z & y) add w8, w17, w8 // Add X parameter round 2 C=GG(C, D, A, B, 0x265e5a51, s=14, M[11]) - and x13, x8, x4 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) - orr x6, x6, x13 // End aux function round 2 G(x,y,z)=((x&z)|(~z&y)) movz x13, #0xc7aa // .Load lower half of constant 0xe9b6c7aa movk x13, #0xe9b6, lsl #16 // .Load upper half of constant 0xe9b6c7aa add w9, w9, w15 // Add dest value add w9, w9, w13 // Add constant 0xe9b6c7aa - add w9, w9, w6 // Add aux function result + and x13, x8, x4 // Aux function round 2 (x & z) + add w9, w9, w6 // Add (~z & y) + add w9, w9, w13 // Add (x & z) ror w9, w9, #12 // Rotate left s=20 bits - bic x6, x8, x17 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) + bic x6, x8, x17 // Aux function round 2 (~z & y) add w9, w8, w9 // Add X parameter round 2 B=GG(B, C, D, A, 0xe9b6c7aa, s=20, M[0]) - and x13, x9, x17 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) - orr x6, x6, x13 // End aux function round 2 G(x,y,z)=((x&z)|(~z&y)) movz x13, #0x105d // .Load lower half of constant 0xd62f105d movk x13, #0xd62f, lsl #16 // .Load upper half of constant 0xd62f105d add w4, w4, w22 // Add dest value add w4, w4, w13 // Add constant 0xd62f105d - add w4, w4, w6 // Add aux function result + and x13, x9, x17 // Aux function round 2 (x & z) + add w4, w4, w6 // Add (~z & y) + add w4, w4, w13 // Add (x & z) ror w4, w4, #27 // Rotate left s=5 bits - bic x6, x9, x8 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) + bic x6, x9, x8 // Aux function round 2 (~z & y) add w4, w9, w4 // Add X parameter round 2 A=GG(A, B, C, D, 0xd62f105d, s=5, M[5]) - and x13, x4, x8 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) - orr x6, x6, x13 // End aux function round 2 G(x,y,z)=((x&z)|(~z&y)) movz x13, #0x1453 // .Load lower half of constant 0x2441453 movk x13, #0x244, lsl #16 // .Load upper half of constant 0x2441453 add w17, w17, w16 // Add dest value add w17, w17, w13 // Add constant 0x2441453 - add w17, w17, w6 // Add aux function result + and x13, x4, x8 // Aux function round 2 (x & z) + add w17, w17, w6 // Add (~z & y) + add w17, w17, w13 // Add (x & z) ror w17, w17, #23 // Rotate left s=9 bits - bic x6, x4, x9 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) + bic x6, x4, x9 // Aux function round 2 (~z & y) add w17, w4, w17 // Add X parameter round 2 D=GG(D, A, B, C, 0x2441453, s=9, M[10]) - and x13, x17, x9 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) - orr x6, x6, x13 // End aux function round 2 G(x,y,z)=((x&z)|(~z&y)) movz x13, #0xe681 // .Load lower half of constant 0xd8a1e681 movk x13, #0xd8a1, lsl #16 // .Load upper half of constant 0xd8a1e681 add w8, w8, w27 // Add dest value add w8, w8, w13 // Add constant 0xd8a1e681 - add w8, w8, w6 // Add aux function result + and x13, x17, x9 // Aux function round 2 (x & z) + add w8, w8, w6 // Add (~z & y) + add w8, w8, w13 // Add (x & z) ror w8, w8, #18 // Rotate left s=14 bits - bic x6, x17, x4 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) + bic x6, x17, x4 // Aux function round 2 (~z & y) add w8, w17, w8 // Add X parameter round 2 C=GG(C, D, A, B, 0xd8a1e681, s=14, M[15]) - and x13, x8, x4 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) - orr x6, x6, x13 // End aux function round 2 G(x,y,z)=((x&z)|(~z&y)) movz x13, #0xfbc8 // .Load lower half of constant 0xe7d3fbc8 movk x13, #0xe7d3, lsl #16 // .Load upper half of constant 0xe7d3fbc8 add w9, w9, w14 // Add dest value add w9, w9, w13 // Add constant 0xe7d3fbc8 - add w9, w9, w6 // Add aux function result + and x13, x8, x4 // Aux function round 2 (x & z) + add w9, w9, w6 // Add (~z & y) + add w9, w9, w13 // Add (x & z) ror w9, w9, #12 // Rotate left s=20 bits - bic x6, x8, x17 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) + bic x6, x8, x17 // Aux function round 2 (~z & y) add w9, w8, w9 // Add X parameter round 2 B=GG(B, C, D, A, 0xe7d3fbc8, s=20, M[4]) - and x13, x9, x17 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) - orr x6, x6, x13 // End aux function round 2 G(x,y,z)=((x&z)|(~z&y)) movz x13, #0xcde6 // .Load lower half of constant 0x21e1cde6 movk x13, #0x21e1, lsl #16 // .Load upper half of constant 0x21e1cde6 add w4, w4, w24 // Add dest value add w4, w4, w13 // Add constant 0x21e1cde6 - add w4, w4, w6 // Add aux function result + and x13, x9, x17 // Aux function round 2 (x & z) + add w4, w4, w6 // Add (~z & y) + add w4, w4, w13 // Add (x & z) ror w4, w4, #27 // Rotate left s=5 bits - bic x6, x9, x8 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) + bic x6, x9, x8 // Aux function round 2 (~z & y) add w4, w9, w4 // Add X parameter round 2 A=GG(A, B, C, D, 0x21e1cde6, s=5, M[9]) - and x13, x4, x8 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) - orr x6, x6, x13 // End aux function round 2 G(x,y,z)=((x&z)|(~z&y)) movz x13, #0x7d6 // .Load lower half of constant 0xc33707d6 movk x13, #0xc337, lsl #16 // .Load upper half of constant 0xc33707d6 add w17, w17, w12 // Add dest value add w17, w17, w13 // Add constant 0xc33707d6 - add w17, w17, w6 // Add aux function result + and x13, x4, x8 // Aux function round 2 (x & z) + add w17, w17, w6 // Add (~z & y) + add w17, w17, w13 // Add (x & z) ror w17, w17, #23 // Rotate left s=9 bits - bic x6, x4, x9 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) + bic x6, x4, x9 // Aux function round 2 (~z & y) add w17, w4, w17 // Add X parameter round 2 D=GG(D, A, B, C, 0xc33707d6, s=9, M[14]) - and x13, x17, x9 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) - orr x6, x6, x13 // End aux function round 2 G(x,y,z)=((x&z)|(~z&y)) movz x13, #0xd87 // .Load lower half of constant 0xf4d50d87 movk x13, #0xf4d5, lsl #16 // .Load upper half of constant 0xf4d50d87 add w8, w8, w21 // Add dest value add w8, w8, w13 // Add constant 0xf4d50d87 - add w8, w8, w6 // Add aux function result + and x13, x17, x9 // Aux function round 2 (x & z) + add w8, w8, w6 // Add (~z & y) + add w8, w8, w13 // Add (x & z) ror w8, w8, #18 // Rotate left s=14 bits - bic x6, x17, x4 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) + bic x6, x17, x4 // Aux function round 2 (~z & y) add w8, w17, w8 // Add X parameter round 2 C=GG(C, D, A, B, 0xf4d50d87, s=14, M[3]) - and x13, x8, x4 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) - orr x6, x6, x13 // End aux function round 2 G(x,y,z)=((x&z)|(~z&y)) movz x13, #0x14ed // .Load lower half of constant 0x455a14ed movk x13, #0x455a, lsl #16 // .Load upper half of constant 0x455a14ed add w9, w9, w5 // Add dest value add w9, w9, w13 // Add constant 0x455a14ed - add w9, w9, w6 // Add aux function result + and x13, x8, x4 // Aux function round 2 (x & z) + add w9, w9, w6 // Add (~z & y) + add w9, w9, w13 // Add (x & z) ror w9, w9, #12 // Rotate left s=20 bits - bic x6, x8, x17 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) + bic x6, x8, x17 // Aux function round 2 (~z & y) add w9, w8, w9 // Add X parameter round 2 B=GG(B, C, D, A, 0x455a14ed, s=20, M[8]) - and x13, x9, x17 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) - orr x6, x6, x13 // End aux function round 2 G(x,y,z)=((x&z)|(~z&y)) movz x13, #0xe905 // .Load lower half of constant 0xa9e3e905 movk x13, #0xa9e3, lsl #16 // .Load upper half of constant 0xa9e3e905 add w4, w4, w26 // Add dest value add w4, w4, w13 // Add constant 0xa9e3e905 - add w4, w4, w6 // Add aux function result + and x13, x9, x17 // Aux function round 2 (x & z) + add w4, w4, w6 // Add (~z & y) + add w4, w4, w13 // Add (x & z) ror w4, w4, #27 // Rotate left s=5 bits - bic x6, x9, x8 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) + bic x6, x9, x8 // Aux function round 2 (~z & y) add w4, w9, w4 // Add X parameter round 2 A=GG(A, B, C, D, 0xa9e3e905, s=5, M[13]) - and x13, x4, x8 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) - orr x6, x6, x13 // End aux function round 2 G(x,y,z)=((x&z)|(~z&y)) movz x13, #0xa3f8 // .Load lower half of constant 0xfcefa3f8 movk x13, #0xfcef, lsl #16 // .Load upper half of constant 0xfcefa3f8 add w17, w17, w3 // Add dest value add w17, w17, w13 // Add constant 0xfcefa3f8 - add w17, w17, w6 // Add aux function result + and x13, x4, x8 // Aux function round 2 (x & z) + add w17, w17, w6 // Add (~z & y) + add w17, w17, w13 // Add (x & z) ror w17, w17, #23 // Rotate left s=9 bits - bic x6, x4, x9 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) + bic x6, x4, x9 // Aux function round 2 (~z & y) add w17, w4, w17 // Add X parameter round 2 D=GG(D, A, B, C, 0xfcefa3f8, s=9, M[2]) - and x13, x17, x9 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) - orr x6, x6, x13 // End aux function round 2 G(x,y,z)=((x&z)|(~z&y)) movz x13, #0x2d9 // .Load lower half of constant 0x676f02d9 movk x13, #0x676f, lsl #16 // .Load upper half of constant 0x676f02d9 add w8, w8, w23 // Add dest value add w8, w8, w13 // Add constant 0x676f02d9 - add w8, w8, w6 // Add aux function result + and x13, x17, x9 // Aux function round 2 (x & z) + add w8, w8, w6 // Add (~z & y) + add w8, w8, w13 // Add (x & z) ror w8, w8, #18 // Rotate left s=14 bits - bic x6, x17, x4 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) + bic x6, x17, x4 // Aux function round 2 (~z & y) add w8, w17, w8 // Add X parameter round 2 C=GG(C, D, A, B, 0x676f02d9, s=14, M[7]) - and x13, x8, x4 // Aux function round 2 G(x,y,z)=((x&z)|(~z&y)) - orr x6, x6, x13 // End aux function round 2 G(x,y,z)=((x&z)|(~z&y)) movz x13, #0x4c8a // .Load lower half of constant 0x8d2a4c8a movk x13, #0x8d2a, lsl #16 // .Load upper half of constant 0x8d2a4c8a add w9, w9, w11 // Add dest value add w9, w9, w13 // Add constant 0x8d2a4c8a - add w9, w9, w6 // Add aux function result + and x13, x8, x4 // Aux function round 2 (x & z) + add w9, w9, w6 // Add (~z & y) + add w9, w9, w13 // Add (x & z) eor x6, x8, x17 // Begin aux function round 3 H(x,y,z)=(x^y^z) ror w9, w9, #12 // Rotate left s=20 bits movz x10, #0x3942 // .Load lower half of constant 0xfffa3942 diff --git a/contrib/openssl-cmake/asm/crypto/md5/md5-x86_64.s b/contrib/openssl-cmake/asm/crypto/md5/md5-x86_64.s index 1fb524950f33..fb4c26760fdf 100644 --- a/contrib/openssl-cmake/asm/crypto/md5/md5-x86_64.s +++ b/contrib/openssl-cmake/asm/crypto/md5/md5-x86_64.s @@ -201,7 +201,7 @@ ossl_md5_block_asm_data_order: leal -165796510(%rax,%r10,1),%eax andl %ecx,%r11d movl 24(%rsi),%r10d - orl %r11d,%r12d + addl %r11d,%eax movl %ecx,%r11d addl %r12d,%eax movl %ecx,%r12d @@ -212,7 +212,7 @@ ossl_md5_block_asm_data_order: leal -1069501632(%rdx,%r10,1),%edx andl %ebx,%r11d movl 44(%rsi),%r10d - orl %r11d,%r12d + addl %r11d,%edx movl %ebx,%r11d addl %r12d,%edx movl %ebx,%r12d @@ -223,7 +223,7 @@ ossl_md5_block_asm_data_order: leal 643717713(%rcx,%r10,1),%ecx andl %eax,%r11d movl 0(%rsi),%r10d - orl %r11d,%r12d + addl %r11d,%ecx movl %eax,%r11d addl %r12d,%ecx movl %eax,%r12d @@ -234,7 +234,7 @@ ossl_md5_block_asm_data_order: leal -373897302(%rbx,%r10,1),%ebx andl %edx,%r11d movl 20(%rsi),%r10d - orl %r11d,%r12d + addl %r11d,%ebx movl %edx,%r11d addl %r12d,%ebx movl %edx,%r12d @@ -245,7 +245,7 @@ ossl_md5_block_asm_data_order: leal -701558691(%rax,%r10,1),%eax andl %ecx,%r11d movl 40(%rsi),%r10d - orl %r11d,%r12d + addl %r11d,%eax movl %ecx,%r11d addl %r12d,%eax movl %ecx,%r12d @@ -256,7 +256,7 @@ ossl_md5_block_asm_data_order: leal 38016083(%rdx,%r10,1),%edx andl %ebx,%r11d movl 60(%rsi),%r10d - orl %r11d,%r12d + addl %r11d,%edx movl %ebx,%r11d addl %r12d,%edx movl %ebx,%r12d @@ -267,7 +267,7 @@ ossl_md5_block_asm_data_order: leal -660478335(%rcx,%r10,1),%ecx andl %eax,%r11d movl 16(%rsi),%r10d - orl %r11d,%r12d + addl %r11d,%ecx movl %eax,%r11d addl %r12d,%ecx movl %eax,%r12d @@ -278,7 +278,7 @@ ossl_md5_block_asm_data_order: leal -405537848(%rbx,%r10,1),%ebx andl %edx,%r11d movl 36(%rsi),%r10d - orl %r11d,%r12d + addl %r11d,%ebx movl %edx,%r11d addl %r12d,%ebx movl %edx,%r12d @@ -289,7 +289,7 @@ ossl_md5_block_asm_data_order: leal 568446438(%rax,%r10,1),%eax andl %ecx,%r11d movl 56(%rsi),%r10d - orl %r11d,%r12d + addl %r11d,%eax movl %ecx,%r11d addl %r12d,%eax movl %ecx,%r12d @@ -300,7 +300,7 @@ ossl_md5_block_asm_data_order: leal -1019803690(%rdx,%r10,1),%edx andl %ebx,%r11d movl 12(%rsi),%r10d - orl %r11d,%r12d + addl %r11d,%edx movl %ebx,%r11d addl %r12d,%edx movl %ebx,%r12d @@ -311,7 +311,7 @@ ossl_md5_block_asm_data_order: leal -187363961(%rcx,%r10,1),%ecx andl %eax,%r11d movl 32(%rsi),%r10d - orl %r11d,%r12d + addl %r11d,%ecx movl %eax,%r11d addl %r12d,%ecx movl %eax,%r12d @@ -322,7 +322,7 @@ ossl_md5_block_asm_data_order: leal 1163531501(%rbx,%r10,1),%ebx andl %edx,%r11d movl 52(%rsi),%r10d - orl %r11d,%r12d + addl %r11d,%ebx movl %edx,%r11d addl %r12d,%ebx movl %edx,%r12d @@ -333,7 +333,7 @@ ossl_md5_block_asm_data_order: leal -1444681467(%rax,%r10,1),%eax andl %ecx,%r11d movl 8(%rsi),%r10d - orl %r11d,%r12d + addl %r11d,%eax movl %ecx,%r11d addl %r12d,%eax movl %ecx,%r12d @@ -344,7 +344,7 @@ ossl_md5_block_asm_data_order: leal -51403784(%rdx,%r10,1),%edx andl %ebx,%r11d movl 28(%rsi),%r10d - orl %r11d,%r12d + addl %r11d,%edx movl %ebx,%r11d addl %r12d,%edx movl %ebx,%r12d @@ -355,7 +355,7 @@ ossl_md5_block_asm_data_order: leal 1735328473(%rcx,%r10,1),%ecx andl %eax,%r11d movl 48(%rsi),%r10d - orl %r11d,%r12d + addl %r11d,%ecx movl %eax,%r11d addl %r12d,%ecx movl %eax,%r12d @@ -366,7 +366,7 @@ ossl_md5_block_asm_data_order: leal -1926607734(%rbx,%r10,1),%ebx andl %edx,%r11d movl 20(%rsi),%r10d - orl %r11d,%r12d + addl %r11d,%ebx movl %edx,%r11d addl %r12d,%ebx movl %edx,%r12d diff --git a/contrib/openssl-cmake/asm/crypto/modes/aes-gcm-avx512.s b/contrib/openssl-cmake/asm/crypto/modes/aes-gcm-avx512.s index fc0c9e20c90c..b239d9fc2ac8 100644 --- a/contrib/openssl-cmake/asm/crypto/modes/aes-gcm-avx512.s +++ b/contrib/openssl-cmake/asm/crypto/modes/aes-gcm-avx512.s @@ -135982,7 +135982,7 @@ ossl_gcm_gmult_avx512: .byte 0xf3,0xc3 .cfi_endproc .size ossl_gcm_gmult_avx512, .-ossl_gcm_gmult_avx512 -.data +.section .rodata .align 16 POLY:.quad 0x0000000000000001, 0xC200000000000000 diff --git a/contrib/openssl-cmake/asm/crypto/modes/aes-gcm-riscv64-zvkb-zvkg-zvkned.S b/contrib/openssl-cmake/asm/crypto/modes/aes-gcm-riscv64-zvkb-zvkg-zvkned.S new file mode 100644 index 000000000000..6c1c5e1c7e28 --- /dev/null +++ b/contrib/openssl-cmake/asm/crypto/modes/aes-gcm-riscv64-zvkb-zvkg-zvkned.S @@ -0,0 +1,1540 @@ +.text +.p2align 3 +.globl rv64i_zvkb_zvkg_zvkned_aes_gcm_encrypt +.type rv64i_zvkb_zvkg_zvkned_aes_gcm_encrypt,@function +rv64i_zvkb_zvkg_zvkned_aes_gcm_encrypt: + srli t0, a2, 4 + beqz t0, .Lenc_end + slli t5, t0, 2 + + mv a7, t5 + + # Compute the AES-GCM full-block e32 length for `LMUL=4`. We will handle + # the multiple AES-GCM blocks at the same time within `LMUL=4` register. + # The AES-GCM's SEW is e32 and EGW is 128 bits. + # FULL_BLOCK_LEN32 = (VLEN*LMUL)/(EGW) * (EGW/SEW) = (VLEN*4)/(32*4) * 4 + # = (VLEN*4)/32 + # We could get the block_num using the VL value of `vsetvli with e32, m4`. + .word 220231767 + # If `LEN32 % FULL_BLOCK_LEN32` is not equal to zero, we could fill the + # zero padding data to make sure we could always handle FULL_BLOCK_LEN32 + # blocks for all iterations. + + ## Prepare the H^n multiplier in v16 for GCM multiplier. The `n` is the gcm + ## block number in a LMUL=4 register group. + ## n = ((VLEN*LMUL)/(32*4)) = ((VLEN*4)/(32*4)) + ## = (VLEN/32) + ## We could use vsetvli with `e32, m1` to compute the `n` number. + .word 218133207 + + # The H is at `gcm128_context.Htable[0]`(addr(Xi)+16*2). + addi t1, a5, 32 + .word 3439489111 + .word 33779591 + + # Compute the H^n + li t1, 1 +1: + .word 2750984183 + slli t1, t1, 1 + bltu t1, t0, 1b + + .word 220754007 + .word 1577072727 + .word 2817763447 + + #### Load plaintext into v24 and handle padding. We also load the init tag + #### data into v20 and prepare the AES ctr input data into v12 and v28. + .word 1577073239 + + ## Prepare the AES ctr input data into v12. + # Setup ctr input mask. + # ctr mask : [000100010001....] + # Note: The actual vl should be `FULL_BLOCK_LEN32/4 * 2`, but we just use + # `FULL_BLOCK_LEN32` here. + .word 201879639 + li t0, 0b10001000 + .word 1577238615 + # Load IV. + .word 3439489111 + .word 34041735 + # Convert the big-endian counter into little-endian. + .word 3305271383 + .word 1240772567 + # Splat the `single block of IV` to v12 + .word 220754007 + .word 1577072215 + .word 2817762935 + # Prepare the ctr counter into v8 + # v8: [x, x, x, 0, x, x, x, 1, x, x, x, 2, ...] + .word 1342710871 + # Merge IV and ctr counter into v12. + # v12:[x, x, x, count+0, x, x, x, count+1, ...] + .word 86536279 + .word 12846679 + + li t4, 0 + # Get the SEW32 size in the first round. + # If we have the non-zero value for `LEN32&(FULL_BLOCK_LEN32-1)`, then + # we will have the leading padding zero. + addi t0, a6, -1 + and t0, t0, t5 + beqz t0, 1f + + ## with padding + sub t5, t5, t0 + sub t4, a6, t0 + # padding block size + srli t1, t4, 2 + # padding byte size + slli t2, t4, 2 + + # Adjust the ctr counter to make the counter start from `counter+0` for the + # first non-padding block. + .word 86536279 + .word 147015255 + # Prepare the AES ctr input into v28. + # The ctr data uses big-endian form. + .word 1577455191 + .word 1237626455 + + # Prepare the mask for input loading in the first round. We use + # `VL=FULL_BLOCK_LEN32` with the mask in the first round. + # Adjust input ptr. + sub a0, a0, t2 + # Adjust output ptr. + sub a1, a1, t2 + .word 211316823 + .word 1376297303 + # We don't use the pseudo instruction `vmsgeu` here. Use `vmsgtu` instead. + # The original code is: + # vmsgeu.vx v0, v2, t4 + addi t0, t4, -1 + .word 2049097815 + .word 220754007 + .word 1577073751 + # Load the input for length FULL_BLOCK_LEN32 with mask. + .word 86536279 + .word 355335 + + # Load the init `Xi` data to v20 with preceding zero padding. + # Adjust Xi ptr. + sub t0, a5, t2 + # Load for length `zero-padding-e32-length + 4`. + addi t1, t4, 4 + .word 19099735 + .word 190983 + j 2f + +1: + ## without padding + sub t5, t5, a6 + + .word 220754007 + .word 33909767 + + # Load the init Xi data to v20. + .word 3372380247 + .word 34073095 + + # Prepare the AES ctr input into v28. + # The ctr data uses big-endian form. + .word 86536279 + .word 1577455191 + .word 1237626455 +2: + + + # Load number of rounds + lwu t0, 240(a3) + li t1, 14 + li t2, 12 + li t3, 10 + + beq t0, t1, aes_gcm_enc_blocks_256 + beq t0, t2, aes_gcm_enc_blocks_192 + beq t0, t3, aes_gcm_enc_blocks_128 + +.Lenc_end: + li a0, 0 + ret + +.size rv64i_zvkb_zvkg_zvkned_aes_gcm_encrypt,.-rv64i_zvkb_zvkg_zvkned_aes_gcm_encrypt +.p2align 3 +aes_gcm_enc_blocks_128: + srli t6, a6, 2 + slli t0, a6, 2 + + # Load all 11 aes round keys to v1-v11 registers. + .word 3439489111 + .word 34005127 + addi a3, a3, 16 + .word 34005255 + addi a3, a3, 16 + .word 34005383 + addi a3, a3, 16 + .word 34005511 + addi a3, a3, 16 + .word 34005639 + addi a3, a3, 16 + .word 34005767 + addi a3, a3, 16 + .word 34005895 + addi a3, a3, 16 + .word 34006023 + addi a3, a3, 16 + .word 34006151 + addi a3, a3, 16 + .word 34006279 + addi a3, a3, 16 + .word 34006407 + + # We already have the ciphertext/plaintext and ctr data for the first round. + .word 220754007 + .word 2786307703 + .word 2787192439 + .word 2788241015 + .word 2789289591 + .word 2790338167 + .word 2791386743 + .word 2792435319 + .word 2793483895 + .word 2794532471 + .word 2795581047 + .word 2796662391 + + + # Compute AES ctr result. + .word 801902167 + + bnez t4, 1f + + ## without padding + # Store ciphertext/plaintext + .word 33943079 + j 2f + + ## with padding +1: + # Store ciphertext/plaintext using mask + .word 388647 + + # Fill zero for the padding blocks + .word 154071127 + .word 1577074263 + + # We have used mask register for `INPUT_PADDING_MASK` before. We need to + # setup the ctr mask back. + # ctr mask : [000100010001....] + .word 201879639 + li t1, 0b10001000 + .word 1577271383 +2: + + + + add a0, a0, t0 + add a1, a1, t0 + + + .word 220754007 + +.Lenc_blocks_128: + # Compute the partial tags. + # The partial tags will multiply with [H^n, H^n, ..., H^n] + # [tag0, tag1, ...] = + # ([tag0, tag1, ...] + [ciphertext0, ciphertext1, ...] * [H^n, H^n, ..., H^n] + # We will skip the [H^n, H^n, ..., H^n] multiplication for the last round. + beqz t5, .Lenc_blocks_128_end + .word 3004050039 + + .word 86536279 + # Increase ctr in v12. + .word 13616727 + sub t5, t5, a6 + # Load plaintext into v24 + .word 220229719 + .word 33909767 + # Prepare the AES ctr input into v28. + # The ctr data uses big-endian form. + .word 1577455191 + add a0, a0, t0 + .word 86011991 + .word 1237626455 + + + .word 220754007 + .word 2786307703 + .word 2787192439 + .word 2788241015 + .word 2789289591 + .word 2790338167 + .word 2791386743 + .word 2792435319 + .word 2793483895 + .word 2794532471 + .word 2795581047 + .word 2796662391 + + + # Compute AES ctr ciphertext result. + .word 801902167 + + # Store ciphertext + .word 33943079 + add a1, a1, t0 + + j .Lenc_blocks_128 +.Lenc_blocks_128_end: + + # Add ciphertext into partial tag + .word 793643607 + + .word 3441586263 + # Update current ctr value to v12 + .word 13616727 + # Convert ctr to big-endian counter. + .word 1220847191 + .word 484903 + + + # The H is at `gcm128_context.Htable[0]` (addr(Xi)+16*2). + # Load H to v1 + addi t1, a5, 32 + .word 3439489111 + .word 33775751 + # Multiply H for each partial tag and XOR them together. + # Handle 1st partial tag + .word 1577713751 + .word 2719522935 + # Handle 2nd to N-th partial tags + li t1, 4 +1: + .word 3441586263 + .word 1061372503 + .word 3439489111 + .word 2987532407 + addi t1, t1, 4 + blt t1, a6, 1b + + + # Save the final tag + .word 34070567 + + # return the processed size. + slli a0, a7, 2 + ret +.size aes_gcm_enc_blocks_128,.-aes_gcm_enc_blocks_128 +.p2align 3 +aes_gcm_enc_blocks_192: + srli t6, a6, 2 + slli t0, a6, 2 + + # We run out of 32 vector registers, so we just preserve some round keys + # and load the remaining round keys inside the aes body. + # We keep the round keys for: + # 1, 2, 3, 5, 6, 7, 9, 10, 11 and 12th keys. + # The following keys will be loaded in the aes body: + # 4, 8 and 13th keys. + .word 3439489111 + # key 1 + .word 34005127 + # key 2 + addi t1, a3, 16 + .word 33775879 + # key 3 + addi t1, a3, 32 + .word 33776007 + # key 5 + addi t1, a3, 64 + .word 33776135 + # key 6 + addi t1, a3, 80 + .word 33776263 + # key 7 + addi t1, a3, 96 + .word 33776391 + # key 9 + addi t1, a3, 128 + .word 33776519 + # key 10 + addi t1, a3, 144 + .word 33776647 + # key 11 + addi t1, a3, 160 + .word 33776775 + # key 12 + addi t1, a3, 176 + .word 33776903 + + # We already have the ciphertext/plaintext and ctr data for the first round. + # Load key 4 + .word 3439489111 + addi t1, a3, 48 + .word 33777031 + .word 220754007 + .word 2786307703 + .word 2787192439 + .word 2788241015 + .word 2796629623 + # Load key 8 + .word 3439489111 + addi t1, a3, 112 + .word 33777031 + .word 220754007 + .word 2789289591 + .word 2790338167 + .word 2791386743 + .word 2796629623 + # Load key 13 + .word 3439489111 + addi t1, a3, 192 + .word 33777031 + .word 220754007 + .word 2792435319 + .word 2793483895 + .word 2794532471 + .word 2795581047 + .word 2796662391 + + + # Compute AES ctr result. + .word 801902167 + + bnez t4, 1f + + ## without padding + # Store ciphertext/plaintext + .word 33943079 + j 2f + + ## with padding +1: + # Store ciphertext/plaintext using mask + .word 388647 + + # Fill zero for the padding blocks + .word 154071127 + .word 1577074263 + + # We have used mask register for `INPUT_PADDING_MASK` before. We need to + # setup the ctr mask back. + # ctr mask : [000100010001....] + .word 201879639 + li t1, 0b10001000 + .word 1577271383 +2: + + + + add a0, a0, t0 + add a1, a1, t0 + + + .word 220754007 + +.Lenc_blocks_192: + # Compute the partial tags. + # The partial tags will multiply with [H^n, H^n, ..., H^n] + # [tag0, tag1, ...] = + # ([tag0, tag1, ...] + [ciphertext0, ciphertext1, ...] * [H^n, H^n, ..., H^n] + # We will skip the [H^n, H^n, ..., H^n] multiplication for the last round. + beqz t5, .Lenc_blocks_192_end + .word 3004050039 + + .word 86536279 + # Increase ctr in v12. + .word 13616727 + sub t5, t5, a6 + # Load plaintext into v24 + .word 220229719 + .word 33909767 + # Prepare the AES ctr input into v28. + # The ctr data uses big-endian form. + .word 1577455191 + add a0, a0, t0 + .word 86011991 + .word 1237626455 + + + # Load key 4 + .word 3439489111 + addi t1, a3, 48 + .word 33777031 + .word 220754007 + .word 2786307703 + .word 2787192439 + .word 2788241015 + .word 2796629623 + # Load key 8 + .word 3439489111 + addi t1, a3, 112 + .word 33777031 + .word 220754007 + .word 2789289591 + .word 2790338167 + .word 2791386743 + .word 2796629623 + # Load key 13 + .word 3439489111 + addi t1, a3, 192 + .word 33777031 + .word 220754007 + .word 2792435319 + .word 2793483895 + .word 2794532471 + .word 2795581047 + .word 2796662391 + + + # Compute AES ctr ciphertext result. + .word 801902167 + + # Store ciphertext + .word 33943079 + add a1, a1, t0 + + j .Lenc_blocks_192 +.Lenc_blocks_192_end: + + # Add ciphertext into partial tag + .word 793643607 + + .word 3441586263 + # Update current ctr value to v12 + .word 13616727 + # Convert ctr to big-endian counter. + .word 1220847191 + .word 484903 + + + # The H is at `gcm128_context.Htable[0]` (addr(Xi)+16*2). + # Load H to v1 + addi t1, a5, 32 + .word 3439489111 + .word 33775751 + # Multiply H for each partial tag and XOR them together. + # Handle 1st partial tag + .word 1577713751 + .word 2719522935 + # Handle 2nd to N-th partial tags + li t1, 4 +1: + .word 3441586263 + .word 1061372503 + .word 3439489111 + .word 2987532407 + addi t1, t1, 4 + blt t1, a6, 1b + + + # Save the final tag + .word 34070567 + + # return the processed size. + slli a0, a7, 2 + ret +.size aes_gcm_enc_blocks_192,.-aes_gcm_enc_blocks_192 +.p2align 3 +aes_gcm_enc_blocks_256: + srli t6, a6, 2 + slli t0, a6, 2 + + # We run out of 32 vector registers, so we just preserve some round keys + # and load the remaining round keys inside the aes body. + # We keep the round keys for: + # 1, 2, 4, 5, 7, 8, 10, 11, 13 and 14th keys. + # The following keys will be loaded in the aes body: + # 3, 6, 9, 12 and 15th keys. + .word 3439489111 + # key 1 + .word 34005127 + # key 2 + addi t1, a3, 16 + .word 33775879 + # key 4 + addi t1, a3, 48 + .word 33776007 + # key 5 + addi t1, a3, 64 + .word 33776135 + # key 7 + addi t1, a3, 96 + .word 33776263 + # key 8 + addi t1, a3, 112 + .word 33776391 + # key 10 + addi t1, a3, 144 + .word 33776519 + # key 11 + addi t1, a3, 160 + .word 33776647 + # key 13 + addi t1, a3, 192 + .word 33776775 + # key 14 + addi t1, a3, 208 + .word 33776903 + + # We already have the ciphertext/plaintext and ctr data for the first round. + # Load key 3 + .word 3439489111 + addi t1, a3, 32 + .word 33777031 + .word 220754007 + .word 2786307703 + .word 2787192439 + .word 2796629623 + # Load key 6 + .word 3439489111 + addi t1, a3, 80 + .word 33777031 + .word 220754007 + .word 2788241015 + .word 2789289591 + .word 2796629623 + # Load key 9 + .word 3439489111 + addi t1, a3, 128 + .word 33777031 + .word 220754007 + .word 2790338167 + .word 2791386743 + .word 2796629623 + # Load key 12 + .word 3439489111 + addi t1, a3, 176 + .word 33777031 + .word 220754007 + .word 2792435319 + .word 2793483895 + .word 2796629623 + # Load key 15 + .word 3439489111 + addi t1, a3, 224 + .word 33777031 + .word 220754007 + .word 2794532471 + .word 2795581047 + .word 2796662391 + + + # Compute AES ctr result. + .word 801902167 + + bnez t4, 1f + + ## without padding + # Store ciphertext/plaintext + .word 33943079 + j 2f + + ## with padding +1: + # Store ciphertext/plaintext using mask + .word 388647 + + # Fill zero for the padding blocks + .word 154071127 + .word 1577074263 + + # We have used mask register for `INPUT_PADDING_MASK` before. We need to + # setup the ctr mask back. + # ctr mask : [000100010001....] + .word 201879639 + li t1, 0b10001000 + .word 1577271383 +2: + + + + add a0, a0, t0 + add a1, a1, t0 + + + .word 220754007 + +.Lenc_blocks_256: + # Compute the partial tags. + # The partial tags will multiply with [H^n, H^n, ..., H^n] + # [tag0, tag1, ...] = + # ([tag0, tag1, ...] + [ciphertext0, ciphertext1, ...] * [H^n, H^n, ..., H^n] + # We will skip the [H^n, H^n, ..., H^n] multiplication for the last round. + beqz t5, .Lenc_blocks_256_end + .word 3004050039 + + .word 86536279 + # Increase ctr in v12. + .word 13616727 + sub t5, t5, a6 + # Load plaintext into v24 + .word 220229719 + .word 33909767 + # Prepare the AES ctr input into v28. + # The ctr data uses big-endian form. + .word 1577455191 + add a0, a0, t0 + .word 86011991 + .word 1237626455 + + + # Load key 3 + .word 3439489111 + addi t1, a3, 32 + .word 33777031 + .word 220754007 + .word 2786307703 + .word 2787192439 + .word 2796629623 + # Load key 6 + .word 3439489111 + addi t1, a3, 80 + .word 33777031 + .word 220754007 + .word 2788241015 + .word 2789289591 + .word 2796629623 + # Load key 9 + .word 3439489111 + addi t1, a3, 128 + .word 33777031 + .word 220754007 + .word 2790338167 + .word 2791386743 + .word 2796629623 + # Load key 12 + .word 3439489111 + addi t1, a3, 176 + .word 33777031 + .word 220754007 + .word 2792435319 + .word 2793483895 + .word 2796629623 + # Load key 15 + .word 3439489111 + addi t1, a3, 224 + .word 33777031 + .word 220754007 + .word 2794532471 + .word 2795581047 + .word 2796662391 + + + # Compute AES ctr ciphertext result. + .word 801902167 + + # Store ciphertext + .word 33943079 + add a1, a1, t0 + + j .Lenc_blocks_256 +.Lenc_blocks_256_end: + + # Add ciphertext into partial tag + .word 793643607 + + .word 3441586263 + # Update current ctr value to v12 + .word 13616727 + # Convert ctr to big-endian counter. + .word 1220847191 + .word 484903 + + + # The H is at `gcm128_context.Htable[0]` (addr(Xi)+16*2). + # Load H to v1 + addi t1, a5, 32 + .word 3439489111 + .word 33775751 + # Multiply H for each partial tag and XOR them together. + # Handle 1st partial tag + .word 1577713751 + .word 2719522935 + # Handle 2nd to N-th partial tags + li t1, 4 +1: + .word 3441586263 + .word 1061372503 + .word 3439489111 + .word 2987532407 + addi t1, t1, 4 + blt t1, a6, 1b + + + # Save the final tag + .word 34070567 + + # return the processed size. + slli a0, a7, 2 + ret +.size aes_gcm_enc_blocks_256,.-aes_gcm_enc_blocks_256 +.p2align 3 +.globl rv64i_zvkb_zvkg_zvkned_aes_gcm_decrypt +.type rv64i_zvkb_zvkg_zvkned_aes_gcm_decrypt,@function +rv64i_zvkb_zvkg_zvkned_aes_gcm_decrypt: + srli t0, a2, 4 + beqz t0, .Ldec_end + slli t5, t0, 2 + + mv a7, t5 + + # Compute the AES-GCM full-block e32 length for `LMUL=4`. We will handle + # the multiple AES-GCM blocks at the same time within `LMUL=4` register. + # The AES-GCM's SEW is e32 and EGW is 128 bits. + # FULL_BLOCK_LEN32 = (VLEN*LMUL)/(EGW) * (EGW/SEW) = (VLEN*4)/(32*4) * 4 + # = (VLEN*4)/32 + # We could get the block_num using the VL value of `vsetvli with e32, m4`. + .word 220231767 + # If `LEN32 % FULL_BLOCK_LEN32` is not equal to zero, we could fill the + # zero padding data to make sure we could always handle FULL_BLOCK_LEN32 + # blocks for all iterations. + + ## Prepare the H^n multiplier in v16 for GCM multiplier. The `n` is the gcm + ## block number in a LMUL=4 register group. + ## n = ((VLEN*LMUL)/(32*4)) = ((VLEN*4)/(32*4)) + ## = (VLEN/32) + ## We could use vsetvli with `e32, m1` to compute the `n` number. + .word 218133207 + + # The H is at `gcm128_context.Htable[0]`(addr(Xi)+16*2). + addi t1, a5, 32 + .word 3439489111 + .word 33779591 + + # Compute the H^n + li t1, 1 +1: + .word 2750984183 + slli t1, t1, 1 + bltu t1, t0, 1b + + .word 220754007 + .word 1577072727 + .word 2817763447 + + #### Load plaintext into v24 and handle padding. We also load the init tag + #### data into v20 and prepare the AES ctr input data into v12 and v28. + .word 1577073239 + + ## Prepare the AES ctr input data into v12. + # Setup ctr input mask. + # ctr mask : [000100010001....] + # Note: The actual vl should be `FULL_BLOCK_LEN32/4 * 2`, but we just use + # `FULL_BLOCK_LEN32` here. + .word 201879639 + li t0, 0b10001000 + .word 1577238615 + # Load IV. + .word 3439489111 + .word 34041735 + # Convert the big-endian counter into little-endian. + .word 3305271383 + .word 1240772567 + # Splat the `single block of IV` to v12 + .word 220754007 + .word 1577072215 + .word 2817762935 + # Prepare the ctr counter into v8 + # v8: [x, x, x, 0, x, x, x, 1, x, x, x, 2, ...] + .word 1342710871 + # Merge IV and ctr counter into v12. + # v12:[x, x, x, count+0, x, x, x, count+1, ...] + .word 86536279 + .word 12846679 + + li t4, 0 + # Get the SEW32 size in the first round. + # If we have the non-zero value for `LEN32&(FULL_BLOCK_LEN32-1)`, then + # we will have the leading padding zero. + addi t0, a6, -1 + and t0, t0, t5 + beqz t0, 1f + + ## with padding + sub t5, t5, t0 + sub t4, a6, t0 + # padding block size + srli t1, t4, 2 + # padding byte size + slli t2, t4, 2 + + # Adjust the ctr counter to make the counter start from `counter+0` for the + # first non-padding block. + .word 86536279 + .word 147015255 + # Prepare the AES ctr input into v28. + # The ctr data uses big-endian form. + .word 1577455191 + .word 1237626455 + + # Prepare the mask for input loading in the first round. We use + # `VL=FULL_BLOCK_LEN32` with the mask in the first round. + # Adjust input ptr. + sub a0, a0, t2 + # Adjust output ptr. + sub a1, a1, t2 + .word 211316823 + .word 1376297303 + # We don't use the pseudo instruction `vmsgeu` here. Use `vmsgtu` instead. + # The original code is: + # vmsgeu.vx v0, v2, t4 + addi t0, t4, -1 + .word 2049097815 + .word 220754007 + .word 1577073751 + # Load the input for length FULL_BLOCK_LEN32 with mask. + .word 86536279 + .word 355335 + + # Load the init `Xi` data to v20 with preceding zero padding. + # Adjust Xi ptr. + sub t0, a5, t2 + # Load for length `zero-padding-e32-length + 4`. + addi t1, t4, 4 + .word 19099735 + .word 190983 + j 2f + +1: + ## without padding + sub t5, t5, a6 + + .word 220754007 + .word 33909767 + + # Load the init Xi data to v20. + .word 3372380247 + .word 34073095 + + # Prepare the AES ctr input into v28. + # The ctr data uses big-endian form. + .word 86536279 + .word 1577455191 + .word 1237626455 +2: + + + # Load number of rounds + lwu t0, 240(a3) + li t1, 14 + li t2, 12 + li t3, 10 + + beq t0, t1, aes_gcm_dec_blocks_256 + beq t0, t2, aes_gcm_dec_blocks_192 + beq t0, t3, aes_gcm_dec_blocks_128 + +.Ldec_end: + li a0, 0 + ret +.size rv64i_zvkb_zvkg_zvkned_aes_gcm_decrypt,.-rv64i_zvkb_zvkg_zvkned_aes_gcm_decrypt +.p2align 3 +aes_gcm_dec_blocks_128: + srli t6, a6, 2 + slli t0, a6, 2 + + # Load all 11 aes round keys to v1-v11 registers. + .word 3439489111 + .word 34005127 + addi a3, a3, 16 + .word 34005255 + addi a3, a3, 16 + .word 34005383 + addi a3, a3, 16 + .word 34005511 + addi a3, a3, 16 + .word 34005639 + addi a3, a3, 16 + .word 34005767 + addi a3, a3, 16 + .word 34005895 + addi a3, a3, 16 + .word 34006023 + addi a3, a3, 16 + .word 34006151 + addi a3, a3, 16 + .word 34006279 + addi a3, a3, 16 + .word 34006407 + + # We already have the ciphertext/plaintext and ctr data for the first round. + .word 220754007 + .word 2786307703 + .word 2787192439 + .word 2788241015 + .word 2789289591 + .word 2790338167 + .word 2791386743 + .word 2792435319 + .word 2793483895 + .word 2794532471 + .word 2795581047 + .word 2796662391 + + + # Compute AES ctr result. + .word 801902167 + + bnez t4, 1f + + ## without padding + # Store ciphertext/plaintext + .word 33943079 + j 2f + + ## with padding +1: + # Store ciphertext/plaintext using mask + .word 388647 + + # Fill zero for the padding blocks + .word 154071127 + .word 1577074263 + + # We have used mask register for `INPUT_PADDING_MASK` before. We need to + # setup the ctr mask back. + # ctr mask : [000100010001....] + .word 201879639 + li t1, 0b10001000 + .word 1577271383 +2: + + + + add a0, a0, t0 + add a1, a1, t0 + + + .word 220754007 + +.Ldec_blocks_128: + # Compute the partial tags. + # The partial tags will multiply with [H^n, H^n, ..., H^n] + # [tag0, tag1, ...] = + # ([tag0, tag1, ...] + [ciphertext0, ciphertext1, ...] * [H^n, H^n, ..., H^n] + # We will skip the [H^n, H^n, ..., H^n] multiplication for the last round. + beqz t5, .Ldec_blocks_256_end + .word 3003918967 + + .word 86536279 + # Increase ctr in v12. + .word 13616727 + sub t5, t5, a6 + # Load plaintext into v24 + .word 220229719 + .word 33909767 + # Prepare the AES ctr input into v28. + # The ctr data uses big-endian form. + .word 1577455191 + add a0, a0, t0 + .word 86011991 + .word 1237626455 + + + .word 220754007 + .word 2786307703 + .word 2787192439 + .word 2788241015 + .word 2789289591 + .word 2790338167 + .word 2791386743 + .word 2792435319 + .word 2793483895 + .word 2794532471 + .word 2795581047 + .word 2796662391 + + + # Compute AES ctr plaintext result. + .word 801902167 + + # Store plaintext + .word 33943079 + add a1, a1, t0 + + j .Ldec_blocks_128 +.Ldec_blocks_128_end: + + # Add ciphertext into partial tag + .word 793512535 + + .word 3441586263 + # Update current ctr value to v12 + .word 13616727 + # Convert ctr to big-endian counter. + .word 1220847191 + .word 484903 + + + # The H is at `gcm128_context.Htable[0]` (addr(Xi)+16*2). + # Load H to v1 + addi t1, a5, 32 + .word 3439489111 + .word 33775751 + # Multiply H for each partial tag and XOR them together. + # Handle 1st partial tag + .word 1577713751 + .word 2719522935 + # Handle 2nd to N-th partial tags + li t1, 4 +1: + .word 3441586263 + .word 1061372503 + .word 3439489111 + .word 2987532407 + addi t1, t1, 4 + blt t1, a6, 1b + + + # Save the final tag + .word 34070567 + + # return the processed size. + slli a0, a7, 2 + ret +.size aes_gcm_dec_blocks_128,.-aes_gcm_dec_blocks_128 +.p2align 3 +aes_gcm_dec_blocks_192: + srli t6, a6, 2 + slli t0, a6, 2 + + # We run out of 32 vector registers, so we just preserve some round keys + # and load the remaining round keys inside the aes body. + # We keep the round keys for: + # 1, 2, 3, 5, 6, 7, 9, 10, 11 and 12th keys. + # The following keys will be loaded in the aes body: + # 4, 8 and 13th keys. + .word 3439489111 + # key 1 + .word 34005127 + # key 2 + addi t1, a3, 16 + .word 33775879 + # key 3 + addi t1, a3, 32 + .word 33776007 + # key 5 + addi t1, a3, 64 + .word 33776135 + # key 6 + addi t1, a3, 80 + .word 33776263 + # key 7 + addi t1, a3, 96 + .word 33776391 + # key 9 + addi t1, a3, 128 + .word 33776519 + # key 10 + addi t1, a3, 144 + .word 33776647 + # key 11 + addi t1, a3, 160 + .word 33776775 + # key 12 + addi t1, a3, 176 + .word 33776903 + + # We already have the ciphertext/plaintext and ctr data for the first round. + # Load key 4 + .word 3439489111 + addi t1, a3, 48 + .word 33777031 + .word 220754007 + .word 2786307703 + .word 2787192439 + .word 2788241015 + .word 2796629623 + # Load key 8 + .word 3439489111 + addi t1, a3, 112 + .word 33777031 + .word 220754007 + .word 2789289591 + .word 2790338167 + .word 2791386743 + .word 2796629623 + # Load key 13 + .word 3439489111 + addi t1, a3, 192 + .word 33777031 + .word 220754007 + .word 2792435319 + .word 2793483895 + .word 2794532471 + .word 2795581047 + .word 2796662391 + + + # Compute AES ctr result. + .word 801902167 + + bnez t4, 1f + + ## without padding + # Store ciphertext/plaintext + .word 33943079 + j 2f + + ## with padding +1: + # Store ciphertext/plaintext using mask + .word 388647 + + # Fill zero for the padding blocks + .word 154071127 + .word 1577074263 + + # We have used mask register for `INPUT_PADDING_MASK` before. We need to + # setup the ctr mask back. + # ctr mask : [000100010001....] + .word 201879639 + li t1, 0b10001000 + .word 1577271383 +2: + + + + add a0, a0, t0 + add a1, a1, t0 + + + .word 220754007 + +.Ldec_blocks_192: + # Compute the partial tags. + # The partial tags will multiply with [H^n, H^n, ..., H^n] + # [tag0, tag1, ...] = + # ([tag0, tag1, ...] + [ciphertext0, ciphertext1, ...] * [H^n, H^n, ..., H^n] + # We will skip the [H^n, H^n, ..., H^n] multiplication for the last round. + beqz t5, .Ldec_blocks_192_end + .word 3003918967 + + .word 86536279 + # Increase ctr in v12. + .word 13616727 + sub t5, t5, a6 + # Load plaintext into v24 + .word 220229719 + .word 33909767 + # Prepare the AES ctr input into v28. + # The ctr data uses big-endian form. + .word 1577455191 + add a0, a0, t0 + .word 86011991 + .word 1237626455 + + + # Load key 4 + .word 3439489111 + addi t1, a3, 48 + .word 33777031 + .word 220754007 + .word 2786307703 + .word 2787192439 + .word 2788241015 + .word 2796629623 + # Load key 8 + .word 3439489111 + addi t1, a3, 112 + .word 33777031 + .word 220754007 + .word 2789289591 + .word 2790338167 + .word 2791386743 + .word 2796629623 + # Load key 13 + .word 3439489111 + addi t1, a3, 192 + .word 33777031 + .word 220754007 + .word 2792435319 + .word 2793483895 + .word 2794532471 + .word 2795581047 + .word 2796662391 + + + # Compute AES ctr plaintext result. + .word 801902167 + + # Store plaintext + .word 33943079 + add a1, a1, t0 + + j .Ldec_blocks_192 +.Ldec_blocks_192_end: + + # Add ciphertext into partial tag + .word 793512535 + + .word 3441586263 + # Update current ctr value to v12 + .word 13616727 + # Convert ctr to big-endian counter. + .word 1220847191 + .word 484903 + + + # The H is at `gcm128_context.Htable[0]` (addr(Xi)+16*2). + # Load H to v1 + addi t1, a5, 32 + .word 3439489111 + .word 33775751 + # Multiply H for each partial tag and XOR them together. + # Handle 1st partial tag + .word 1577713751 + .word 2719522935 + # Handle 2nd to N-th partial tags + li t1, 4 +1: + .word 3441586263 + .word 1061372503 + .word 3439489111 + .word 2987532407 + addi t1, t1, 4 + blt t1, a6, 1b + + + # Save the final tag + .word 34070567 + + # return the processed size. + slli a0, a7, 2 + ret +.size aes_gcm_dec_blocks_192,.-aes_gcm_dec_blocks_192 +.p2align 3 +aes_gcm_dec_blocks_256: + srli t6, a6, 2 + slli t0, a6, 2 + + # We run out of 32 vector registers, so we just preserve some round keys + # and load the remaining round keys inside the aes body. + # We keep the round keys for: + # 1, 2, 4, 5, 7, 8, 10, 11, 13 and 14th keys. + # The following keys will be loaded in the aes body: + # 3, 6, 9, 12 and 15th keys. + .word 3439489111 + # key 1 + .word 34005127 + # key 2 + addi t1, a3, 16 + .word 33775879 + # key 4 + addi t1, a3, 48 + .word 33776007 + # key 5 + addi t1, a3, 64 + .word 33776135 + # key 7 + addi t1, a3, 96 + .word 33776263 + # key 8 + addi t1, a3, 112 + .word 33776391 + # key 10 + addi t1, a3, 144 + .word 33776519 + # key 11 + addi t1, a3, 160 + .word 33776647 + # key 13 + addi t1, a3, 192 + .word 33776775 + # key 14 + addi t1, a3, 208 + .word 33776903 + + # We already have the ciphertext/plaintext and ctr data for the first round. + # Load key 3 + .word 3439489111 + addi t1, a3, 32 + .word 33777031 + .word 220754007 + .word 2786307703 + .word 2787192439 + .word 2796629623 + # Load key 6 + .word 3439489111 + addi t1, a3, 80 + .word 33777031 + .word 220754007 + .word 2788241015 + .word 2789289591 + .word 2796629623 + # Load key 9 + .word 3439489111 + addi t1, a3, 128 + .word 33777031 + .word 220754007 + .word 2790338167 + .word 2791386743 + .word 2796629623 + # Load key 12 + .word 3439489111 + addi t1, a3, 176 + .word 33777031 + .word 220754007 + .word 2792435319 + .word 2793483895 + .word 2796629623 + # Load key 15 + .word 3439489111 + addi t1, a3, 224 + .word 33777031 + .word 220754007 + .word 2794532471 + .word 2795581047 + .word 2796662391 + + + # Compute AES ctr result. + .word 801902167 + + bnez t4, 1f + + ## without padding + # Store ciphertext/plaintext + .word 33943079 + j 2f + + ## with padding +1: + # Store ciphertext/plaintext using mask + .word 388647 + + # Fill zero for the padding blocks + .word 154071127 + .word 1577074263 + + # We have used mask register for `INPUT_PADDING_MASK` before. We need to + # setup the ctr mask back. + # ctr mask : [000100010001....] + .word 201879639 + li t1, 0b10001000 + .word 1577271383 +2: + + + + add a0, a0, t0 + add a1, a1, t0 + + + .word 220754007 + +.Ldec_blocks_256: + # Compute the partial tags. + # The partial tags will multiply with [H^n, H^n, ..., H^n] + # [tag0, tag1, ...] = + # ([tag0, tag1, ...] + [ciphertext0, ciphertext1, ...] * [H^n, H^n, ..., H^n] + # We will skip the [H^n, H^n, ..., H^n] multiplication for the last round. + beqz t5, .Ldec_blocks_256_end + .word 3003918967 + + .word 86536279 + # Increase ctr in v12. + .word 13616727 + sub t5, t5, a6 + # Load plaintext into v24 + .word 220229719 + .word 33909767 + # Prepare the AES ctr input into v28. + # The ctr data uses big-endian form. + .word 1577455191 + add a0, a0, t0 + .word 86011991 + .word 1237626455 + + + # Load key 3 + .word 3439489111 + addi t1, a3, 32 + .word 33777031 + .word 220754007 + .word 2786307703 + .word 2787192439 + .word 2796629623 + # Load key 6 + .word 3439489111 + addi t1, a3, 80 + .word 33777031 + .word 220754007 + .word 2788241015 + .word 2789289591 + .word 2796629623 + # Load key 9 + .word 3439489111 + addi t1, a3, 128 + .word 33777031 + .word 220754007 + .word 2790338167 + .word 2791386743 + .word 2796629623 + # Load key 12 + .word 3439489111 + addi t1, a3, 176 + .word 33777031 + .word 220754007 + .word 2792435319 + .word 2793483895 + .word 2796629623 + # Load key 15 + .word 3439489111 + addi t1, a3, 224 + .word 33777031 + .word 220754007 + .word 2794532471 + .word 2795581047 + .word 2796662391 + + + # Compute AES ctr plaintext result. + .word 801902167 + + # Store plaintext + .word 33943079 + add a1, a1, t0 + + j .Ldec_blocks_256 +.Ldec_blocks_256_end: + + # Add ciphertext into partial tag + .word 793512535 + + .word 3441586263 + # Update current ctr value to v12 + .word 13616727 + # Convert ctr to big-endian counter. + .word 1220847191 + .word 484903 + + + # The H is at `gcm128_context.Htable[0]` (addr(Xi)+16*2). + # Load H to v1 + addi t1, a5, 32 + .word 3439489111 + .word 33775751 + # Multiply H for each partial tag and XOR them together. + # Handle 1st partial tag + .word 1577713751 + .word 2719522935 + # Handle 2nd to N-th partial tags + li t1, 4 +1: + .word 3441586263 + .word 1061372503 + .word 3439489111 + .word 2987532407 + addi t1, t1, 4 + blt t1, a6, 1b + + + # Save the final tag + .word 34070567 + + # return the processed size. + slli a0, a7, 2 + ret +.size aes_gcm_dec_blocks_256,.-aes_gcm_dec_blocks_256 diff --git a/contrib/openssl-cmake/asm/crypto/modes/aesni-gcm-x86_64.s b/contrib/openssl-cmake/asm/crypto/modes/aesni-gcm-x86_64.s index bf508aff6ff6..694432a92990 100644 --- a/contrib/openssl-cmake/asm/crypto/modes/aesni-gcm-x86_64.s +++ b/contrib/openssl-cmake/asm/crypto/modes/aesni-gcm-x86_64.s @@ -774,6 +774,7 @@ aesni_gcm_encrypt: .byte 0xf3,0xc3 .cfi_endproc .size aesni_gcm_encrypt,.-aesni_gcm_encrypt +.section .rodata .align 64 .Lbswap_mask: .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 @@ -786,4 +787,5 @@ aesni_gcm_encrypt: .Lone_lsb: .byte 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 .byte 65,69,83,45,78,73,32,71,67,77,32,109,111,100,117,108,101,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.previous .align 64 diff --git a/contrib/openssl-cmake/asm/crypto/modes/asm/aes-gcm-armv8_64.S b/contrib/openssl-cmake/asm/crypto/modes/asm/aes-gcm-armv8_64.S index fc4d5161d339..def2071cf378 100644 --- a/contrib/openssl-cmake/asm/crypto/modes/asm/aes-gcm-armv8_64.S +++ b/contrib/openssl-cmake/asm/crypto/modes/asm/aes-gcm-armv8_64.S @@ -6389,6 +6389,7 @@ aes_gcm_dec_256_kernel: mov w0, #0x0 ret .size aes_gcm_dec_256_kernel,.-aes_gcm_dec_256_kernel +.section .rodata .byte 71,72,65,83,72,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 2 .align 2 diff --git a/contrib/openssl-cmake/asm/crypto/modes/ghash-riscv64-zvkb-zvbc.S b/contrib/openssl-cmake/asm/crypto/modes/ghash-riscv64-zvkb-zvbc.S new file mode 100644 index 000000000000..ca549d473a4e --- /dev/null +++ b/contrib/openssl-cmake/asm/crypto/modes/ghash-riscv64-zvkb-zvbc.S @@ -0,0 +1,268 @@ +.text +.p2align 3 +.globl gcm_init_rv64i_zvkb_zvbc +.type gcm_init_rv64i_zvkb_zvbc,@function +gcm_init_rv64i_zvkb_zvbc: + # Load/store data in reverse order. + # This is needed as a part of endianness swap. + add a1, a1, 8 + li t0, -8 + li t1, 63 + la t2, Lpolymod + + .word 0xc1817057 # vsetivli x0, 2, e64, m1, tu, mu + + .word 173404295 # vlse64.v v1, (a1), t0 + .word 33812743 # vle64.v v2, (t2) + + # Shift one left and get the carry bits. + .word 2719171031 # vsrl.vx v3, v1, t1 + .word 2517676247 # vsll.vi v1, v1, 1 + + # Use the fact that the polynomial degree is no more than 128, + # i.e. only the LSB of the upper half could be set. + # Thanks to this we don't need to do the full reduction here. + # Instead simply subtract the reduction polynomial. + # This idea was taken from x86 ghash implementation in OpenSSL. + .word 976269911 # vslideup.vi v4, v3, 1 + .word 1043378647 # vslidedown.vi v3, v3, 1 + + .word 1577136215 # vmv.v.i v0, 2 + .word 672268503 # vor.vv v1, v1, v4, v0.t + + # Need to set the mask to 3, if the carry bit is set. + .word 1577156695 # vmv.v.v v0, v3 + .word 1577071063 # vmv.v.i v3, 0 + .word 1546760663 # vmerge.vim v3, v3, 3, v0 + .word 1577156695 # vmv.v.v v0, v3 + + .word 739311831 # vxor.vv v1, v1, v2, v0.t + + .word 33910951 # vse64.v v1, (a0) + ret +.size gcm_init_rv64i_zvkb_zvbc,.-gcm_init_rv64i_zvkb_zvbc +.text +.p2align 3 +.globl gcm_gmult_rv64i_zvkb_zvbc +.type gcm_gmult_rv64i_zvkb_zvbc,@function +gcm_gmult_rv64i_zvkb_zvbc: + ld t0, (a1) + ld t1, 8(a1) + li t2, 63 + la t3, Lpolymod + ld t3, 8(t3) + + # Load/store data in reverse order. + # This is needed as a part of endianness swap. + add a0, a0, 8 + li t4, -8 + + .word 0xc1817057 # vsetivli x0, 2, e64, m1, tu, mu + + .word 198537863 # vlse64.v v5, (a0), t4 + .word 1247060695 # vrev8.v v5, v5 + + # Multiplication + + # Do two 64x64 multiplications in one go to save some time + # and simplify things. + + # A = a1a0 (t1, t0) + # B = b1b0 (v5) + # C = c1c0 (256 bit) + # c1 = a1b1 + (a0b1)h + (a1b0)h + # c0 = a0b0 + (a0b1)l + (a1b0)h + + # v1 = (a0b1)l,(a0b0)l + .word 844292311 # vclmul.vx v1, v5, t0 + # v3 = (a0b1)h,(a0b0)h + .word 911401431 # vclmulh.vx v3, v5, t0 + + # v4 = (a1b1)l,(a1b0)l + .word 844325463 # vclmul.vx v4, v5, t1 + # v2 = (a1b1)h,(a1b0)h + .word 911434071 # vclmulh.vx v2, v5, t1 + + # Is there a better way to do this? + # Would need to swap the order of elements within a vector register. + .word 976270039 # vslideup.vi v5, v3, 1 + .word 977318743 # vslideup.vi v6, v4, 1 + .word 1043378647 # vslidedown.vi v3, v3, 1 + .word 1044427351 # vslidedown.vi v4, v4, 1 + + .word 1577103447 # vmv.v.i v0, 1 + # v2 += (a0b1)h + .word 740393303 # vxor.vv v2, v2, v3, v0.t + # v2 += (a1b1)l + .word 740426071 # vxor.vv v2, v2, v4, v0.t + + .word 1577136215 # vmv.v.i v0, 2 + # v1 += (a0b0)h,0 + .word 739410135 # vxor.vv v1, v1, v5, v0.t + # v1 += (a1b0)l,0 + .word 739442903 # vxor.vv v1, v1, v6, v0.t + + # Now the 256bit product should be stored in (v2,v1) + # v1 = (a0b1)l + (a0b0)h + (a1b0)l, (a0b0)l + # v2 = (a1b1)h, (a1b0)h + (a0b1)h + (a1b1)l + + # Reduction + # Let C := A*B = c3,c2,c1,c0 = v2[1],v2[0],v1[1],v1[0] + # This is a slight variation of the Gueron's Montgomery reduction. + # The difference being the order of some operations has been changed, + # to make a better use of vclmul(h) instructions. + + # First step: + # c1 += (c0 * P)l + # vmv.v.i v0, 2 + .word 940618199 # vslideup.vi v3, v1, 1, v0.t + .word 809394647 # vclmul.vx v3, v3, t3, v0.t + .word 739344599 # vxor.vv v1, v1, v3, v0.t + + # Second step: + # D = d1,d0 is final result + # We want: + # m1 = c1 + (c1 * P)h + # m0 = (c1 * P)l + (c0 * P)h + c0 + # d1 = c3 + m1 + # d0 = c2 + m0 + + #v3 = (c1 * P)l, 0 + .word 807297495 # vclmul.vx v3, v1, t3, v0.t + #v4 = (c1 * P)h, (c0 * P)h + .word 907960919 # vclmulh.vx v4, v1, t3 + + .word 1577103447 # vmv.v.i v0, 1 + .word 1043378647 # vslidedown.vi v3, v3, 1 + + .word 772931799 # vxor.vv v1, v1, v4 + .word 739344599 # vxor.vv v1, v1, v3, v0.t + + # XOR in the upper upper part of the product + .word 773882199 # vxor.vv v2, v2, v1 + + .word 1243914583 # vrev8.v v2, v2 + .word 198537511 # vsse64.v v2, (a0), t4 + ret +.size gcm_gmult_rv64i_zvkb_zvbc,.-gcm_gmult_rv64i_zvkb_zvbc +.p2align 3 +.globl gcm_ghash_rv64i_zvkb_zvbc +.type gcm_ghash_rv64i_zvkb_zvbc,@function +gcm_ghash_rv64i_zvkb_zvbc: + ld t0, (a1) + ld t1, 8(a1) + li t2, 63 + la t3, Lpolymod + ld t3, 8(t3) + + # Load/store data in reverse order. + # This is needed as a part of endianness swap. + add a0, a0, 8 + add a2, a2, 8 + li t4, -8 + + .word 0xc1817057 # vsetivli x0, 2, e64, m1, tu, mu + + .word 198537863 # vlse64.v v5, (a0), t4 + +Lstep: + # Read input data + .word 198603655 # vle64.v v0, (a2) + add a2, a2, 16 + add a3, a3, -16 + # XOR them into Xi + .word 777224919 # vxor.vv v0, v0, v1 + + .word 1247060695 # vrev8.v v5, v5 + + # Multiplication + + # Do two 64x64 multiplications in one go to save some time + # and simplify things. + + # A = a1a0 (t1, t0) + # B = b1b0 (v5) + # C = c1c0 (256 bit) + # c1 = a1b1 + (a0b1)h + (a1b0)h + # c0 = a0b0 + (a0b1)l + (a1b0)h + + # v1 = (a0b1)l,(a0b0)l + .word 844292311 # vclmul.vx v1, v5, t0 + # v3 = (a0b1)h,(a0b0)h + .word 911401431 # vclmulh.vx v3, v5, t0 + + # v4 = (a1b1)l,(a1b0)l + .word 844325463 # vclmul.vx v4, v5, t1 + # v2 = (a1b1)h,(a1b0)h + .word 911434071 # vclmulh.vx v2, v5, t1 + + # Is there a better way to do this? + # Would need to swap the order of elements within a vector register. + .word 976270039 # vslideup.vi v5, v3, 1 + .word 977318743 # vslideup.vi v6, v4, 1 + .word 1043378647 # vslidedown.vi v3, v3, 1 + .word 1044427351 # vslidedown.vi v4, v4, 1 + + .word 1577103447 # vmv.v.i v0, 1 + # v2 += (a0b1)h + .word 740393303 # vxor.vv v2, v2, v3, v0.t + # v2 += (a1b1)l + .word 740426071 # vxor.vv v2, v2, v4, v0.t + + .word 1577136215 # vmv.v.i v0, 2 + # v1 += (a0b0)h,0 + .word 739410135 # vxor.vv v1, v1, v5, v0.t + # v1 += (a1b0)l,0 + .word 739442903 # vxor.vv v1, v1, v6, v0.t + + # Now the 256bit product should be stored in (v2,v1) + # v1 = (a0b1)l + (a0b0)h + (a1b0)l, (a0b0)l + # v2 = (a1b1)h, (a1b0)h + (a0b1)h + (a1b1)l + + # Reduction + # Let C := A*B = c3,c2,c1,c0 = v2[1],v2[0],v1[1],v1[0] + # This is a slight variation of the Gueron's Montgomery reduction. + # The difference being the order of some operations has been changed, + # to make a better use of vclmul(h) instructions. + + # First step: + # c1 += (c0 * P)l + # vmv.v.i v0, 2 + .word 940618199 # vslideup.vi v3, v1, 1, v0.t + .word 809394647 # vclmul.vx v3, v3, t3, v0.t + .word 739344599 # vxor.vv v1, v1, v3, v0.t + + # Second step: + # D = d1,d0 is final result + # We want: + # m1 = c1 + (c1 * P)h + # m0 = (c1 * P)l + (c0 * P)h + c0 + # d1 = c3 + m1 + # d0 = c2 + m0 + + #v3 = (c1 * P)l, 0 + .word 807297495 # vclmul.vx v3, v1, t3, v0.t + #v4 = (c1 * P)h, (c0 * P)h + .word 907960919 # vclmulh.vx v4, v1, t3 + + .word 1577103447 # vmv.v.i v0, 1 + .word 1043378647 # vslidedown.vi v3, v3, 1 + + .word 772931799 # vxor.vv v1, v1, v4 + .word 739344599 # vxor.vv v1, v1, v3, v0.t + + # XOR in the upper upper part of the product + .word 773882199 # vxor.vv v2, v2, v1 + + .word 1243914967 # vrev8.v v2, v2 + + bnez a3, Lstep + + .word 198537895 # vsse64.v v2, (a0), t4 + ret +.size gcm_ghash_rv64i_zvkb_zvbc,.-gcm_ghash_rv64i_zvkb_zvbc +.p2align 4 +Lpolymod: + .dword 0x0000000000000001 + .dword 0xc200000000000000 +.size Lpolymod,.-Lpolymod diff --git a/contrib/openssl-cmake/asm/crypto/modes/ghash-riscv64-zvkg.S b/contrib/openssl-cmake/asm/crypto/modes/ghash-riscv64-zvkg.S new file mode 100644 index 000000000000..759c7c9c9e4d --- /dev/null +++ b/contrib/openssl-cmake/asm/crypto/modes/ghash-riscv64-zvkg.S @@ -0,0 +1,81 @@ +.text +.p2align 3 +.globl gcm_init_rv64i_zvkg +.type gcm_init_rv64i_zvkg,@function +gcm_init_rv64i_zvkg: + ld a2, 0(a1) + ld a3, 8(a1) + sb a2, 7(a0) + srli t0, a2, 8 + sb t0, 6(a0) + srli t0, a2, 16 + sb t0, 5(a0) + srli t0, a2, 24 + sb t0, 4(a0) + srli t0, a2, 32 + sb t0, 3(a0) + srli t0, a2, 40 + sb t0, 2(a0) + srli t0, a2, 48 + sb t0, 1(a0) + srli t0, a2, 56 + sb t0, 0(a0) + + sb a3, 15(a0) + srli t0, a3, 8 + sb t0, 14(a0) + srli t0, a3, 16 + sb t0, 13(a0) + srli t0, a3, 24 + sb t0, 12(a0) + srli t0, a3, 32 + sb t0, 11(a0) + srli t0, a3, 40 + sb t0, 10(a0) + srli t0, a3, 48 + sb t0, 9(a0) + srli t0, a3, 56 + sb t0, 8(a0) + + ret +.size gcm_init_rv64i_zvkg,.-gcm_init_rv64i_zvkg +.p2align 3 +.globl gcm_init_rv64i_zvkg_zvkb +.type gcm_init_rv64i_zvkg_zvkb,@function +gcm_init_rv64i_zvkg_zvkb: + .word 0xc1817057 # vsetivli x0, 2, e64, m1, ta, ma + .word 33943559 # vle64.v v0, (a1) + .word 1241817175 # vrev8.v v0, v0 + .word 33910823 # vse64.v v0, (a0) + ret +.size gcm_init_rv64i_zvkg_zvkb,.-gcm_init_rv64i_zvkg_zvkb +.p2align 3 +.globl gcm_gmult_rv64i_zvkg +.type gcm_gmult_rv64i_zvkg,@function +gcm_gmult_rv64i_zvkg: + .word 0xc1027057 + .word 33939719 + .word 33906823 + .word 2720571639 + .word 33906855 + ret +.size gcm_gmult_rv64i_zvkg,.-gcm_gmult_rv64i_zvkg +.p2align 3 +.globl gcm_ghash_rv64i_zvkg +.type gcm_ghash_rv64i_zvkg,@function +gcm_ghash_rv64i_zvkg: + .word 0xc1027057 + .word 33939719 + .word 33906823 + +Lstep: + .word 33972615 + add a2, a2, 16 + add a3, a3, -16 + .word 2988548343 + bnez a3, Lstep + + .word 33906855 + ret + +.size gcm_ghash_rv64i_zvkg,.-gcm_ghash_rv64i_zvkg diff --git a/contrib/openssl-cmake/asm/crypto/modes/ghash-x86_64.s b/contrib/openssl-cmake/asm/crypto/modes/ghash-x86_64.s index 2c30056b7403..63aaa4789cdb 100644 --- a/contrib/openssl-cmake/asm/crypto/modes/ghash-x86_64.s +++ b/contrib/openssl-cmake/asm/crypto/modes/ghash-x86_64.s @@ -708,6 +708,7 @@ gcm_ghash_4bit: .align 16 gcm_init_clmul: .cfi_startproc +.byte 243,15,30,250 .L_init_clmul: movdqu (%rsi),%xmm2 pshufd $78,%xmm2,%xmm2 @@ -1306,6 +1307,7 @@ gcm_ghash_clmul: .align 32 gcm_init_avx: .cfi_startproc +.byte 243,15,30,250 vzeroupper vmovdqu (%rsi),%xmm2 @@ -1798,6 +1800,7 @@ gcm_ghash_avx: .byte 0xf3,0xc3 .cfi_endproc .size gcm_ghash_avx,.-gcm_ghash_avx +.section .rodata .align 64 .Lbswap_mask: .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 @@ -1851,3 +1854,4 @@ gcm_ghash_avx: .byte 71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 64 +.previous diff --git a/contrib/openssl-cmake/asm/crypto/modes/ghashv8-armx.S b/contrib/openssl-cmake/asm/crypto/modes/ghashv8-armx.S index 0c7a5cc608ec..2224d2e7f7d8 100644 --- a/contrib/openssl-cmake/asm/crypto/modes/ghashv8-armx.S +++ b/contrib/openssl-cmake/asm/crypto/modes/ghashv8-armx.S @@ -637,6 +637,7 @@ gcm_ghash_v8_4x: ret .size gcm_ghash_v8_4x,.-gcm_ghash_v8_4x +.section .rodata .byte 71,72,65,83,72,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 2 .align 2 diff --git a/contrib/openssl-cmake/asm/crypto/poly1305/poly1305-armv8.S b/contrib/openssl-cmake/asm/crypto/poly1305/poly1305-armv8.S index eec87276c44d..edf9679a11d4 100644 --- a/contrib/openssl-cmake/asm/crypto/poly1305/poly1305-armv8.S +++ b/contrib/openssl-cmake/asm/crypto/poly1305/poly1305-armv8.S @@ -40,10 +40,14 @@ poly1305_init: tst w17,#ARMV7_NEON - adr x12,.Lpoly1305_blocks - adr x7,.Lpoly1305_blocks_neon - adr x13,.Lpoly1305_emit - adr x8,.Lpoly1305_emit_neon + adrp x12,poly1305_blocks + add x12,x12,#:lo12:.Lpoly1305_blocks + adrp x7,poly1305_blocks_neon + add x7,x7,#:lo12:.Lpoly1305_blocks_neon + adrp x13,poly1305_emit + add x13,x13,#:lo12:.Lpoly1305_emit + adrp x8,poly1305_emit_neon + add x8,x8,#:lo12:.Lpoly1305_emit_neon csel x12,x12,x7,eq csel x13,x13,x8,eq @@ -373,7 +377,8 @@ poly1305_blocks_neon: ldr x30,[sp,#8] add x16,x1,#32 - adr x17,.Lzeros + adrp x17,.Lzeros + add x17,x17,#:lo12:.Lzeros subs x2,x2,#64 csel x16,x17,x16,lo @@ -385,7 +390,8 @@ poly1305_blocks_neon: .align 4 .Leven_neon: add x16,x1,#32 - adr x17,.Lzeros + adrp x17,.Lzeros + add x17,x17,#:lo12:.Lzeros subs x2,x2,#64 csel x16,x17,x16,lo @@ -868,6 +874,8 @@ poly1305_emit_neon: ret .size poly1305_emit_neon,.-poly1305_emit_neon +.section .rodata + .align 5 .Lzeros: .long 0,0,0,0,0,0,0,0 diff --git a/contrib/openssl-cmake/asm/crypto/poly1305/poly1305-x86_64.s b/contrib/openssl-cmake/asm/crypto/poly1305/poly1305-x86_64.s index 0f00a33d66b9..603a92cf2c9f 100644 --- a/contrib/openssl-cmake/asm/crypto/poly1305/poly1305-x86_64.s +++ b/contrib/openssl-cmake/asm/crypto/poly1305/poly1305-x86_64.s @@ -55,6 +55,7 @@ poly1305_init: .align 32 poly1305_blocks: .cfi_startproc +.byte 243,15,30,250 .Lblocks: shrq $4,%rdx jz .Lno_data @@ -170,6 +171,7 @@ poly1305_blocks: .align 32 poly1305_emit: .cfi_startproc +.byte 243,15,30,250 .Lemit: movq 0(%rdi),%r8 movq 8(%rdi),%r9 @@ -406,6 +408,7 @@ __poly1305_init_avx: .align 32 poly1305_blocks_avx: .cfi_startproc +.byte 243,15,30,250 movl 20(%rdi),%r8d cmpq $128,%rdx jae .Lblocks_avx @@ -1241,6 +1244,7 @@ poly1305_blocks_avx: .align 32 poly1305_emit_avx: .cfi_startproc +.byte 243,15,30,250 cmpl $0,20(%rdi) je .Lemit @@ -1297,6 +1301,7 @@ poly1305_emit_avx: .align 32 poly1305_blocks_avx2: .cfi_startproc +.byte 243,15,30,250 movl 20(%rdi),%r8d cmpq $128,%rdx jae .Lblocks_avx2 @@ -1947,6 +1952,7 @@ poly1305_blocks_avx2: .align 32 poly1305_blocks_avx512: .cfi_startproc +.byte 243,15,30,250 .Lblocks_avx512: movl $15,%eax kmovw %eax,%k2 @@ -3450,6 +3456,7 @@ poly1305_emit_base2_44: .byte 0xf3,0xc3 .cfi_endproc .size poly1305_emit_base2_44,.-poly1305_emit_base2_44 +.section .rodata .align 64 .Lconst: .Lmask24: @@ -3481,6 +3488,7 @@ poly1305_emit_base2_44: .Lx_mask42: .quad 0x3ffffffffff,0x3ffffffffff,0x3ffffffffff,0x3ffffffffff .quad 0x3ffffffffff,0x3ffffffffff,0x3ffffffffff,0x3ffffffffff +.previous .byte 80,111,108,121,49,51,48,53,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 16 .globl xor128_encrypt_n_pad diff --git a/contrib/openssl-cmake/asm/crypto/riscv64cpuid.S b/contrib/openssl-cmake/asm/crypto/riscv64cpuid.S index 15e128e99284..cef02fbcf6d7 100644 --- a/contrib/openssl-cmake/asm/crypto/riscv64cpuid.S +++ b/contrib/openssl-cmake/asm/crypto/riscv64cpuid.S @@ -57,3 +57,15 @@ OPENSSL_cleanse: bge a1,t1,4b # if len>=8 loop bnez a1,1b # if len<8 and len != 0, store remaining bytes ret +################################################################################ +# size_t riscv_vlen_asm(void) +# Return VLEN (i.e. the length of a vector register in bits). +.p2align 3 +.globl riscv_vlen_asm +.type riscv_vlen_asm,@function +riscv_vlen_asm: + # 0xc22 is CSR vlenb + csrr a0, 0xc22 + slli a0, a0, 3 + ret +.size riscv_vlen_asm,.-riscv_vlen_asm diff --git a/contrib/openssl-cmake/asm/crypto/s390xcpuid.S b/contrib/openssl-cmake/asm/crypto/s390xcpuid.S index 56d9fe75f3c9..52aa556b051c 100644 --- a/contrib/openssl-cmake/asm/crypto/s390xcpuid.S +++ b/contrib/openssl-cmake/asm/crypto/s390xcpuid.S @@ -272,7 +272,7 @@ s390x_kimd: llgfr %r0,%r4 lgr %r1,%r5 - .long 0xb93e0002 # kimd %r0,%r2 + .long 0xb93e8002 # kimd %r0,%r2[,M3] brc 1,.-4 # pay attention to "partial completion" br %r14 @@ -284,7 +284,7 @@ s390x_klmd: llgfr %r0,%r6 lg %r1,160(%r15) - .long 0xb93f0042 # klmd %r4,%r2 + .long 0xb93f8042 # klmd %r4,%r2[,M3] brc 1,.-4 # pay attention to "partial completion" br %r14 diff --git a/contrib/openssl-cmake/asm/crypto/sha/keccak1600-armv8.S b/contrib/openssl-cmake/asm/crypto/sha/keccak1600-armv8.S index 53d9769734e1..8b6b5d0b799f 100644 --- a/contrib/openssl-cmake/asm/crypto/sha/keccak1600-armv8.S +++ b/contrib/openssl-cmake/asm/crypto/sha/keccak1600-armv8.S @@ -1,6 +1,6 @@ #include "arm_arch.h" -.text +.section .rodata .align 8 // strategic alignment and padding that allows to use // address value as loop termination condition... @@ -32,11 +32,14 @@ iotas: .quad 0x0000000080000001 .quad 0x8000000080008008 .size iotas,.-iotas +.text + .type KeccakF1600_int,%function .align 5 KeccakF1600_int: AARCH64_SIGN_LINK_REGISTER - adr x28,iotas + adrp x28,iotas + add x28,x28,#:lo12:iotas stp x28,x30,[sp,#16] // 32 bytes on top are mine b .Loop .align 4 @@ -516,6 +519,8 @@ SHA3_squeeze: mov x20,x1 mov x21,x2 mov x22,x3 + cmp w4, #0 // w4 = 'next' argument + bne .Lnext_block .Loop_squeeze: ldr x4,[x0],#8 @@ -530,7 +535,7 @@ SHA3_squeeze: subs x3,x3,#8 bhi .Loop_squeeze - +.Lnext_block: mov x0,x19 bl KeccakF1600 mov x0,x19 @@ -576,7 +581,8 @@ SHA3_squeeze: .align 5 KeccakF1600_ce: mov x9,#24 - adr x10,iotas + adrp x10,iotas + add x10,x10,#:lo12:iotas b .Loop_ce .align 4 .Loop_ce: diff --git a/contrib/openssl-cmake/asm/crypto/sha/keccak1600-avx2.s b/contrib/openssl-cmake/asm/crypto/sha/keccak1600-avx2.s new file mode 100644 index 000000000000..4e4be2b94734 --- /dev/null +++ b/contrib/openssl-cmake/asm/crypto/sha/keccak1600-avx2.s @@ -0,0 +1,600 @@ +.text + +.type __KeccakF1600,@function +.align 32 +__KeccakF1600: + lea rhotates_left+96(%rip),%r8 + lea rhotates_right+96(%rip),%r9 + lea iotas(%rip),%r10 + mov $24,%eax + jmp .Loop_avx2 + +.align 32 +.Loop_avx2: + ######################################### Theta + vpshufd $0b01001110,%ymm2,%ymm13 + vpxor %ymm3,%ymm5,%ymm12 + vpxor %ymm6,%ymm4,%ymm9 + vpxor %ymm1,%ymm12,%ymm12 + vpxor %ymm9,%ymm12,%ymm12 # C[1..4] + + vpermq $0b10010011,%ymm12,%ymm11 + vpxor %ymm2,%ymm13,%ymm13 + vpermq $0b01001110,%ymm13,%ymm7 + + vpsrlq $63,%ymm12,%ymm8 + vpaddq %ymm12,%ymm12,%ymm9 + vpor %ymm9,%ymm8,%ymm8 # ROL64(C[1..4],1) + + vpermq $0b00111001,%ymm8,%ymm15 + vpxor %ymm11,%ymm8,%ymm14 + vpermq $0b00000000,%ymm14,%ymm14 # D[0..0] = ROL64(C[1],1) ^ C[4] + + vpxor %ymm0,%ymm13,%ymm13 + vpxor %ymm7,%ymm13,%ymm13 # C[0..0] + + vpsrlq $63,%ymm13,%ymm7 + vpaddq %ymm13,%ymm13,%ymm8 + vpor %ymm7,%ymm8,%ymm8 # ROL64(C[0..0],1) + + vpxor %ymm14,%ymm2,%ymm2 # ^= D[0..0] + vpxor %ymm14,%ymm0,%ymm0 # ^= D[0..0] + + vpblendd $0b11000000,%ymm8,%ymm15,%ymm15 + vpblendd $0b00000011,%ymm13,%ymm11,%ymm11 + vpxor %ymm11,%ymm15,%ymm15 # D[1..4] = ROL64(C[2..4,0),1) ^ C[0..3] + + ######################################### Rho + Pi + pre-Chi shuffle + vpsllvq 0*32-96(%r8),%ymm2,%ymm10 + vpsrlvq 0*32-96(%r9),%ymm2,%ymm2 + vpor %ymm10,%ymm2,%ymm2 + + vpxor %ymm15,%ymm3,%ymm3 # ^= D[1..4] from Theta + vpsllvq 2*32-96(%r8),%ymm3,%ymm11 + vpsrlvq 2*32-96(%r9),%ymm3,%ymm3 + vpor %ymm11,%ymm3,%ymm3 + + vpxor %ymm15,%ymm4,%ymm4 # ^= D[1..4] from Theta + vpsllvq 3*32-96(%r8),%ymm4,%ymm12 + vpsrlvq 3*32-96(%r9),%ymm4,%ymm4 + vpor %ymm12,%ymm4,%ymm4 + + vpxor %ymm15,%ymm5,%ymm5 # ^= D[1..4] from Theta + vpsllvq 4*32-96(%r8),%ymm5,%ymm13 + vpsrlvq 4*32-96(%r9),%ymm5,%ymm5 + vpor %ymm13,%ymm5,%ymm5 + + vpxor %ymm15,%ymm6,%ymm6 # ^= D[1..4] from Theta + vpermq $0b10001101,%ymm2,%ymm10 # %ymm2 -> future %ymm3 + vpermq $0b10001101,%ymm3,%ymm11 # %ymm3 -> future %ymm4 + vpsllvq 5*32-96(%r8),%ymm6,%ymm14 + vpsrlvq 5*32-96(%r9),%ymm6,%ymm8 + vpor %ymm14,%ymm8,%ymm8 # %ymm6 -> future %ymm1 + + vpxor %ymm15,%ymm1,%ymm1 # ^= D[1..4] from Theta + vpermq $0b00011011,%ymm4,%ymm12 # %ymm4 -> future %ymm5 + vpermq $0b01110010,%ymm5,%ymm13 # %ymm5 -> future %ymm6 + vpsllvq 1*32-96(%r8),%ymm1,%ymm15 + vpsrlvq 1*32-96(%r9),%ymm1,%ymm9 + vpor %ymm15,%ymm9,%ymm9 # %ymm1 -> future %ymm2 + + ######################################### Chi + vpsrldq $8,%ymm8,%ymm14 + vpandn %ymm14,%ymm8,%ymm7 # tgting [0][0] [0][0] [0][0] [0][0] + + vpblendd $0b00001100,%ymm13,%ymm9,%ymm3 # [4][4] [2][0] + vpblendd $0b00001100,%ymm9,%ymm11,%ymm15 # [4][0] [2][1] + vpblendd $0b00001100,%ymm11,%ymm10,%ymm5 # [4][2] [2][4] + vpblendd $0b00001100,%ymm10,%ymm9,%ymm14 # [4][3] [2][0] + vpblendd $0b00110000,%ymm11,%ymm3,%ymm3 # [1][3] [4][4] [2][0] + vpblendd $0b00110000,%ymm12,%ymm15,%ymm15 # [1][4] [4][0] [2][1] + vpblendd $0b00110000,%ymm9,%ymm5,%ymm5 # [1][0] [4][2] [2][4] + vpblendd $0b00110000,%ymm13,%ymm14,%ymm14 # [1][1] [4][3] [2][0] + vpblendd $0b11000000,%ymm12,%ymm3,%ymm3 # [3][2] [1][3] [4][4] [2][0] + vpblendd $0b11000000,%ymm13,%ymm15,%ymm15 # [3][3] [1][4] [4][0] [2][1] + vpblendd $0b11000000,%ymm13,%ymm5,%ymm5 # [3][3] [1][0] [4][2] [2][4] + vpblendd $0b11000000,%ymm11,%ymm14,%ymm14 # [3][4] [1][1] [4][3] [2][0] + vpandn %ymm15,%ymm3,%ymm3 # tgting [3][1] [1][2] [4][3] [2][4] + vpandn %ymm14,%ymm5,%ymm5 # tgting [3][2] [1][4] [4][1] [2][3] + + vpblendd $0b00001100,%ymm9,%ymm12,%ymm6 # [4][0] [2][3] + vpblendd $0b00001100,%ymm12,%ymm10,%ymm15 # [4][1] [2][4] + vpxor %ymm10,%ymm3,%ymm3 + vpblendd $0b00110000,%ymm10,%ymm6,%ymm6 # [1][2] [4][0] [2][3] + vpblendd $0b00110000,%ymm11,%ymm15,%ymm15 # [1][3] [4][1] [2][4] + vpxor %ymm12,%ymm5,%ymm5 + vpblendd $0b11000000,%ymm11,%ymm6,%ymm6 # [3][4] [1][2] [4][0] [2][3] + vpblendd $0b11000000,%ymm9,%ymm15,%ymm15 # [3][0] [1][3] [4][1] [2][4] + vpandn %ymm15,%ymm6,%ymm6 # tgting [3][3] [1][1] [4][4] [2][2] + vpxor %ymm13,%ymm6,%ymm6 + + vpermq $0b00011110,%ymm8,%ymm4 # [0][1] [0][2] [0][4] [0][3] + vpblendd $0b00110000,%ymm0,%ymm4,%ymm15 # [0][1] [0][0] [0][4] [0][3] + vpermq $0b00111001,%ymm8,%ymm1 # [0][1] [0][4] [0][3] [0][2] + vpblendd $0b11000000,%ymm0,%ymm1,%ymm1 # [0][0] [0][4] [0][3] [0][2] + vpandn %ymm15,%ymm1,%ymm1 # tgting [0][4] [0][3] [0][2] [0][1] + + vpblendd $0b00001100,%ymm12,%ymm11,%ymm2 # [4][1] [2][1] + vpblendd $0b00001100,%ymm11,%ymm13,%ymm14 # [4][2] [2][2] + vpblendd $0b00110000,%ymm13,%ymm2,%ymm2 # [1][1] [4][1] [2][1] + vpblendd $0b00110000,%ymm10,%ymm14,%ymm14 # [1][2] [4][2] [2][2] + vpblendd $0b11000000,%ymm10,%ymm2,%ymm2 # [3][1] [1][1] [4][1] [2][1] + vpblendd $0b11000000,%ymm12,%ymm14,%ymm14 # [3][2] [1][2] [4][2] [2][2] + vpandn %ymm14,%ymm2,%ymm2 # tgting [3][0] [1][0] [4][0] [2][0] + vpxor %ymm9,%ymm2,%ymm2 + + vpermq $0b00000000,%ymm7,%ymm7 # [0][0] [0][0] [0][0] [0][0] + vpermq $0b00011011,%ymm3,%ymm3 # post-Chi shuffle + vpermq $0b10001101,%ymm5,%ymm5 + vpermq $0b01110010,%ymm6,%ymm6 + + vpblendd $0b00001100,%ymm10,%ymm13,%ymm4 # [4][3] [2][2] + vpblendd $0b00001100,%ymm13,%ymm12,%ymm14 # [4][4] [2][3] + vpblendd $0b00110000,%ymm12,%ymm4,%ymm4 # [1][4] [4][3] [2][2] + vpblendd $0b00110000,%ymm9,%ymm14,%ymm14 # [1][0] [4][4] [2][3] + vpblendd $0b11000000,%ymm9,%ymm4,%ymm4 # [3][0] [1][4] [4][3] [2][2] + vpblendd $0b11000000,%ymm10,%ymm14,%ymm14 # [3][1] [1][0] [4][4] [2][3] + vpandn %ymm14,%ymm4,%ymm4 # tgting [3][4] [1][3] [4][2] [2][1] + + vpxor %ymm7,%ymm0,%ymm0 + vpxor %ymm8,%ymm1,%ymm1 + vpxor %ymm11,%ymm4,%ymm4 + + ######################################### Iota + vpxor (%r10),%ymm0,%ymm0 + lea 32(%r10),%r10 + + dec %eax + jnz .Loop_avx2 + + ret +.size __KeccakF1600,.-__KeccakF1600 +.globl SHA3_absorb +.type SHA3_absorb,@function +.align 32 +SHA3_absorb: + mov %rsp,%r11 + + lea -240(%rsp),%rsp + and $-32,%rsp + + lea 96(%rdi),%rdi + lea 96(%rsi),%rsi + lea 96(%rsp),%r10 + + vzeroupper + + vpbroadcastq -96(%rdi),%ymm0 # load A[5][5] + vmovdqu 8+32*0-96(%rdi),%ymm1 + vmovdqu 8+32*1-96(%rdi),%ymm2 + vmovdqu 8+32*2-96(%rdi),%ymm3 + vmovdqu 8+32*3-96(%rdi),%ymm4 + vmovdqu 8+32*4-96(%rdi),%ymm5 + vmovdqu 8+32*5-96(%rdi),%ymm6 + + vpxor %ymm7,%ymm7,%ymm7 + vmovdqa %ymm7,32*2-96(%r10) # zero transfer area on stack + vmovdqa %ymm7,32*3-96(%r10) + vmovdqa %ymm7,32*4-96(%r10) + vmovdqa %ymm7,32*5-96(%r10) + vmovdqa %ymm7,32*6-96(%r10) + +.Loop_absorb_avx2: + mov %rcx,%rax + sub %rcx,%rdx + jc .Ldone_absorb_avx2 + + shr $3,%eax + vpbroadcastq 0-96(%rsi),%ymm7 + vmovdqu 8-96(%rsi),%ymm8 + sub $4,%eax + dec %eax + jz .Labsorved_avx2 + mov 8*5-96(%rsi),%r8 + mov %r8,80-96(%r10) + dec %eax + jz .Labsorved_avx2 + mov 8*6-96(%rsi),%r8 + mov %r8,192-96(%r10) + dec %eax + jz .Labsorved_avx2 + mov 8*7-96(%rsi),%r8 + mov %r8,104-96(%r10) + dec %eax + jz .Labsorved_avx2 + mov 8*8-96(%rsi),%r8 + mov %r8,144-96(%r10) + dec %eax + jz .Labsorved_avx2 + mov 8*9-96(%rsi),%r8 + mov %r8,184-96(%r10) + dec %eax + jz .Labsorved_avx2 + mov 8*10-96(%rsi),%r8 + mov %r8,64-96(%r10) + dec %eax + jz .Labsorved_avx2 + mov 8*11-96(%rsi),%r8 + mov %r8,128-96(%r10) + dec %eax + jz .Labsorved_avx2 + mov 8*12-96(%rsi),%r8 + mov %r8,200-96(%r10) + dec %eax + jz .Labsorved_avx2 + mov 8*13-96(%rsi),%r8 + mov %r8,176-96(%r10) + dec %eax + jz .Labsorved_avx2 + mov 8*14-96(%rsi),%r8 + mov %r8,120-96(%r10) + dec %eax + jz .Labsorved_avx2 + mov 8*15-96(%rsi),%r8 + mov %r8,88-96(%r10) + dec %eax + jz .Labsorved_avx2 + mov 8*16-96(%rsi),%r8 + mov %r8,96-96(%r10) + dec %eax + jz .Labsorved_avx2 + mov 8*17-96(%rsi),%r8 + mov %r8,168-96(%r10) + dec %eax + jz .Labsorved_avx2 + mov 8*18-96(%rsi),%r8 + mov %r8,208-96(%r10) + dec %eax + jz .Labsorved_avx2 + mov 8*19-96(%rsi),%r8 + mov %r8,152-96(%r10) + dec %eax + jz .Labsorved_avx2 + mov 8*20-96(%rsi),%r8 + mov %r8,72-96(%r10) + dec %eax + jz .Labsorved_avx2 + mov 8*21-96(%rsi),%r8 + mov %r8,160-96(%r10) + dec %eax + jz .Labsorved_avx2 + mov 8*22-96(%rsi),%r8 + mov %r8,136-96(%r10) + dec %eax + jz .Labsorved_avx2 + mov 8*23-96(%rsi),%r8 + mov %r8,112-96(%r10) + dec %eax + jz .Labsorved_avx2 + mov 8*24-96(%rsi),%r8 + mov %r8,216-96(%r10) +.Labsorved_avx2: + lea (%rsi,%rcx),%rsi + + vpxor %ymm7,%ymm0,%ymm0 + vpxor %ymm8,%ymm1,%ymm1 + vpxor 32*2-96(%r10),%ymm2,%ymm2 + vpxor 32*3-96(%r10),%ymm3,%ymm3 + vpxor 32*4-96(%r10),%ymm4,%ymm4 + vpxor 32*5-96(%r10),%ymm5,%ymm5 + vpxor 32*6-96(%r10),%ymm6,%ymm6 + + call __KeccakF1600 + + lea 96(%rsp),%r10 + jmp .Loop_absorb_avx2 + +.Ldone_absorb_avx2: + vmovq %xmm0,-96(%rdi) + vmovdqu %ymm1,8+32*0-96(%rdi) + vmovdqu %ymm2,8+32*1-96(%rdi) + vmovdqu %ymm3,8+32*2-96(%rdi) + vmovdqu %ymm4,8+32*3-96(%rdi) + vmovdqu %ymm5,8+32*4-96(%rdi) + vmovdqu %ymm6,8+32*5-96(%rdi) + + vzeroupper + + lea (%r11),%rsp + lea (%rdx,%rcx),%rax # return value + ret +.size SHA3_absorb,.-SHA3_absorb + +.globl SHA3_squeeze +.type SHA3_squeeze,@function +.align 32 +SHA3_squeeze: + mov %rsp,%r11 + + lea 96(%rdi),%rdi + shr $3,%rcx + + vzeroupper + + vpbroadcastq -96(%rdi),%ymm0 + vpxor %ymm7,%ymm7,%ymm7 + vmovdqu 8+32*0-96(%rdi),%ymm1 + vmovdqu 8+32*1-96(%rdi),%ymm2 + vmovdqu 8+32*2-96(%rdi),%ymm3 + vmovdqu 8+32*3-96(%rdi),%ymm4 + vmovdqu 8+32*4-96(%rdi),%ymm5 + vmovdqu 8+32*5-96(%rdi),%ymm6 + + mov %rcx,%rax + +.Loop_squeeze_avx2: + mov 0-96(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 32-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 40-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 48-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 56-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 80-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 192-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 104-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 144-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 184-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 64-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 128-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 200-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 176-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 120-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 88-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 96-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 168-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 208-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 152-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 72-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 160-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 136-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 112-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov 216-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx2 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov -120(%rdi),%r8 +.Lextend_output_avx2: + call __KeccakF1600 + + vmovq %xmm0,-96(%rdi) + vmovdqu %ymm1,8+32*0-96(%rdi) + vmovdqu %ymm2,8+32*1-96(%rdi) + vmovdqu %ymm3,8+32*2-96(%rdi) + vmovdqu %ymm4,8+32*3-96(%rdi) + vmovdqu %ymm5,8+32*4-96(%rdi) + vmovdqu %ymm6,8+32*5-96(%rdi) + + mov %rcx,%rax + jmp .Loop_squeeze_avx2 + + +.Ltail_squeeze_avx2: + add $8,%rdx +.Loop_tail_avx2: + mov %r8b,(%rsi) + lea 1(%rsi),%rsi + shr $8,%r8 + dec %rdx + jnz .Loop_tail_avx2 + +.Ldone_squeeze_avx2: + vzeroupper + + lea (%r11),%rsp + ret +.size SHA3_squeeze,.-SHA3_squeeze + +.section .rodata +.align 64 +rhotates_left: + .quad 3, 18, 36, 41 # [2][0] [4][0] [1][0] [3][0] + .quad 1, 62, 28, 27 # [0][1] [0][2] [0][3] [0][4] + .quad 45, 6, 56, 39 # [3][1] [1][2] [4][3] [2][4] + .quad 10, 61, 55, 8 # [2][1] [4][2] [1][3] [3][4] + .quad 2, 15, 25, 20 # [4][1] [3][2] [2][3] [1][4] + .quad 44, 43, 21, 14 # [1][1] [2][2] [3][3] [4][4] +rhotates_right: + .quad 64-3, 64-18, 64-36, 64-41 + .quad 64-1, 64-62, 64-28, 64-27 + .quad 64-45, 64-6, 64-56, 64-39 + .quad 64-10, 64-61, 64-55, 64-8 + .quad 64-2, 64-15, 64-25, 64-20 + .quad 64-44, 64-43, 64-21, 64-14 +iotas: + .quad 0x0000000000000001, 0x0000000000000001, 0x0000000000000001, 0x0000000000000001 + .quad 0x0000000000008082, 0x0000000000008082, 0x0000000000008082, 0x0000000000008082 + .quad 0x800000000000808a, 0x800000000000808a, 0x800000000000808a, 0x800000000000808a + .quad 0x8000000080008000, 0x8000000080008000, 0x8000000080008000, 0x8000000080008000 + .quad 0x000000000000808b, 0x000000000000808b, 0x000000000000808b, 0x000000000000808b + .quad 0x0000000080000001, 0x0000000080000001, 0x0000000080000001, 0x0000000080000001 + .quad 0x8000000080008081, 0x8000000080008081, 0x8000000080008081, 0x8000000080008081 + .quad 0x8000000000008009, 0x8000000000008009, 0x8000000000008009, 0x8000000000008009 + .quad 0x000000000000008a, 0x000000000000008a, 0x000000000000008a, 0x000000000000008a + .quad 0x0000000000000088, 0x0000000000000088, 0x0000000000000088, 0x0000000000000088 + .quad 0x0000000080008009, 0x0000000080008009, 0x0000000080008009, 0x0000000080008009 + .quad 0x000000008000000a, 0x000000008000000a, 0x000000008000000a, 0x000000008000000a + .quad 0x000000008000808b, 0x000000008000808b, 0x000000008000808b, 0x000000008000808b + .quad 0x800000000000008b, 0x800000000000008b, 0x800000000000008b, 0x800000000000008b + .quad 0x8000000000008089, 0x8000000000008089, 0x8000000000008089, 0x8000000000008089 + .quad 0x8000000000008003, 0x8000000000008003, 0x8000000000008003, 0x8000000000008003 + .quad 0x8000000000008002, 0x8000000000008002, 0x8000000000008002, 0x8000000000008002 + .quad 0x8000000000000080, 0x8000000000000080, 0x8000000000000080, 0x8000000000000080 + .quad 0x000000000000800a, 0x000000000000800a, 0x000000000000800a, 0x000000000000800a + .quad 0x800000008000000a, 0x800000008000000a, 0x800000008000000a, 0x800000008000000a + .quad 0x8000000080008081, 0x8000000080008081, 0x8000000080008081, 0x8000000080008081 + .quad 0x8000000000008080, 0x8000000000008080, 0x8000000000008080, 0x8000000000008080 + .quad 0x0000000080000001, 0x0000000080000001, 0x0000000080000001, 0x0000000080000001 + .quad 0x8000000080008008, 0x8000000080008008, 0x8000000080008008, 0x8000000080008008 + +.asciz "Keccak-1600 absorb and squeeze for AVX2, CRYPTOGAMS by " diff --git a/contrib/openssl-cmake/asm/crypto/sha/keccak1600-avx512.s b/contrib/openssl-cmake/asm/crypto/sha/keccak1600-avx512.s new file mode 100644 index 000000000000..67fb8acf06b8 --- /dev/null +++ b/contrib/openssl-cmake/asm/crypto/sha/keccak1600-avx512.s @@ -0,0 +1,496 @@ +.text + +.type __KeccakF1600,@function +.align 32 +__KeccakF1600: + lea iotas(%rip),%r10 + mov $12,%eax + jmp .Loop_avx512 + +.align 32 +.Loop_avx512: + ######################################### Theta, even round + vmovdqa64 %zmm0,%zmm5 # put aside original A00 + vpternlogq $0x96,%zmm2,%zmm1,%zmm0 # and use it as "C00" + vpternlogq $0x96,%zmm4,%zmm3,%zmm0 + + vprolq $1,%zmm0,%zmm6 + vpermq %zmm0,%zmm13,%zmm0 + vpermq %zmm6,%zmm16,%zmm6 + + vpternlogq $0x96,%zmm0,%zmm6,%zmm5 # T[0] is original A00 + vpternlogq $0x96,%zmm0,%zmm6,%zmm1 + vpternlogq $0x96,%zmm0,%zmm6,%zmm2 + vpternlogq $0x96,%zmm0,%zmm6,%zmm3 + vpternlogq $0x96,%zmm0,%zmm6,%zmm4 + + ######################################### Rho + vprolvq %zmm22,%zmm5,%zmm0 # T[0] is original A00 + vprolvq %zmm23,%zmm1,%zmm1 + vprolvq %zmm24,%zmm2,%zmm2 + vprolvq %zmm25,%zmm3,%zmm3 + vprolvq %zmm26,%zmm4,%zmm4 + + ######################################### Pi + vpermq %zmm0,%zmm17,%zmm0 + vpermq %zmm1,%zmm18,%zmm1 + vpermq %zmm2,%zmm19,%zmm2 + vpermq %zmm3,%zmm20,%zmm3 + vpermq %zmm4,%zmm21,%zmm4 + + ######################################### Chi + vmovdqa64 %zmm0,%zmm5 + vmovdqa64 %zmm1,%zmm6 + vpternlogq $0xD2,%zmm2,%zmm1,%zmm0 + vpternlogq $0xD2,%zmm3,%zmm2,%zmm1 + vpternlogq $0xD2,%zmm4,%zmm3,%zmm2 + vpternlogq $0xD2,%zmm5,%zmm4,%zmm3 + vpternlogq $0xD2,%zmm6,%zmm5,%zmm4 + + ######################################### Iota + vpxorq (%r10),%zmm0,%zmm0{%k1} + lea 16(%r10),%r10 + + ######################################### Harmonize rounds + vpblendmq %zmm2,%zmm1,%zmm6{%k2} + vpblendmq %zmm3,%zmm2,%zmm7{%k2} + vpblendmq %zmm4,%zmm3,%zmm8{%k2} + vpblendmq %zmm1,%zmm0,%zmm5{%k2} + vpblendmq %zmm0,%zmm4,%zmm9{%k2} + + vpblendmq %zmm3,%zmm6,%zmm6{%k3} + vpblendmq %zmm4,%zmm7,%zmm7{%k3} + vpblendmq %zmm2,%zmm5,%zmm5{%k3} + vpblendmq %zmm0,%zmm8,%zmm8{%k3} + vpblendmq %zmm1,%zmm9,%zmm9{%k3} + + vpblendmq %zmm4,%zmm6,%zmm6{%k4} + vpblendmq %zmm3,%zmm5,%zmm5{%k4} + vpblendmq %zmm0,%zmm7,%zmm7{%k4} + vpblendmq %zmm1,%zmm8,%zmm8{%k4} + vpblendmq %zmm2,%zmm9,%zmm9{%k4} + + vpblendmq %zmm4,%zmm5,%zmm5{%k5} + vpblendmq %zmm0,%zmm6,%zmm6{%k5} + vpblendmq %zmm1,%zmm7,%zmm7{%k5} + vpblendmq %zmm2,%zmm8,%zmm8{%k5} + vpblendmq %zmm3,%zmm9,%zmm9{%k5} + + #vpermq %zmm5,%zmm33,%zmm0 # doesn't actually change order + vpermq %zmm6,%zmm13,%zmm1 + vpermq %zmm7,%zmm14,%zmm2 + vpermq %zmm8,%zmm15,%zmm3 + vpermq %zmm9,%zmm16,%zmm4 + + ######################################### Theta, odd round + vmovdqa64 %zmm5,%zmm0 # real A00 + vpternlogq $0x96,%zmm2,%zmm1,%zmm5 # C00 is %zmm5's alias + vpternlogq $0x96,%zmm4,%zmm3,%zmm5 + + vprolq $1,%zmm5,%zmm6 + vpermq %zmm5,%zmm13,%zmm5 + vpermq %zmm6,%zmm16,%zmm6 + + vpternlogq $0x96,%zmm5,%zmm6,%zmm0 + vpternlogq $0x96,%zmm5,%zmm6,%zmm3 + vpternlogq $0x96,%zmm5,%zmm6,%zmm1 + vpternlogq $0x96,%zmm5,%zmm6,%zmm4 + vpternlogq $0x96,%zmm5,%zmm6,%zmm2 + + ######################################### Rho + vprolvq %zmm27,%zmm0,%zmm0 + vprolvq %zmm30,%zmm3,%zmm6 + vprolvq %zmm28,%zmm1,%zmm7 + vprolvq %zmm31,%zmm4,%zmm8 + vprolvq %zmm29,%zmm2,%zmm9 + + vpermq %zmm0,%zmm16,%zmm10 + vpermq %zmm0,%zmm15,%zmm11 + + ######################################### Iota + vpxorq -8(%r10),%zmm0,%zmm0{%k1} + + ######################################### Pi + vpermq %zmm6,%zmm14,%zmm1 + vpermq %zmm7,%zmm16,%zmm2 + vpermq %zmm8,%zmm13,%zmm3 + vpermq %zmm9,%zmm15,%zmm4 + + ######################################### Chi + vpternlogq $0xD2,%zmm11,%zmm10,%zmm0 + + vpermq %zmm6,%zmm13,%zmm12 + #vpermq %zmm6,%zmm33,%zmm6 + vpternlogq $0xD2,%zmm6,%zmm12,%zmm1 + + vpermq %zmm7,%zmm15,%zmm5 + vpermq %zmm7,%zmm14,%zmm7 + vpternlogq $0xD2,%zmm7,%zmm5,%zmm2 + + #vpermq %zmm8,%zmm33,%zmm8 + vpermq %zmm8,%zmm16,%zmm6 + vpternlogq $0xD2,%zmm6,%zmm8,%zmm3 + + vpermq %zmm9,%zmm14,%zmm5 + vpermq %zmm9,%zmm13,%zmm9 + vpternlogq $0xD2,%zmm9,%zmm5,%zmm4 + + dec %eax + jnz .Loop_avx512 + + ret +.size __KeccakF1600,.-__KeccakF1600 +.globl SHA3_absorb +.type SHA3_absorb,@function +.align 32 +SHA3_absorb: + mov %rsp,%r11 + + lea -320(%rsp),%rsp + and $-64,%rsp + + lea 96(%rdi),%rdi + lea 96(%rsi),%rsi + lea 128(%rsp),%r9 + + lea theta_perm(%rip),%r8 + + kxnorw %k6,%k6,%k6 + kshiftrw $15,%k6,%k1 + kshiftrw $11,%k6,%k6 + kshiftlw $1,%k1,%k2 + kshiftlw $2,%k1,%k3 + kshiftlw $3,%k1,%k4 + kshiftlw $4,%k1,%k5 + + #vmovdqa64 64*0(%r8),%zmm33 + vmovdqa64 64*1(%r8),%zmm13 + vmovdqa64 64*2(%r8),%zmm14 + vmovdqa64 64*3(%r8),%zmm15 + vmovdqa64 64*4(%r8),%zmm16 + + vmovdqa64 64*5(%r8),%zmm27 + vmovdqa64 64*6(%r8),%zmm28 + vmovdqa64 64*7(%r8),%zmm29 + vmovdqa64 64*8(%r8),%zmm30 + vmovdqa64 64*9(%r8),%zmm31 + + vmovdqa64 64*10(%r8),%zmm22 + vmovdqa64 64*11(%r8),%zmm23 + vmovdqa64 64*12(%r8),%zmm24 + vmovdqa64 64*13(%r8),%zmm25 + vmovdqa64 64*14(%r8),%zmm26 + + vmovdqa64 64*15(%r8),%zmm17 + vmovdqa64 64*16(%r8),%zmm18 + vmovdqa64 64*17(%r8),%zmm19 + vmovdqa64 64*18(%r8),%zmm20 + vmovdqa64 64*19(%r8),%zmm21 + + vmovdqu64 40*0-96(%rdi),%zmm0{%k6}{z} + vpxorq %zmm5,%zmm5,%zmm5 + vmovdqu64 40*1-96(%rdi),%zmm1{%k6}{z} + vmovdqu64 40*2-96(%rdi),%zmm2{%k6}{z} + vmovdqu64 40*3-96(%rdi),%zmm3{%k6}{z} + vmovdqu64 40*4-96(%rdi),%zmm4{%k6}{z} + + vmovdqa64 %zmm5,0*64-128(%r9) # zero transfer area on stack + vmovdqa64 %zmm5,1*64-128(%r9) + vmovdqa64 %zmm5,2*64-128(%r9) + vmovdqa64 %zmm5,3*64-128(%r9) + vmovdqa64 %zmm5,4*64-128(%r9) + jmp .Loop_absorb_avx512 + +.align 32 +.Loop_absorb_avx512: + mov %rcx,%rax + sub %rcx,%rdx + jc .Ldone_absorb_avx512 + + shr $3,%eax + mov 8*0-96(%rsi),%r8 + mov %r8,0-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*1-96(%rsi),%r8 + mov %r8,8-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*2-96(%rsi),%r8 + mov %r8,16-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*3-96(%rsi),%r8 + mov %r8,24-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*4-96(%rsi),%r8 + mov %r8,32-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*5-96(%rsi),%r8 + mov %r8,64-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*6-96(%rsi),%r8 + mov %r8,72-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*7-96(%rsi),%r8 + mov %r8,80-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*8-96(%rsi),%r8 + mov %r8,88-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*9-96(%rsi),%r8 + mov %r8,96-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*10-96(%rsi),%r8 + mov %r8,128-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*11-96(%rsi),%r8 + mov %r8,136-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*12-96(%rsi),%r8 + mov %r8,144-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*13-96(%rsi),%r8 + mov %r8,152-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*14-96(%rsi),%r8 + mov %r8,160-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*15-96(%rsi),%r8 + mov %r8,192-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*16-96(%rsi),%r8 + mov %r8,200-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*17-96(%rsi),%r8 + mov %r8,208-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*18-96(%rsi),%r8 + mov %r8,216-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*19-96(%rsi),%r8 + mov %r8,224-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*20-96(%rsi),%r8 + mov %r8,256-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*21-96(%rsi),%r8 + mov %r8,264-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*22-96(%rsi),%r8 + mov %r8,272-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*23-96(%rsi),%r8 + mov %r8,280-128(%r9) + dec %eax + jz .Labsorved_avx512 + mov 8*24-96(%rsi),%r8 + mov %r8,288-128(%r9) + dec %eax + jz .Labsorved_avx512 +.Labsorved_avx512: + lea (%rsi,%rcx),%rsi + + vpxorq 64*0-128(%r9),%zmm0,%zmm0 + vpxorq 64*1-128(%r9),%zmm1,%zmm1 + vpxorq 64*2-128(%r9),%zmm2,%zmm2 + vpxorq 64*3-128(%r9),%zmm3,%zmm3 + vpxorq 64*4-128(%r9),%zmm4,%zmm4 + + call __KeccakF1600 + + jmp .Loop_absorb_avx512 + +.align 32 +.Ldone_absorb_avx512: + vmovdqu64 %zmm0,40*0-96(%rdi){%k6} + vmovdqu64 %zmm1,40*1-96(%rdi){%k6} + vmovdqu64 %zmm2,40*2-96(%rdi){%k6} + vmovdqu64 %zmm3,40*3-96(%rdi){%k6} + vmovdqu64 %zmm4,40*4-96(%rdi){%k6} + + vzeroupper + + lea (%r11),%rsp + lea (%rdx,%rcx),%rax # return value + ret +.size SHA3_absorb,.-SHA3_absorb + +.globl SHA3_squeeze +.type SHA3_squeeze,@function +.align 32 +SHA3_squeeze: + mov %rsp,%r11 + + lea 96(%rdi),%rdi + cmp %rcx,%rdx + jbe .Lno_output_extension_avx512 + + lea theta_perm(%rip),%r8 + + kxnorw %k6,%k6,%k6 + kshiftrw $15,%k6,%k1 + kshiftrw $11,%k6,%k6 + kshiftlw $1,%k1,%k2 + kshiftlw $2,%k1,%k3 + kshiftlw $3,%k1,%k4 + kshiftlw $4,%k1,%k5 + + #vmovdqa64 64*0(%r8),%zmm33 + vmovdqa64 64*1(%r8),%zmm13 + vmovdqa64 64*2(%r8),%zmm14 + vmovdqa64 64*3(%r8),%zmm15 + vmovdqa64 64*4(%r8),%zmm16 + + vmovdqa64 64*5(%r8),%zmm27 + vmovdqa64 64*6(%r8),%zmm28 + vmovdqa64 64*7(%r8),%zmm29 + vmovdqa64 64*8(%r8),%zmm30 + vmovdqa64 64*9(%r8),%zmm31 + + vmovdqa64 64*10(%r8),%zmm22 + vmovdqa64 64*11(%r8),%zmm23 + vmovdqa64 64*12(%r8),%zmm24 + vmovdqa64 64*13(%r8),%zmm25 + vmovdqa64 64*14(%r8),%zmm26 + + vmovdqa64 64*15(%r8),%zmm17 + vmovdqa64 64*16(%r8),%zmm18 + vmovdqa64 64*17(%r8),%zmm19 + vmovdqa64 64*18(%r8),%zmm20 + vmovdqa64 64*19(%r8),%zmm21 + + vmovdqu64 40*0-96(%rdi),%zmm0{%k6}{z} + vmovdqu64 40*1-96(%rdi),%zmm1{%k6}{z} + vmovdqu64 40*2-96(%rdi),%zmm2{%k6}{z} + vmovdqu64 40*3-96(%rdi),%zmm3{%k6}{z} + vmovdqu64 40*4-96(%rdi),%zmm4{%k6}{z} + +.Lno_output_extension_avx512: + shr $3,%rcx + lea -96(%rdi),%r9 + mov %rcx,%rax + jmp .Loop_squeeze_avx512 + +.align 32 +.Loop_squeeze_avx512: + cmp $8,%rdx + jb .Ltail_squeeze_avx512 + + mov (%r9),%r8 + lea 8(%r9),%r9 + mov %r8,(%rsi) + lea 8(%rsi),%rsi + sub $8,%rdx # len -= 8 + jz .Ldone_squeeze_avx512 + + sub $1,%rax # bsz-- + jnz .Loop_squeeze_avx512 + + #vpermq %zmm16,%zmm16,%zmm15 + #vpermq %zmm15,%zmm16,%zmm14 + #vpermq %zmm15,%zmm15,%zmm13 + + call __KeccakF1600 + + vmovdqu64 %zmm0,40*0-96(%rdi){%k6} + vmovdqu64 %zmm1,40*1-96(%rdi){%k6} + vmovdqu64 %zmm2,40*2-96(%rdi){%k6} + vmovdqu64 %zmm3,40*3-96(%rdi){%k6} + vmovdqu64 %zmm4,40*4-96(%rdi){%k6} + + lea -96(%rdi),%r9 + mov %rcx,%rax + jmp .Loop_squeeze_avx512 + +.Ltail_squeeze_avx512: + mov %rsi,%rdi + mov %r9,%rsi + mov %rdx,%rcx + .byte 0xf3,0xa4 # rep movsb + +.Ldone_squeeze_avx512: + vzeroupper + + lea (%r11),%rsp + ret +.size SHA3_squeeze,.-SHA3_squeeze + +.section .rodata +.align 64 +theta_perm: + .quad 0, 1, 2, 3, 4, 5, 6, 7 # [not used] + .quad 4, 0, 1, 2, 3, 5, 6, 7 + .quad 3, 4, 0, 1, 2, 5, 6, 7 + .quad 2, 3, 4, 0, 1, 5, 6, 7 + .quad 1, 2, 3, 4, 0, 5, 6, 7 + +rhotates1: + .quad 0, 44, 43, 21, 14, 0, 0, 0 # [0][0] [1][1] [2][2] [3][3] [4][4] + .quad 18, 1, 6, 25, 8, 0, 0, 0 # [4][0] [0][1] [1][2] [2][3] [3][4] + .quad 41, 2, 62, 55, 39, 0, 0, 0 # [3][0] [4][1] [0][2] [1][3] [2][4] + .quad 3, 45, 61, 28, 20, 0, 0, 0 # [2][0] [3][1] [4][2] [0][3] [1][4] + .quad 36, 10, 15, 56, 27, 0, 0, 0 # [1][0] [2][1] [3][2] [4][3] [0][4] + +rhotates0: + .quad 0, 1, 62, 28, 27, 0, 0, 0 + .quad 36, 44, 6, 55, 20, 0, 0, 0 + .quad 3, 10, 43, 25, 39, 0, 0, 0 + .quad 41, 45, 15, 21, 8, 0, 0, 0 + .quad 18, 2, 61, 56, 14, 0, 0, 0 + +pi0_perm: + .quad 0, 3, 1, 4, 2, 5, 6, 7 + .quad 1, 4, 2, 0, 3, 5, 6, 7 + .quad 2, 0, 3, 1, 4, 5, 6, 7 + .quad 3, 1, 4, 2, 0, 5, 6, 7 + .quad 4, 2, 0, 3, 1, 5, 6, 7 + + +iotas: + .quad 0x0000000000000001 + .quad 0x0000000000008082 + .quad 0x800000000000808a + .quad 0x8000000080008000 + .quad 0x000000000000808b + .quad 0x0000000080000001 + .quad 0x8000000080008081 + .quad 0x8000000000008009 + .quad 0x000000000000008a + .quad 0x0000000000000088 + .quad 0x0000000080008009 + .quad 0x000000008000000a + .quad 0x000000008000808b + .quad 0x800000000000008b + .quad 0x8000000000008089 + .quad 0x8000000000008003 + .quad 0x8000000000008002 + .quad 0x8000000000000080 + .quad 0x000000000000800a + .quad 0x800000008000000a + .quad 0x8000000080008081 + .quad 0x8000000000008080 + .quad 0x0000000080000001 + .quad 0x8000000080008008 + +.asciz "Keccak-1600 absorb and squeeze for AVX-512F, CRYPTOGAMS by " diff --git a/contrib/openssl-cmake/asm/crypto/sha/keccak1600-avx512vl.s b/contrib/openssl-cmake/asm/crypto/sha/keccak1600-avx512vl.s new file mode 100644 index 000000000000..6dbdc30acc04 --- /dev/null +++ b/contrib/openssl-cmake/asm/crypto/sha/keccak1600-avx512vl.s @@ -0,0 +1,580 @@ +.text + +.type __KeccakF1600,@function +.align 32 +__KeccakF1600: + lea iotas(%rip),%r10 + mov $24,%eax + jmp .Loop_avx512vl + +.align 32 +.Loop_avx512vl: + ######################################### Theta + vpshufd $0b01001110,%ymm2,%ymm13 + vpxor %ymm3,%ymm5,%ymm12 + vpxor %ymm6,%ymm4,%ymm9 + vpternlogq $0x96,%ymm1,%ymm9,%ymm12 # C[1..4] + + vpxor %ymm2,%ymm13,%ymm13 + vpermq $0b01001110,%ymm13,%ymm7 + + vpermq $0b10010011,%ymm12,%ymm11 + vprolq $1,%ymm12,%ymm8 # ROL64(C[1..4],1) + + vpermq $0b00111001,%ymm8,%ymm15 + vpxor %ymm11,%ymm8,%ymm14 + vpermq $0b00000000,%ymm14,%ymm14 # D[0..0] = ROL64(C[1],1) ^ C[4] + + vpternlogq $0x96,%ymm7,%ymm0,%ymm13 # C[0..0] + vprolq $1,%ymm13,%ymm8 # ROL64(C[0..0],1) + + vpxor %ymm14,%ymm0,%ymm0 # ^= D[0..0] + + vpblendd $0b11000000,%ymm8,%ymm15,%ymm15 + vpblendd $0b00000011,%ymm13,%ymm11,%ymm7 + + ######################################### Rho + Pi + pre-Chi shuffle + vpxor %ymm14,%ymm2,%ymm2 # ^= D[0..0] from Theta + vprolvq %ymm16,%ymm2,%ymm2 + + vpternlogq $0x96,%ymm7,%ymm15,%ymm3 # ^= D[1..4] from Theta + vprolvq %ymm18,%ymm3,%ymm3 + + vpternlogq $0x96,%ymm7,%ymm15,%ymm4 # ^= D[1..4] from Theta + vprolvq %ymm19,%ymm4,%ymm4 + + vpternlogq $0x96,%ymm7,%ymm15,%ymm5 # ^= D[1..4] from Theta + vprolvq %ymm20,%ymm5,%ymm5 + + vpermq $0b10001101,%ymm2,%ymm10 # %ymm2 -> future %ymm3 + vpermq $0b10001101,%ymm3,%ymm11 # %ymm3 -> future %ymm4 + vpternlogq $0x96,%ymm7,%ymm15,%ymm6 # ^= D[1..4] from Theta + vprolvq %ymm21,%ymm6,%ymm8 # %ymm6 -> future %ymm1 + + vpermq $0b00011011,%ymm4,%ymm12 # %ymm4 -> future %ymm5 + vpermq $0b01110010,%ymm5,%ymm13 # %ymm5 -> future %ymm6 + vpternlogq $0x96,%ymm7,%ymm15,%ymm1 # ^= D[1..4] from Theta + vprolvq %ymm17,%ymm1,%ymm9 # %ymm1 -> future %ymm2 + + ######################################### Chi + vpblendd $0b00001100,%ymm13,%ymm9,%ymm3 # [4][4] [2][0] + vpblendd $0b00001100,%ymm9,%ymm11,%ymm15 # [4][0] [2][1] + vpblendd $0b00001100,%ymm11,%ymm10,%ymm5 # [4][2] [2][4] + vpblendd $0b00001100,%ymm10,%ymm9,%ymm14 # [4][3] [2][0] + vpblendd $0b00110000,%ymm11,%ymm3,%ymm3 # [1][3] [4][4] [2][0] + vpblendd $0b00110000,%ymm12,%ymm15,%ymm15 # [1][4] [4][0] [2][1] + vpblendd $0b00110000,%ymm9,%ymm5,%ymm5 # [1][0] [4][2] [2][4] + vpblendd $0b00110000,%ymm13,%ymm14,%ymm14 # [1][1] [4][3] [2][0] + vpblendd $0b11000000,%ymm12,%ymm3,%ymm3 # [3][2] [1][3] [4][4] [2][0] + vpblendd $0b11000000,%ymm13,%ymm15,%ymm15 # [3][3] [1][4] [4][0] [2][1] + vpblendd $0b11000000,%ymm13,%ymm5,%ymm5 # [3][3] [1][0] [4][2] [2][4] + vpblendd $0b11000000,%ymm11,%ymm14,%ymm14 # [3][4] [1][1] [4][3] [2][0] + vpternlogq $0xC6,%ymm15,%ymm10,%ymm3 # [3][1] [1][2] [4][3] [2][4] + vpternlogq $0xC6,%ymm14,%ymm12,%ymm5 # [3][2] [1][4] [4][1] [2][3] + + vpsrldq $8,%ymm8,%ymm7 + vpandn %ymm7,%ymm8,%ymm7 # tgting [0][0] [0][0] [0][0] [0][0] + + vpblendd $0b00001100,%ymm9,%ymm12,%ymm6 # [4][0] [2][3] + vpblendd $0b00001100,%ymm12,%ymm10,%ymm15 # [4][1] [2][4] + vpblendd $0b00110000,%ymm10,%ymm6,%ymm6 # [1][2] [4][0] [2][3] + vpblendd $0b00110000,%ymm11,%ymm15,%ymm15 # [1][3] [4][1] [2][4] + vpblendd $0b11000000,%ymm11,%ymm6,%ymm6 # [3][4] [1][2] [4][0] [2][3] + vpblendd $0b11000000,%ymm9,%ymm15,%ymm15 # [3][0] [1][3] [4][1] [2][4] + vpternlogq $0xC6,%ymm15,%ymm13,%ymm6 # [3][3] [1][1] [4][4] [2][2] + + vpermq $0b00011110,%ymm8,%ymm4 # [0][1] [0][2] [0][4] [0][3] + vpblendd $0b00110000,%ymm0,%ymm4,%ymm15 # [0][1] [0][0] [0][4] [0][3] + vpermq $0b00111001,%ymm8,%ymm1 # [0][1] [0][4] [0][3] [0][2] + vpblendd $0b11000000,%ymm0,%ymm1,%ymm1 # [0][0] [0][4] [0][3] [0][2] + + vpblendd $0b00001100,%ymm12,%ymm11,%ymm2 # [4][1] [2][1] + vpblendd $0b00001100,%ymm11,%ymm13,%ymm14 # [4][2] [2][2] + vpblendd $0b00110000,%ymm13,%ymm2,%ymm2 # [1][1] [4][1] [2][1] + vpblendd $0b00110000,%ymm10,%ymm14,%ymm14 # [1][2] [4][2] [2][2] + vpblendd $0b11000000,%ymm10,%ymm2,%ymm2 # [3][1] [1][1] [4][1] [2][1] + vpblendd $0b11000000,%ymm12,%ymm14,%ymm14 # [3][2] [1][2] [4][2] [2][2] + vpternlogq $0xC6,%ymm14,%ymm9,%ymm2 # [3][0] [1][0] [4][0] [2][0] + + vpermq $0b00000000,%ymm7,%ymm7 # [0][0] [0][0] [0][0] [0][0] + vpermq $0b00011011,%ymm3,%ymm3 # post-Chi shuffle + vpermq $0b10001101,%ymm5,%ymm5 + vpermq $0b01110010,%ymm6,%ymm6 + + vpblendd $0b00001100,%ymm10,%ymm13,%ymm4 # [4][3] [2][2] + vpblendd $0b00001100,%ymm13,%ymm12,%ymm14 # [4][4] [2][3] + vpblendd $0b00110000,%ymm12,%ymm4,%ymm4 # [1][4] [4][3] [2][2] + vpblendd $0b00110000,%ymm9,%ymm14,%ymm14 # [1][0] [4][4] [2][3] + vpblendd $0b11000000,%ymm9,%ymm4,%ymm4 # [3][0] [1][4] [4][3] [2][2] + vpblendd $0b11000000,%ymm10,%ymm14,%ymm14 # [3][1] [1][0] [4][4] [2][3] + + vpternlogq $0xC6,%ymm15,%ymm8,%ymm1 # [0][4] [0][3] [0][2] [0][1] + vpternlogq $0xC6,%ymm14,%ymm11,%ymm4 # [3][4] [1][3] [4][2] [2][1] + + ######################################### Iota + vpternlogq $0x96,(%r10),%ymm7,%ymm0 + lea 32(%r10),%r10 + + dec %eax + jnz .Loop_avx512vl + + ret +.size __KeccakF1600,.-__KeccakF1600 +.globl SHA3_absorb +.type SHA3_absorb,@function +.align 32 +SHA3_absorb: + mov %rsp,%r11 + + lea -240(%rsp),%rsp + and $-32,%rsp + + lea 96(%rdi),%rdi + lea 96(%rsi),%rsi + lea 96(%rsp),%r10 + lea rhotates_left(%rip),%r8 + + vzeroupper + + vpbroadcastq -96(%rdi),%ymm0 # load A[5][5] + vmovdqu 8+32*0-96(%rdi),%ymm1 + vmovdqu 8+32*1-96(%rdi),%ymm2 + vmovdqu 8+32*2-96(%rdi),%ymm3 + vmovdqu 8+32*3-96(%rdi),%ymm4 + vmovdqu 8+32*4-96(%rdi),%ymm5 + vmovdqu 8+32*5-96(%rdi),%ymm6 + + vmovdqa64 0*32(%r8),%ymm16 # load "rhotate" indices + vmovdqa64 1*32(%r8),%ymm17 + vmovdqa64 2*32(%r8),%ymm18 + vmovdqa64 3*32(%r8),%ymm19 + vmovdqa64 4*32(%r8),%ymm20 + vmovdqa64 5*32(%r8),%ymm21 + + vpxor %ymm7,%ymm7,%ymm7 + vmovdqa %ymm7,32*2-96(%r10) # zero transfer area on stack + vmovdqa %ymm7,32*3-96(%r10) + vmovdqa %ymm7,32*4-96(%r10) + vmovdqa %ymm7,32*5-96(%r10) + vmovdqa %ymm7,32*6-96(%r10) + +.Loop_absorb_avx512vl: + mov %rcx,%rax + sub %rcx,%rdx + jc .Ldone_absorb_avx512vl + + shr $3,%eax + vpbroadcastq 0-96(%rsi),%ymm7 + vmovdqu 8-96(%rsi),%ymm8 + sub $4,%eax + dec %eax + jz .Labsorved_avx512vl + mov 8*5-96(%rsi),%r8 + mov %r8,80-96(%r10) + dec %eax + jz .Labsorved_avx512vl + mov 8*6-96(%rsi),%r8 + mov %r8,192-96(%r10) + dec %eax + jz .Labsorved_avx512vl + mov 8*7-96(%rsi),%r8 + mov %r8,104-96(%r10) + dec %eax + jz .Labsorved_avx512vl + mov 8*8-96(%rsi),%r8 + mov %r8,144-96(%r10) + dec %eax + jz .Labsorved_avx512vl + mov 8*9-96(%rsi),%r8 + mov %r8,184-96(%r10) + dec %eax + jz .Labsorved_avx512vl + mov 8*10-96(%rsi),%r8 + mov %r8,64-96(%r10) + dec %eax + jz .Labsorved_avx512vl + mov 8*11-96(%rsi),%r8 + mov %r8,128-96(%r10) + dec %eax + jz .Labsorved_avx512vl + mov 8*12-96(%rsi),%r8 + mov %r8,200-96(%r10) + dec %eax + jz .Labsorved_avx512vl + mov 8*13-96(%rsi),%r8 + mov %r8,176-96(%r10) + dec %eax + jz .Labsorved_avx512vl + mov 8*14-96(%rsi),%r8 + mov %r8,120-96(%r10) + dec %eax + jz .Labsorved_avx512vl + mov 8*15-96(%rsi),%r8 + mov %r8,88-96(%r10) + dec %eax + jz .Labsorved_avx512vl + mov 8*16-96(%rsi),%r8 + mov %r8,96-96(%r10) + dec %eax + jz .Labsorved_avx512vl + mov 8*17-96(%rsi),%r8 + mov %r8,168-96(%r10) + dec %eax + jz .Labsorved_avx512vl + mov 8*18-96(%rsi),%r8 + mov %r8,208-96(%r10) + dec %eax + jz .Labsorved_avx512vl + mov 8*19-96(%rsi),%r8 + mov %r8,152-96(%r10) + dec %eax + jz .Labsorved_avx512vl + mov 8*20-96(%rsi),%r8 + mov %r8,72-96(%r10) + dec %eax + jz .Labsorved_avx512vl + mov 8*21-96(%rsi),%r8 + mov %r8,160-96(%r10) + dec %eax + jz .Labsorved_avx512vl + mov 8*22-96(%rsi),%r8 + mov %r8,136-96(%r10) + dec %eax + jz .Labsorved_avx512vl + mov 8*23-96(%rsi),%r8 + mov %r8,112-96(%r10) + dec %eax + jz .Labsorved_avx512vl + mov 8*24-96(%rsi),%r8 + mov %r8,216-96(%r10) +.Labsorved_avx512vl: + lea (%rsi,%rcx),%rsi + + vpxor %ymm7,%ymm0,%ymm0 + vpxor %ymm8,%ymm1,%ymm1 + vpxor 32*2-96(%r10),%ymm2,%ymm2 + vpxor 32*3-96(%r10),%ymm3,%ymm3 + vpxor 32*4-96(%r10),%ymm4,%ymm4 + vpxor 32*5-96(%r10),%ymm5,%ymm5 + vpxor 32*6-96(%r10),%ymm6,%ymm6 + + call __KeccakF1600 + + lea 96(%rsp),%r10 + jmp .Loop_absorb_avx512vl + +.Ldone_absorb_avx512vl: + vmovq %xmm0,-96(%rdi) + vmovdqu %ymm1,8+32*0-96(%rdi) + vmovdqu %ymm2,8+32*1-96(%rdi) + vmovdqu %ymm3,8+32*2-96(%rdi) + vmovdqu %ymm4,8+32*3-96(%rdi) + vmovdqu %ymm5,8+32*4-96(%rdi) + vmovdqu %ymm6,8+32*5-96(%rdi) + + vzeroupper + + lea (%r11),%rsp + lea (%rdx,%rcx),%rax # return value + ret +.size SHA3_absorb,.-SHA3_absorb + +.globl SHA3_squeeze +.type SHA3_squeeze,@function +.align 32 +SHA3_squeeze: + mov %rsp,%r11 + + lea 96(%rdi),%rdi + lea rhotates_left(%rip),%r8 + shr $3,%rcx + + vzeroupper + + vpbroadcastq -96(%rdi),%ymm0 + vpxor %ymm7,%ymm7,%ymm7 + vmovdqu 8+32*0-96(%rdi),%ymm1 + vmovdqu 8+32*1-96(%rdi),%ymm2 + vmovdqu 8+32*2-96(%rdi),%ymm3 + vmovdqu 8+32*3-96(%rdi),%ymm4 + vmovdqu 8+32*4-96(%rdi),%ymm5 + vmovdqu 8+32*5-96(%rdi),%ymm6 + + vmovdqa64 0*32(%r8),%ymm16 # load "rhotate" indices + vmovdqa64 1*32(%r8),%ymm17 + vmovdqa64 2*32(%r8),%ymm18 + vmovdqa64 3*32(%r8),%ymm19 + vmovdqa64 4*32(%r8),%ymm20 + vmovdqa64 5*32(%r8),%ymm21 + + mov %rcx,%rax + +.Loop_squeeze_avx512vl: + mov 0-96(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 32-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 40-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 48-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 56-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 80-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 192-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 104-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 144-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 184-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 64-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 128-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 200-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 176-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 120-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 88-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 96-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 168-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 208-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 152-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 72-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 160-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 136-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 112-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov 216-120(%rdi),%r8 + sub $8,%rdx + jc .Ltail_squeeze_avx512vl + mov %r8,(%rsi) + lea 8(%rsi),%rsi + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov -120(%rdi),%r8 +.Lextend_output_avx512vl: + call __KeccakF1600 + + vmovq %xmm0,-96(%rdi) + vmovdqu %ymm1,8+32*0-96(%rdi) + vmovdqu %ymm2,8+32*1-96(%rdi) + vmovdqu %ymm3,8+32*2-96(%rdi) + vmovdqu %ymm4,8+32*3-96(%rdi) + vmovdqu %ymm5,8+32*4-96(%rdi) + vmovdqu %ymm6,8+32*5-96(%rdi) + + mov %rcx,%rax + jmp .Loop_squeeze_avx512vl + + +.Ltail_squeeze_avx512vl: + add $8,%rdx +.Loop_tail_avx512vl: + mov %r8b,(%rsi) + lea 1(%rsi),%rsi + shr $8,%r8 + dec %rdx + jnz .Loop_tail_avx512vl + +.Ldone_squeeze_avx512vl: + vzeroupper + + lea (%r11),%rsp + ret +.size SHA3_squeeze,.-SHA3_squeeze + +.section .rodata +.align 64 +rhotates_left: + .quad 3, 18, 36, 41 # [2][0] [4][0] [1][0] [3][0] + .quad 1, 62, 28, 27 # [0][1] [0][2] [0][3] [0][4] + .quad 45, 6, 56, 39 # [3][1] [1][2] [4][3] [2][4] + .quad 10, 61, 55, 8 # [2][1] [4][2] [1][3] [3][4] + .quad 2, 15, 25, 20 # [4][1] [3][2] [2][3] [1][4] + .quad 44, 43, 21, 14 # [1][1] [2][2] [3][3] [4][4] +iotas: + .quad 0x0000000000000001, 0x0000000000000001, 0x0000000000000001, 0x0000000000000001 + .quad 0x0000000000008082, 0x0000000000008082, 0x0000000000008082, 0x0000000000008082 + .quad 0x800000000000808a, 0x800000000000808a, 0x800000000000808a, 0x800000000000808a + .quad 0x8000000080008000, 0x8000000080008000, 0x8000000080008000, 0x8000000080008000 + .quad 0x000000000000808b, 0x000000000000808b, 0x000000000000808b, 0x000000000000808b + .quad 0x0000000080000001, 0x0000000080000001, 0x0000000080000001, 0x0000000080000001 + .quad 0x8000000080008081, 0x8000000080008081, 0x8000000080008081, 0x8000000080008081 + .quad 0x8000000000008009, 0x8000000000008009, 0x8000000000008009, 0x8000000000008009 + .quad 0x000000000000008a, 0x000000000000008a, 0x000000000000008a, 0x000000000000008a + .quad 0x0000000000000088, 0x0000000000000088, 0x0000000000000088, 0x0000000000000088 + .quad 0x0000000080008009, 0x0000000080008009, 0x0000000080008009, 0x0000000080008009 + .quad 0x000000008000000a, 0x000000008000000a, 0x000000008000000a, 0x000000008000000a + .quad 0x000000008000808b, 0x000000008000808b, 0x000000008000808b, 0x000000008000808b + .quad 0x800000000000008b, 0x800000000000008b, 0x800000000000008b, 0x800000000000008b + .quad 0x8000000000008089, 0x8000000000008089, 0x8000000000008089, 0x8000000000008089 + .quad 0x8000000000008003, 0x8000000000008003, 0x8000000000008003, 0x8000000000008003 + .quad 0x8000000000008002, 0x8000000000008002, 0x8000000000008002, 0x8000000000008002 + .quad 0x8000000000000080, 0x8000000000000080, 0x8000000000000080, 0x8000000000000080 + .quad 0x000000000000800a, 0x000000000000800a, 0x000000000000800a, 0x000000000000800a + .quad 0x800000008000000a, 0x800000008000000a, 0x800000008000000a, 0x800000008000000a + .quad 0x8000000080008081, 0x8000000080008081, 0x8000000080008081, 0x8000000080008081 + .quad 0x8000000000008080, 0x8000000000008080, 0x8000000000008080, 0x8000000000008080 + .quad 0x0000000080000001, 0x0000000080000001, 0x0000000080000001, 0x0000000080000001 + .quad 0x8000000080008008, 0x8000000080008008, 0x8000000080008008, 0x8000000080008008 + +.asciz "Keccak-1600 absorb and squeeze for AVX512VL, CRYPTOGAMS by " diff --git a/contrib/openssl-cmake/asm/crypto/sha/keccak1600-s390x.S b/contrib/openssl-cmake/asm/crypto/sha/keccak1600-s390x.S index 1a74fdb20e04..9f254bcf300e 100644 --- a/contrib/openssl-cmake/asm/crypto/sha/keccak1600-s390x.S +++ b/contrib/openssl-cmake/asm/crypto/sha/keccak1600-s390x.S @@ -396,6 +396,7 @@ SHA3_squeeze: lghi %r14,8 stg %r5,5*8(%r15) la %r1,0(%r2) + cijne %r6,0,.Lnext_block j .Loop_squeeze @@ -413,6 +414,7 @@ SHA3_squeeze: brct %r5,.Loop_squeeze # bsz-- +.Lnext_block: stmg %r3,%r4,3*8(%r15) bras %r14,.LKeccakF1600 lmg %r3,%r5,3*8(%r15) diff --git a/contrib/openssl-cmake/asm/crypto/sha/keccak1600-x86_64.s b/contrib/openssl-cmake/asm/crypto/sha/keccak1600-x86_64.s index 11f26e933d80..0ee5e604b71e 100644 --- a/contrib/openssl-cmake/asm/crypto/sha/keccak1600-x86_64.s +++ b/contrib/openssl-cmake/asm/crypto/sha/keccak1600-x86_64.s @@ -447,10 +447,12 @@ SHA3_squeeze: .cfi_offset %r14,-32 shrq $3,%rcx - movq %rdi,%r8 + movq %rdi,%r9 movq %rsi,%r12 movq %rdx,%r13 movq %rcx,%r14 + btl $0,%r8d + jc .Lnext_block jmp .Loop_squeeze .align 32 @@ -458,8 +460,8 @@ SHA3_squeeze: cmpq $8,%r13 jb .Ltail_squeeze - movq (%r8),%rax - leaq 8(%r8),%r8 + movq (%r9),%rax + leaq 8(%r9),%r9 movq %rax,(%r12) leaq 8(%r12),%r12 subq $8,%r13 @@ -467,14 +469,14 @@ SHA3_squeeze: subq $1,%rcx jnz .Loop_squeeze - +.Lnext_block: call KeccakF1600 - movq %rdi,%r8 + movq %rdi,%r9 movq %r14,%rcx jmp .Loop_squeeze .Ltail_squeeze: - movq %r8,%rsi + movq %r9,%rsi movq %r12,%rdi movq %r13,%rcx .byte 0xf3,0xa4 @@ -492,6 +494,7 @@ SHA3_squeeze: .byte 0xf3,0xc3 .cfi_endproc .size SHA3_squeeze,.-SHA3_squeeze +.section .rodata .align 256 .quad 0,0,0,0,0,0,0,0 .type iotas,@object diff --git a/contrib/openssl-cmake/asm/crypto/sha/sha1-armv8.S b/contrib/openssl-cmake/asm/crypto/sha/sha1-armv8.S index 329ab5670526..365bfd164a1c 100644 --- a/contrib/openssl-cmake/asm/crypto/sha/sha1-armv8.S +++ b/contrib/openssl-cmake/asm/crypto/sha/sha1-armv8.S @@ -1080,7 +1080,8 @@ sha1_block_armv8: stp x29,x30,[sp,#-16]! add x29,sp,#0 - adr x4,.Lconst + adrp x4,.Lconst + add x4,x4,#:lo12:.Lconst eor v1.16b,v1.16b,v1.16b ld1 {v0.4s},[x0],#16 ld1 {v1.s}[0],[x0] @@ -1203,6 +1204,9 @@ sha1_block_armv8: ldr x29,[sp],#16 ret .size sha1_block_armv8,.-sha1_block_armv8 + +.section .rodata + .align 6 .Lconst: .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 //K_00_19 diff --git a/contrib/openssl-cmake/asm/crypto/sha/sha1-mb-x86_64.s b/contrib/openssl-cmake/asm/crypto/sha/sha1-mb-x86_64.s index d6dadbbafe38..24d9d9375657 100644 --- a/contrib/openssl-cmake/asm/crypto/sha/sha1-mb-x86_64.s +++ b/contrib/openssl-cmake/asm/crypto/sha/sha1-mb-x86_64.s @@ -7286,7 +7286,7 @@ _avx2_shortcut: .byte 0xf3,0xc3 .cfi_endproc .size sha1_multi_block_avx2,.-sha1_multi_block_avx2 - +.section .rodata .align 256 .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 @@ -7301,3 +7301,4 @@ K_XX_XX: .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f .byte 0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0 .byte 83,72,65,49,32,109,117,108,116,105,45,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.previous diff --git a/contrib/openssl-cmake/asm/crypto/sha/sha1-x86_64.s b/contrib/openssl-cmake/asm/crypto/sha/sha1-x86_64.s index d4efc7206f57..dd4a58c1fecd 100644 --- a/contrib/openssl-cmake/asm/crypto/sha/sha1-x86_64.s +++ b/contrib/openssl-cmake/asm/crypto/sha/sha1-x86_64.s @@ -5433,6 +5433,7 @@ _avx2_shortcut: .byte 0xf3,0xc3 .cfi_endproc .size sha1_block_data_order_avx2,.-sha1_block_data_order_avx2 +.section .rodata .align 64 K_XX_XX: .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 @@ -5446,5 +5447,6 @@ K_XX_XX: .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f .byte 0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0 +.previous .byte 83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 64 diff --git a/contrib/openssl-cmake/asm/crypto/sha/sha256-armv8.S b/contrib/openssl-cmake/asm/crypto/sha/sha256-armv8.S index 6d1cb3180862..385242dab979 100644 --- a/contrib/openssl-cmake/asm/crypto/sha/sha256-armv8.S +++ b/contrib/openssl-cmake/asm/crypto/sha/sha256-armv8.S @@ -1,4 +1,4 @@ -// Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. +// Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved. // // Licensed under the Apache License 2.0 (the "License"). You may not use // this file except in compliance with the License. You can obtain a copy @@ -92,7 +92,8 @@ sha256_block_data_order: ldp w24,w25,[x0,#4*4] add x2,x1,x2,lsl#6 // end of input ldp w26,w27,[x0,#6*4] - adr x30,.LK256 + adrp x30,.LK256 + add x30,x30,#:lo12:.LK256 stp x0,x2,[x29,#96] .Loop: @@ -1040,6 +1041,8 @@ sha256_block_data_order: ret .size sha256_block_data_order,.-sha256_block_data_order +.section .rodata + .align 6 .type .LK256,%object .LK256: @@ -1064,6 +1067,8 @@ sha256_block_data_order: .byte 83,72,65,50,53,54,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 2 .align 2 + +.text #ifndef __KERNEL__ .type sha256_block_armv8,%function .align 6 @@ -1074,7 +1079,8 @@ sha256_block_armv8: add x29,sp,#0 ld1 {v0.4s,v1.4s},[x0] - adr x3,.LK256 + adrp x3,.LK256 + add x3,x3,#:lo12:.LK256 .Loop_hw: ld1 {v4.16b,v5.16b,v6.16b,v7.16b},[x1],#64 @@ -1218,7 +1224,8 @@ sha256_block_neon: mov x29, sp sub sp,sp,#16*4 - adr x16,.LK256 + adrp x16,.LK256 + add x16,x16,#:lo12:.LK256 add x2,x1,x2,lsl#6 // len to point at the end of inp ld1 {v0.16b},[x1], #16 diff --git a/contrib/openssl-cmake/asm/crypto/sha/sha256-mb-x86_64.s b/contrib/openssl-cmake/asm/crypto/sha/sha256-mb-x86_64.s index 116590de1f06..d4bf52940144 100644 --- a/contrib/openssl-cmake/asm/crypto/sha/sha256-mb-x86_64.s +++ b/contrib/openssl-cmake/asm/crypto/sha/sha256-mb-x86_64.s @@ -7831,6 +7831,7 @@ _avx2_shortcut: .byte 0xf3,0xc3 .cfi_endproc .size sha256_multi_block_avx2,.-sha256_multi_block_avx2 +.section .rodata .align 256 K256: .long 1116352408,1116352408,1116352408,1116352408 @@ -7982,3 +7983,4 @@ K256_shaext: .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 .byte 83,72,65,50,53,54,32,109,117,108,116,105,45,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.previous diff --git a/contrib/openssl-cmake/asm/crypto/sha/sha256-x86_64.s b/contrib/openssl-cmake/asm/crypto/sha/sha256-x86_64.s index a7b60900fdd0..f0de76776278 100644 --- a/contrib/openssl-cmake/asm/crypto/sha/sha256-x86_64.s +++ b/contrib/openssl-cmake/asm/crypto/sha/sha256-x86_64.s @@ -1728,6 +1728,7 @@ sha256_block_data_order: .byte 0xf3,0xc3 .cfi_endproc .size sha256_block_data_order,.-sha256_block_data_order +.section .rodata .align 64 .type K256,@object K256: @@ -1771,6 +1772,7 @@ K256: .long 0xffffffff,0xffffffff,0x03020100,0x0b0a0908 .long 0xffffffff,0xffffffff,0x03020100,0x0b0a0908 .byte 83,72,65,50,53,54,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.previous .type sha256_block_data_order_shaext,@function .align 64 sha256_block_data_order_shaext: diff --git a/contrib/openssl-cmake/asm/crypto/sha/sha512-armv8.S b/contrib/openssl-cmake/asm/crypto/sha/sha512-armv8.S index 37091dcc70b2..29c38b0bb075 100644 --- a/contrib/openssl-cmake/asm/crypto/sha/sha512-armv8.S +++ b/contrib/openssl-cmake/asm/crypto/sha/sha512-armv8.S @@ -1,4 +1,4 @@ -// Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. +// Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved. // // Licensed under the Apache License 2.0 (the "License"). You may not use // this file except in compliance with the License. You can obtain a copy @@ -90,7 +90,8 @@ sha512_block_data_order: ldp x24,x25,[x0,#4*8] add x2,x1,x2,lsl#7 // end of input ldp x26,x27,[x0,#6*8] - adr x30,.LK512 + adrp x30,.LK512 + add x30,x30,#:lo12:.LK512 stp x0,x2,[x29,#96] .Loop: @@ -1038,6 +1039,8 @@ sha512_block_data_order: ret .size sha512_block_data_order,.-sha512_block_data_order +.section .rodata + .align 6 .type .LK512,%object .LK512: @@ -1086,6 +1089,8 @@ sha512_block_data_order: .byte 83,72,65,53,49,50,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 2 .align 2 + +.text #ifndef __KERNEL__ .type sha512_block_armv8,%function .align 6 @@ -1099,7 +1104,8 @@ sha512_block_armv8: ld1 {v20.16b,v21.16b,v22.16b,v23.16b},[x1],#64 ld1 {v0.2d,v1.2d,v2.2d,v3.2d},[x0] // load context - adr x3,.LK512 + adrp x3,.LK512 + add x3,x3,#:lo12:.LK512 rev64 v16.16b,v16.16b rev64 v17.16b,v17.16b diff --git a/contrib/openssl-cmake/asm/crypto/sha/sha512-x86_64.s b/contrib/openssl-cmake/asm/crypto/sha/sha512-x86_64.s index 939f1ca71c93..3a3809ea2f93 100644 --- a/contrib/openssl-cmake/asm/crypto/sha/sha512-x86_64.s +++ b/contrib/openssl-cmake/asm/crypto/sha/sha512-x86_64.s @@ -1726,6 +1726,7 @@ sha512_block_data_order: .byte 0xf3,0xc3 .cfi_endproc .size sha512_block_data_order,.-sha512_block_data_order +.section .rodata .align 64 .type K512,@object K512: @@ -1813,6 +1814,7 @@ K512: .quad 0x0001020304050607,0x08090a0b0c0d0e0f .quad 0x0001020304050607,0x08090a0b0c0d0e0f .byte 83,72,65,53,49,50,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.previous .type sha512_block_data_order_xop,@function .align 64 sha512_block_data_order_xop: diff --git a/contrib/openssl-cmake/asm/crypto/sm3/asm/sm3-armv8.S b/contrib/openssl-cmake/asm/crypto/sm3/asm/sm3-armv8.S index 537ac82d3b7f..5c6167e6f250 100644 --- a/contrib/openssl-cmake/asm/crypto/sm3/asm/sm3-armv8.S +++ b/contrib/openssl-cmake/asm/crypto/sm3/asm/sm3-armv8.S @@ -1,4 +1,4 @@ -// Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. +// Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. // // Licensed under the Apache License 2.0 (the "License"). You may not use // this file except in compliance with the License. You can obtain a copy @@ -22,19 +22,19 @@ ossl_hwsm3_block_data_order: rev64 v6.4s, v6.4s ext v5.16b, v5.16b, v5.16b, #8 ext v6.16b, v6.16b, v6.16b, #8 - - adr x8, .Tj + adrp x8, .Tj + add x8, x8, #:lo12:.Tj ldp s16, s17, [x8] .Loop: // load input - ld1 {v0.16b,v1.16b,v2.16b,v3.16b}, [x1], #64 + ld1 {v0.4s,v1.4s,v2.4s,v3.4s}, [x1], #64 sub w2, w2, #1 mov v18.16b, v5.16b mov v19.16b, v6.16b -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v0.16b, v0.16b rev32 v1.16b, v1.16b rev32 v2.16b, v2.16b @@ -497,7 +497,12 @@ ossl_hwsm3_block_data_order: st1 {v5.4s,v6.4s}, [x0] ret .size ossl_hwsm3_block_data_order,.-ossl_hwsm3_block_data_order +.section .rodata +.type _sm3_consts,%object .align 3 +_sm3_consts: .Tj: .word 0x79cc4519, 0x9d8a7a87 +.size _sm3_consts,.-_sm3_consts +.previous diff --git a/contrib/openssl-cmake/asm/crypto/sm4/asm/sm4-armv8.S b/contrib/openssl-cmake/asm/crypto/sm4/asm/sm4-armv8.S index a0328d7cafc3..0135313075e4 100644 --- a/contrib/openssl-cmake/asm/crypto/sm4/asm/sm4-armv8.S +++ b/contrib/openssl-cmake/asm/crypto/sm4/asm/sm4-armv8.S @@ -1,4 +1,4 @@ -// Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +// Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. // // Licensed under the Apache License 2.0 (the "License"). You may not use // this file except in compliance with the License. You can obtain a copy @@ -15,7 +15,11 @@ #include "arm_arch.h" .arch armv8-a+crypto .text + +.section .rodata +.type _sm4_v8_consts,%object .align 6 +_sm4_v8_consts: .Lck: .long 0x00070E15, 0x1C232A31, 0x383F464D, 0x545B6269 .long 0x70777E85, 0x8C939AA1, 0xA8AFB6BD, 0xC4CBD2D9 @@ -27,17 +31,22 @@ .long 0x10171E25, 0x2C333A41, 0x484F565D, 0x646B7279 .Lfk: .long 0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc +.size _sm4_v8_consts,.-_sm4_v8_consts +.previous + .globl sm4_v8_set_encrypt_key .type sm4_v8_set_encrypt_key,%function .align 5 sm4_v8_set_encrypt_key: AARCH64_VALID_CALL_TARGET ld1 {v0.4s},[x0] - adr x2,.Lfk + adrp x2,.Lfk + add x2,x2,#:lo12:.Lfk ld1 {v24.4s},[x2] - adr x2,.Lck + adrp x2,.Lck + add x2,x2,#:lo12:.Lck ld1 {v16.4s,v17.4s,v18.4s,v19.4s},[x2],64 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v0.16b,v0.16b #endif ld1 {v20.4s,v21.4s,v22.4s,v23.4s},[x2] @@ -60,11 +69,13 @@ sm4_v8_set_encrypt_key: sm4_v8_set_decrypt_key: AARCH64_VALID_CALL_TARGET ld1 {v7.4s},[x0] - adr x2,.Lfk + adrp x2,.Lfk + add x2,x2,#:lo12:.Lfk ld1 {v24.4s},[x2] - adr x2, .Lck + adrp x2,.Lck + add x2,x2,#:lo12:.Lck ld1 {v16.4s,v17.4s,v18.4s,v19.4s},[x2],64 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v7.16b,v7.16b #endif ld1 {v20.4s,v21.4s,v22.4s,v23.4s},[x2] @@ -105,7 +116,7 @@ sm4_v8_encrypt: ld1 {v16.4s},[x0] ld1 {v0.4s,v1.4s,v2.4s,v3.4s},[x2],64 ld1 {v4.4s,v5.4s,v6.4s,v7.4s},[x2] -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif .inst 0xcec08410 //sm4e v16.4s,v0.4s @@ -118,7 +129,7 @@ sm4_v8_encrypt: .inst 0xcec084f0 //sm4e v16.4s,v7.4s rev64 v16.4S,v16.4S ext v16.16b,v16.16b,v16.16b,#8 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif st1 {v16.4s},[x1] @@ -132,7 +143,7 @@ sm4_v8_decrypt: ld1 {v16.4s},[x0] ld1 {v0.4s,v1.4s,v2.4s,v3.4s},[x2],64 ld1 {v4.4s,v5.4s,v6.4s,v7.4s},[x2] -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif .inst 0xcec08410 //sm4e v16.4s,v0.4s @@ -145,7 +156,7 @@ sm4_v8_decrypt: .inst 0xcec084f0 //sm4e v16.4s,v7.4s rev64 v16.4S,v16.4S ext v16.16b,v16.16b,v16.16b,#8 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif st1 {v16.4s},[x1] @@ -166,28 +177,28 @@ sm4_v8_ecb_encrypt: b.lt 2f ld1 {v20.4s,v21.4s,v22.4s,v23.4s},[x0],#64 // 8 blocks -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v17.16b,v17.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v18.16b,v18.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v19.16b,v19.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v20.16b,v20.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v21.16b,v21.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v22.16b,v22.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v23.16b,v23.16b #endif .inst 0xcec08410 //sm4e v16.4s,v0.4s @@ -284,29 +295,29 @@ sm4_v8_ecb_encrypt: ext v22.16b,v22.16b,v22.16b,#8 rev64 v23.4S,v23.4S ext v23.16b,v23.16b,v23.16b,#8 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v17.16b,v17.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v18.16b,v18.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v19.16b,v19.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v20.16b,v20.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v21.16b,v21.16b #endif st1 {v16.4s,v17.4s,v18.4s,v19.4s},[x1],#64 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v22.16b,v22.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v23.16b,v23.16b #endif st1 {v20.4s,v21.4s,v22.4s,v23.4s},[x1],#64 @@ -315,16 +326,16 @@ sm4_v8_ecb_encrypt: ret // 4 blocks 2: -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v17.16b,v17.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v18.16b,v18.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v19.16b,v19.16b #endif .inst 0xcec08410 //sm4e v16.4s,v0.4s @@ -374,16 +385,16 @@ sm4_v8_ecb_encrypt: ext v18.16b,v18.16b,v18.16b,#8 rev64 v19.4S,v19.4S ext v19.16b,v19.16b,v19.16b,#8 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v17.16b,v17.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v18.16b,v18.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v19.16b,v19.16b #endif st1 {v16.4s,v17.4s,v18.4s,v19.4s},[x1],#64 @@ -393,7 +404,7 @@ sm4_v8_ecb_encrypt: subs x2,x2,#16 b.lt 1f ld1 {v16.4s},[x0],#16 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif .inst 0xcec08410 //sm4e v16.4s,v0.4s @@ -406,7 +417,7 @@ sm4_v8_ecb_encrypt: .inst 0xcec084f0 //sm4e v16.4s,v7.4s rev64 v16.4S,v16.4S ext v16.16b,v16.16b,v16.16b,#8 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif st1 {v16.4s},[x1],#16 @@ -431,16 +442,16 @@ sm4_v8_cbc_encrypt: b.lt 1f ld1 {v16.4s,v17.4s,v18.4s,v19.4s},[x0],#64 eor v16.16b,v16.16b,v8.16b -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v17.16b,v17.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v18.16b,v18.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v19.16b,v19.16b #endif .inst 0xcec08410 //sm4e v16.4s,v0.4s @@ -464,7 +475,7 @@ sm4_v8_cbc_encrypt: .inst 0xcec084f1 //sm4e v17.4s,v7.4s rev64 v17.4S,v17.4S ext v17.16b,v17.16b,v17.16b,#8 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif eor v18.16b,v18.16b,v17.16b @@ -478,7 +489,7 @@ sm4_v8_cbc_encrypt: .inst 0xcec084f2 //sm4e v18.4s,v7.4s rev64 v18.4S,v18.4S ext v18.16b,v18.16b,v18.16b,#8 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v17.16b,v17.16b #endif eor v19.16b,v19.16b,v18.16b @@ -492,10 +503,10 @@ sm4_v8_cbc_encrypt: .inst 0xcec084f3 //sm4e v19.4s,v7.4s rev64 v19.4S,v19.4S ext v19.16b,v19.16b,v19.16b,#8 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v18.16b,v18.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v19.16b,v19.16b #endif mov v8.16b,v19.16b @@ -507,7 +518,7 @@ sm4_v8_cbc_encrypt: b.lt 3f ld1 {v16.4s},[x0],#16 eor v8.16b,v8.16b,v16.16b -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v8.16b,v8.16b #endif .inst 0xcec08408 //sm4e v8.4s,v0.4s @@ -520,10 +531,10 @@ sm4_v8_cbc_encrypt: .inst 0xcec084e8 //sm4e v8.4s,v7.4s rev64 v8.4S,v8.4S ext v8.16b,v8.16b,v8.16b,#8 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v8.16b,v8.16b #endif - st1 {v8.16b},[x1],#16 + st1 {v8.4s},[x1],#16 b.ne 1b b 3f .Ldec: @@ -537,28 +548,28 @@ sm4_v8_cbc_encrypt: // 8 blocks mode ld1 {v20.4s,v21.4s,v22.4s,v23.4s},[x0] ld1 {v28.4s,v29.4s,v30.4s,v31.4s},[x0],#64 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v17.16b,v17.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v18.16b,v18.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v19.16b,v19.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v20.16b,v20.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v21.16b,v21.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v22.16b,v22.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v23.16b,v23.16b #endif .inst 0xcec08410 //sm4e v16.4s,v0.4s @@ -655,28 +666,28 @@ sm4_v8_cbc_encrypt: ext v22.16b,v22.16b,v22.16b,#8 rev64 v23.4S,v23.4S ext v23.16b,v23.16b,v23.16b,#8 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v17.16b,v17.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v18.16b,v18.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v19.16b,v19.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v20.16b,v20.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v21.16b,v21.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v22.16b,v22.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v23.16b,v23.16b #endif eor v16.16b,v16.16b,v8.16b @@ -695,16 +706,16 @@ sm4_v8_cbc_encrypt: b 3f // 4 blocks mode 2: -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v17.16b,v17.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v18.16b,v18.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v19.16b,v19.16b #endif .inst 0xcec08410 //sm4e v16.4s,v0.4s @@ -754,16 +765,16 @@ sm4_v8_cbc_encrypt: ext v18.16b,v18.16b,v18.16b,#8 rev64 v19.4S,v19.4S ext v19.16b,v19.16b,v19.16b,#8 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v17.16b,v17.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v18.16b,v18.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v19.16b,v19.16b #endif eor v16.16b,v16.16b,v8.16b @@ -779,7 +790,7 @@ sm4_v8_cbc_encrypt: b.lt 3f ld1 {v16.4s},[x0],#16 mov v24.16b,v16.16b -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif .inst 0xcec08410 //sm4e v16.4s,v0.4s @@ -792,16 +803,16 @@ sm4_v8_cbc_encrypt: .inst 0xcec084f0 //sm4e v16.4s,v7.4s rev64 v16.4S,v16.4S ext v16.16b,v16.16b,v16.16b,#8 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif eor v16.16b,v16.16b,v8.16b mov v8.16b,v24.16b - st1 {v16.16b},[x1],#16 + st1 {v16.4s},[x1],#16 b.ne 1b 3: // save back IV - st1 {v8.16b},[x4] + st1 {v8.4s},[x4] ldp d8,d9,[sp],#16 ret .size sm4_v8_cbc_encrypt,.-sm4_v8_cbc_encrypt @@ -815,7 +826,7 @@ sm4_v8_ctr32_encrypt_blocks: ld1 {v8.4s},[x4] ld1 {v0.4s,v1.4s,v2.4s,v3.4s},[x3],64 ld1 {v4.4s,v5.4s,v6.4s,v7.4s},[x3] -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v8.16b,v8.16b #endif mov w5,v8.s[3] @@ -942,28 +953,28 @@ sm4_v8_ctr32_encrypt_blocks: ext v22.16b,v22.16b,v22.16b,#8 rev64 v23.4S,v23.4S ext v23.16b,v23.16b,v23.16b,#8 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v17.16b,v17.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v18.16b,v18.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v19.16b,v19.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v20.16b,v20.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v21.16b,v21.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v22.16b,v22.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v23.16b,v23.16b #endif eor v16.16b,v16.16b,v24.16b @@ -1029,16 +1040,16 @@ sm4_v8_ctr32_encrypt_blocks: ext v18.16b,v18.16b,v18.16b,#8 rev64 v19.4S,v19.4S ext v19.16b,v19.16b,v19.16b,#8 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v17.16b,v17.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v18.16b,v18.16b #endif -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v19.16b,v19.16b #endif eor v16.16b,v16.16b,v24.16b @@ -1066,7 +1077,7 @@ sm4_v8_ctr32_encrypt_blocks: .inst 0xcec084f0 //sm4e v16.4s,v7.4s rev64 v16.4S,v16.4S ext v16.16b,v16.16b,v16.16b,#8 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif eor v16.16b,v16.16b,v24.16b diff --git a/contrib/openssl-cmake/asm/crypto/sm4/asm/sm4-riscv64-zvksed.S b/contrib/openssl-cmake/asm/crypto/sm4/asm/sm4-riscv64-zvksed.S new file mode 100644 index 000000000000..c353c27e1c06 --- /dev/null +++ b/contrib/openssl-cmake/asm/crypto/sm4/asm/sm4-riscv64-zvksed.S @@ -0,0 +1,188 @@ +.text +.p2align 3 +.globl rv64i_zvksed_sm4_set_encrypt_key +.type rv64i_zvksed_sm4_set_encrypt_key,@function +rv64i_zvksed_sm4_set_encrypt_key: + .word 0xc1027057 + + # Load the user key + .word 33906823 + .word 1242865879 + + # Load the FK. + la t0, FK + .word 33743111 + + # Generate round keys. + .word 772866263 + .word 2249204215 # rk[0:3] + .word 2251334263 # rk[4:7] + .word 2252415735 # rk[8:11] + .word 2253497207 # rk[12:15] + .word 2254578679 # rk[16:19] + .word 2255660151 # rk[20:23] + .word 2256741623 # rk[24:27] + .word 2257823095 # rk[28:31] + + # Store round keys + .word 33939879 # rk[0:3] + addi a1, a1, 16 + .word 33940007 # rk[4:7] + addi a1, a1, 16 + .word 33940135 # rk[8:11] + addi a1, a1, 16 + .word 33940263 # rk[12:15] + addi a1, a1, 16 + .word 33940391 # rk[16:19] + addi a1, a1, 16 + .word 33940519 # rk[20:23] + addi a1, a1, 16 + .word 33940647 # rk[24:27] + addi a1, a1, 16 + .word 33940775 # rk[28:31] + + li a0, 1 + ret +.size rv64i_zvksed_sm4_set_encrypt_key,.-rv64i_zvksed_sm4_set_encrypt_key +.p2align 3 +.globl rv64i_zvksed_sm4_set_decrypt_key +.type rv64i_zvksed_sm4_set_decrypt_key,@function +rv64i_zvksed_sm4_set_decrypt_key: + .word 0xc1027057 + + # Load the user key + .word 33906823 + .word 1242865879 + + # Load the FK. + la t0, FK + .word 33743111 + + # Generate round keys. + .word 772866263 + .word 2249204215 # rk[0:3] + .word 2251334263 # rk[4:7] + .word 2252415735 # rk[8:11] + .word 2253497207 # rk[12:15] + .word 2254578679 # rk[16:19] + .word 2255660151 # rk[20:23] + .word 2256741623 # rk[24:27] + .word 2257823095 # rk[28:31] + + # Store round keys in reverse order + addi a1, a1, 12 + li t1, -4 + .word 174449959 # rk[31:28] + addi a1, a1, 16 + .word 174449831 # rk[27:24] + addi a1, a1, 16 + .word 174449703 # rk[23:20] + addi a1, a1, 16 + .word 174449575 # rk[19:16] + addi a1, a1, 16 + .word 174449447 # rk[15:12] + addi a1, a1, 16 + .word 174449319 # rk[11:8] + addi a1, a1, 16 + .word 174449191 # rk[7:4] + addi a1, a1, 16 + .word 174449063 # rk[3:0] + + li a0, 1 + ret +.size rv64i_zvksed_sm4_set_decrypt_key,.-rv64i_zvksed_sm4_set_decrypt_key +.p2align 3 +.globl rv64i_zvksed_sm4_encrypt +.type rv64i_zvksed_sm4_encrypt,@function +rv64i_zvksed_sm4_encrypt: + .word 0xc1027057 + + # Order of elements was adjusted in set_encrypt_key() + .word 33972487 # rk[0:3] + addi a2, a2, 16 + .word 33972615 # rk[4:7] + addi a2, a2, 16 + .word 33972743 # rk[8:11] + addi a2, a2, 16 + .word 33972871 # rk[12:15] + addi a2, a2, 16 + .word 33972999 # rk[16:19] + addi a2, a2, 16 + .word 33973127 # rk[20:23] + addi a2, a2, 16 + .word 33973255 # rk[24:27] + addi a2, a2, 16 + .word 33973383 # rk[28:31] + + # Load input data + .word 33906823 + .word 1242865879 + + # Encrypt with all keys + .word 2787647735 + .word 2788696311 + .word 2789744887 + .word 2790793463 + .word 2791842039 + .word 2792890615 + .word 2793939191 + .word 2794987767 + + # Save the ciphertext (in reverse element order) + .word 1242865879 + li t0, -4 + addi a1, a1, 12 + .word 173400231 + + ret +.size rv64i_zvksed_sm4_encrypt,.-rv64i_zvksed_sm4_encrypt +.p2align 3 +.globl rv64i_zvksed_sm4_decrypt +.type rv64i_zvksed_sm4_decrypt,@function +rv64i_zvksed_sm4_decrypt: + .word 0xc1027057 + + # Order of elements was adjusted in set_decrypt_key() + .word 33973383 # rk[31:28] + addi a2, a2, 16 + .word 33973255 # rk[27:24] + addi a2, a2, 16 + .word 33973127 # rk[23:20] + addi a2, a2, 16 + .word 33972999 # rk[19:16] + addi a2, a2, 16 + .word 33972871 # rk[15:11] + addi a2, a2, 16 + .word 33972743 # rk[11:8] + addi a2, a2, 16 + .word 33972615 # rk[7:4] + addi a2, a2, 16 + .word 33972487 # rk[3:0] + + # Load input data + .word 33906823 + .word 1242865879 + + # Encrypt with all keys + .word 2794987767 + .word 2793939191 + .word 2792890615 + .word 2791842039 + .word 2790793463 + .word 2789744887 + .word 2788696311 + .word 2787647735 + + # Save the ciphertext (in reverse element order) + .word 1242865879 + li t0, -4 + addi a1, a1, 12 + .word 173400231 + + ret +.size rv64i_zvksed_sm4_decrypt,.-rv64i_zvksed_sm4_decrypt +# Family Key (little-endian 32-bit chunks) +.p2align 3 +FK: + .word 0xA3B1BAC6, 0x56AA3350, 0x677D9197, 0xB27022DC +.size FK,.-FK diff --git a/contrib/openssl-cmake/asm/crypto/sm4/asm/vpsm4-armv8.S b/contrib/openssl-cmake/asm/crypto/sm4/asm/vpsm4-armv8.S index c14ff305b189..b2aad3252e11 100644 --- a/contrib/openssl-cmake/asm/crypto/sm4/asm/vpsm4-armv8.S +++ b/contrib/openssl-cmake/asm/crypto/sm4/asm/vpsm4-armv8.S @@ -1,4 +1,4 @@ -// Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. +// Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. // // Licensed under the Apache License 2.0 (the "License"). You may not use // this file except in compliance with the License. You can obtain a copy @@ -17,6 +17,7 @@ .arch armv8-a .text +.section .rodata .type _vpsm4_consts,%object .align 7 _vpsm4_consts: @@ -54,12 +55,16 @@ _vpsm4_consts: .quad 0x0101010101010187,0x0101010101010101 .size _vpsm4_consts,.-_vpsm4_consts + +.previous + .type _vpsm4_set_key,%function .align 4 _vpsm4_set_key: AARCH64_VALID_CALL_TARGET ld1 {v5.4s},[x0] - adr x10,.Lsbox + adrp x10,.Lsbox + add x10,x10,#:lo12:.Lsbox ld1 {v16.16b,v17.16b,v18.16b,v19.16b},[x10],#64 ld1 {v20.16b,v21.16b,v22.16b,v23.16b},[x10],#64 ld1 {v24.16b,v25.16b,v26.16b,v27.16b},[x10],#64 @@ -67,13 +72,16 @@ _vpsm4_set_key: #ifndef __AARCH64EB__ rev32 v5.16b,v5.16b #endif - adr x5,.Lshuffles + adrp x5,.Lshuffles + add x5,x5,#:lo12:.Lshuffles ld1 {v7.2d},[x5] - adr x5,.Lfk + adrp x5,.Lfk + add x5,x5,#:lo12:.Lfk ld1 {v6.2d},[x5] eor v5.16b,v5.16b,v6.16b mov x6,#32 - adr x5,.Lck + adrp x5,.Lck + add x5,x5,#:lo12:.Lck movi v0.16b,#64 cbnz w2,1f add x1,x1,124 @@ -597,7 +605,8 @@ vpsm4_set_decrypt_key: vpsm4_encrypt: AARCH64_VALID_CALL_TARGET ld1 {v4.4s},[x0] - adr x10,.Lsbox + adrp x10,.Lsbox + add x10,x10,#:lo12:.Lsbox ld1 {v16.16b,v17.16b,v18.16b,v19.16b},[x10],#64 ld1 {v20.16b,v21.16b,v22.16b,v23.16b},[x10],#64 ld1 {v24.16b,v25.16b,v26.16b,v27.16b},[x10],#64 @@ -757,7 +766,8 @@ vpsm4_encrypt: vpsm4_decrypt: AARCH64_VALID_CALL_TARGET ld1 {v4.4s},[x0] - adr x10,.Lsbox + adrp x10,.Lsbox + add x10,x10,#:lo12:.Lsbox ld1 {v16.16b,v17.16b,v18.16b,v19.16b},[x10],#64 ld1 {v20.16b,v21.16b,v22.16b,v23.16b},[x10],#64 ld1 {v24.16b,v25.16b,v26.16b,v27.16b},[x10],#64 @@ -923,7 +933,8 @@ vpsm4_ecb_encrypt: stp d12,d13,[sp,#32] stp d14,d15,[sp,#48] stp x29,x30,[sp,#64] - adr x10,.Lsbox + adrp x10,.Lsbox + add x10,x10,#:lo12:.Lsbox ld1 {v16.16b,v17.16b,v18.16b,v19.16b},[x10],#64 ld1 {v20.16b,v21.16b,v22.16b,v23.16b},[x10],#64 ld1 {v24.16b,v25.16b,v26.16b,v27.16b},[x10],#64 @@ -1189,7 +1200,8 @@ vpsm4_ecb_encrypt: vpsm4_cbc_encrypt: AARCH64_VALID_CALL_TARGET lsr x2,x2,4 - adr x10,.Lsbox + adrp x10,.Lsbox + add x10,x10,#:lo12:.Lsbox ld1 {v16.16b,v17.16b,v18.16b,v19.16b},[x10],#64 ld1 {v20.16b,v21.16b,v22.16b,v23.16b},[x10],#64 ld1 {v24.16b,v25.16b,v26.16b,v27.16b},[x10],#64 @@ -2003,7 +2015,7 @@ vpsm4_cbc_encrypt: zip2 v7.2d,v9.2d,v11.2d ld1 {v15.4s},[x4] ld1 {v8.4s,v9.4s,v10.4s,v11.4s},[x0],#64 - // note ivec1 and vtmpx[3] are resuing the same register + // note ivec1 and vtmpx[3] are reusing the same register // care needs to be taken to avoid conflict eor v0.16b,v0.16b,v15.16b ld1 {v12.4s,v13.4s,v14.4s,v15.4s},[x0],#64 @@ -2299,7 +2311,8 @@ vpsm4_ctr32_encrypt_blocks: #ifndef __AARCH64EB__ rev32 v3.16b,v3.16b #endif - adr x10,.Lsbox + adrp x10,.Lsbox + add x10,x10,#:lo12:.Lsbox ld1 {v16.16b,v17.16b,v18.16b,v19.16b},[x10],#64 ld1 {v20.16b,v21.16b,v22.16b,v23.16b},[x10],#64 ld1 {v24.16b,v25.16b,v26.16b,v27.16b},[x10],#64 @@ -2737,7 +2750,8 @@ vpsm4_xts_encrypt_gb: mov w28,w6 ld1 {v8.4s}, [x5] mov x3,x27 - adr x10,.Lsbox + adrp x10,.Lsbox + add x10,x10,#:lo12:.Lsbox ld1 {v16.16b,v17.16b,v18.16b,v19.16b},[x10],#64 ld1 {v20.16b,v21.16b,v22.16b,v23.16b},[x10],#64 ld1 {v24.16b,v25.16b,v26.16b,v27.16b},[x10],#64 @@ -3491,7 +3505,8 @@ vpsm4_xts_encrypt_gb: rev32 v8.16b,v8.16b #endif rbit v2.16b,v8.16b - ldr q0, .Lxts_magic + adrp x10,.Lxts_magic + ldr q0, [x10, #:lo12:.Lxts_magic] shl v9.16b, v2.16b, #1 ext v1.16b, v2.16b, v2.16b,#15 ushr v1.16b, v1.16b, #7 @@ -3499,7 +3514,8 @@ vpsm4_xts_encrypt_gb: eor v9.16b, v9.16b, v1.16b rbit v9.16b,v9.16b rbit v2.16b,v9.16b - ldr q0, .Lxts_magic + adrp x10,.Lxts_magic + ldr q0, [x10, #:lo12:.Lxts_magic] shl v10.16b, v2.16b, #1 ext v1.16b, v2.16b, v2.16b,#15 ushr v1.16b, v1.16b, #7 @@ -3517,7 +3533,8 @@ vpsm4_xts_encrypt_gb: rev32 v9.16b,v9.16b #endif rbit v2.16b,v9.16b - ldr q0, .Lxts_magic + adrp x10,.Lxts_magic + ldr q0, [x10, #:lo12:.Lxts_magic] shl v10.16b, v2.16b, #1 ext v1.16b, v2.16b, v2.16b,#15 ushr v1.16b, v1.16b, #7 @@ -3889,7 +3906,8 @@ vpsm4_xts_encrypt: mov w28,w6 ld1 {v8.4s}, [x5] mov x3,x27 - adr x10,.Lsbox + adrp x10,.Lsbox + add x10,x10,#:lo12:.Lsbox ld1 {v16.16b,v17.16b,v18.16b,v19.16b},[x10],#64 ld1 {v20.16b,v21.16b,v22.16b,v23.16b},[x10],#64 ld1 {v24.16b,v25.16b,v26.16b,v27.16b},[x10],#64 @@ -4624,14 +4642,16 @@ vpsm4_xts_encrypt: rev32 v8.16b,v8.16b #endif mov v2.16b,v8.16b - ldr q0, .Lxts_magic + adrp x10,.Lxts_magic + ldr q0, [x10, #:lo12:.Lxts_magic] shl v9.16b, v2.16b, #1 ext v1.16b, v2.16b, v2.16b,#15 ushr v1.16b, v1.16b, #7 mul v1.16b, v1.16b, v0.16b eor v9.16b, v9.16b, v1.16b mov v2.16b,v9.16b - ldr q0, .Lxts_magic + adrp x10,.Lxts_magic + ldr q0, [x10, #:lo12:.Lxts_magic] shl v10.16b, v2.16b, #1 ext v1.16b, v2.16b, v2.16b,#15 ushr v1.16b, v1.16b, #7 @@ -4648,7 +4668,8 @@ vpsm4_xts_encrypt: rev32 v9.16b,v9.16b #endif mov v2.16b,v9.16b - ldr q0, .Lxts_magic + adrp x10,.Lxts_magic + ldr q0, [x10, #:lo12:.Lxts_magic] shl v10.16b, v2.16b, #1 ext v1.16b, v2.16b, v2.16b,#15 ushr v1.16b, v1.16b, #7 diff --git a/contrib/openssl-cmake/asm/crypto/sm4/asm/vpsm4_ex-armv8.S b/contrib/openssl-cmake/asm/crypto/sm4/asm/vpsm4_ex-armv8.S index 7cd667f5b0c6..2ff0246cc604 100644 --- a/contrib/openssl-cmake/asm/crypto/sm4/asm/vpsm4_ex-armv8.S +++ b/contrib/openssl-cmake/asm/crypto/sm4/asm/vpsm4_ex-armv8.S @@ -1,4 +1,4 @@ -// Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. +// Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. // // Licensed under the Apache License 2.0 (the "License"). You may not use // this file except in compliance with the License. You can obtain a copy @@ -49,22 +49,26 @@ _vpsm4_ex_consts: _vpsm4_ex_set_key: AARCH64_VALID_CALL_TARGET ld1 {v5.4s},[x0] - ldr q26, .Lsbox_magic - ldr q27, .Lsbox_magic+16 - ldr q28, .Lsbox_magic+32 - ldr q29, .Lsbox_magic+48 - ldr q30, .Lsbox_magic+64 - ldr q31, .Lsbox_magic+80 + adrp x9, .Lsbox_magic + ldr q26, [x9, #:lo12:.Lsbox_magic] + ldr q27, [x9, #:lo12:.Lsbox_magic+16] + ldr q28, [x9, #:lo12:.Lsbox_magic+32] + ldr q29, [x9, #:lo12:.Lsbox_magic+48] + ldr q30, [x9, #:lo12:.Lsbox_magic+64] + ldr q31, [x9, #:lo12:.Lsbox_magic+80] #ifndef __AARCH64EB__ rev32 v5.16b,v5.16b #endif - adr x5,.Lshuffles + adrp x5,.Lshuffles + add x5,x5,#:lo12:.Lshuffles ld1 {v7.2d},[x5] - adr x5,.Lfk + adrp x5,.Lfk + add x5,x5,#:lo12:.Lfk ld1 {v6.2d},[x5] eor v5.16b,v5.16b,v6.16b mov x6,#32 - adr x5,.Lck + adrp x5,.Lck + add x5,x5,#:lo12:.Lck movi v0.16b,#64 cbnz w2,1f add x1,x1,124 @@ -622,12 +626,13 @@ vpsm4_ex_set_decrypt_key: vpsm4_ex_encrypt: AARCH64_VALID_CALL_TARGET ld1 {v4.4s},[x0] - ldr q26, .Lsbox_magic - ldr q27, .Lsbox_magic+16 - ldr q28, .Lsbox_magic+32 - ldr q29, .Lsbox_magic+48 - ldr q30, .Lsbox_magic+64 - ldr q31, .Lsbox_magic+80 + adrp x9, .Lsbox_magic + ldr q26, [x9, #:lo12:.Lsbox_magic] + ldr q27, [x9, #:lo12:.Lsbox_magic+16] + ldr q28, [x9, #:lo12:.Lsbox_magic+32] + ldr q29, [x9, #:lo12:.Lsbox_magic+48] + ldr q30, [x9, #:lo12:.Lsbox_magic+64] + ldr q31, [x9, #:lo12:.Lsbox_magic+80] #ifndef __AARCH64EB__ rev32 v4.16b,v4.16b #endif @@ -763,12 +768,13 @@ vpsm4_ex_encrypt: vpsm4_ex_decrypt: AARCH64_VALID_CALL_TARGET ld1 {v4.4s},[x0] - ldr q26, .Lsbox_magic - ldr q27, .Lsbox_magic+16 - ldr q28, .Lsbox_magic+32 - ldr q29, .Lsbox_magic+48 - ldr q30, .Lsbox_magic+64 - ldr q31, .Lsbox_magic+80 + adrp x9, .Lsbox_magic + ldr q26, [x9, #:lo12:.Lsbox_magic] + ldr q27, [x9, #:lo12:.Lsbox_magic+16] + ldr q28, [x9, #:lo12:.Lsbox_magic+32] + ldr q29, [x9, #:lo12:.Lsbox_magic+48] + ldr q30, [x9, #:lo12:.Lsbox_magic+64] + ldr q31, [x9, #:lo12:.Lsbox_magic+80] #ifndef __AARCH64EB__ rev32 v4.16b,v4.16b #endif @@ -910,12 +916,13 @@ vpsm4_ex_ecb_encrypt: stp d12,d13,[sp,#32] stp d14,d15,[sp,#48] stp x29,x30,[sp,#64] - ldr q26, .Lsbox_magic - ldr q27, .Lsbox_magic+16 - ldr q28, .Lsbox_magic+32 - ldr q29, .Lsbox_magic+48 - ldr q30, .Lsbox_magic+64 - ldr q31, .Lsbox_magic+80 + adrp x9, .Lsbox_magic + ldr q26, [x9, #:lo12:.Lsbox_magic] + ldr q27, [x9, #:lo12:.Lsbox_magic+16] + ldr q28, [x9, #:lo12:.Lsbox_magic+32] + ldr q29, [x9, #:lo12:.Lsbox_magic+48] + ldr q30, [x9, #:lo12:.Lsbox_magic+64] + ldr q31, [x9, #:lo12:.Lsbox_magic+80] .Lecb_8_blocks_process: cmp w2,#8 b.lt .Lecb_4_blocks_process @@ -1157,12 +1164,13 @@ vpsm4_ex_ecb_encrypt: vpsm4_ex_cbc_encrypt: AARCH64_VALID_CALL_TARGET lsr x2,x2,4 - ldr q26, .Lsbox_magic - ldr q27, .Lsbox_magic+16 - ldr q28, .Lsbox_magic+32 - ldr q29, .Lsbox_magic+48 - ldr q30, .Lsbox_magic+64 - ldr q31, .Lsbox_magic+80 + adrp x9, .Lsbox_magic + ldr q26, [x9, #:lo12:.Lsbox_magic] + ldr q27, [x9, #:lo12:.Lsbox_magic+16] + ldr q28, [x9, #:lo12:.Lsbox_magic+32] + ldr q29, [x9, #:lo12:.Lsbox_magic+48] + ldr q30, [x9, #:lo12:.Lsbox_magic+64] + ldr q31, [x9, #:lo12:.Lsbox_magic+80] cbz w5,.Ldec ld1 {v3.4s},[x4] .Lcbc_4_blocks_enc: @@ -1872,7 +1880,7 @@ vpsm4_ex_cbc_encrypt: zip2 v7.2d,v9.2d,v11.2d ld1 {v15.4s},[x4] ld1 {v8.4s,v9.4s,v10.4s,v11.4s},[x0],#64 - // note ivec1 and vtmpx[3] are resuing the same register + // note ivec1 and vtmpx[3] are reusing the same register // care needs to be taken to avoid conflict eor v0.16b,v0.16b,v15.16b ld1 {v12.4s,v13.4s,v14.4s,v15.4s},[x0],#64 @@ -2148,12 +2156,13 @@ vpsm4_ex_ctr32_encrypt_blocks: #ifndef __AARCH64EB__ rev32 v3.16b,v3.16b #endif - ldr q26, .Lsbox_magic - ldr q27, .Lsbox_magic+16 - ldr q28, .Lsbox_magic+32 - ldr q29, .Lsbox_magic+48 - ldr q30, .Lsbox_magic+64 - ldr q31, .Lsbox_magic+80 + adrp x9, .Lsbox_magic + ldr q26, [x9, #:lo12:.Lsbox_magic] + ldr q27, [x9, #:lo12:.Lsbox_magic+16] + ldr q28, [x9, #:lo12:.Lsbox_magic+32] + ldr q29, [x9, #:lo12:.Lsbox_magic+48] + ldr q30, [x9, #:lo12:.Lsbox_magic+64] + ldr q31, [x9, #:lo12:.Lsbox_magic+80] cmp w2,#1 b.ne 1f // fast processing for one single block without @@ -2547,12 +2556,13 @@ vpsm4_ex_xts_encrypt_gb: mov w28,w6 ld1 {v16.4s}, [x5] mov x3,x27 - ldr q26, .Lsbox_magic - ldr q27, .Lsbox_magic+16 - ldr q28, .Lsbox_magic+32 - ldr q29, .Lsbox_magic+48 - ldr q30, .Lsbox_magic+64 - ldr q31, .Lsbox_magic+80 + adrp x9, .Lsbox_magic + ldr q26, [x9, #:lo12:.Lsbox_magic] + ldr q27, [x9, #:lo12:.Lsbox_magic+16] + ldr q28, [x9, #:lo12:.Lsbox_magic+32] + ldr q29, [x9, #:lo12:.Lsbox_magic+48] + ldr q30, [x9, #:lo12:.Lsbox_magic+64] + ldr q31, [x9, #:lo12:.Lsbox_magic+80] #ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif @@ -3189,7 +3199,8 @@ vpsm4_ex_xts_encrypt_gb: rev32 v25.16b,v25.16b #endif rbit v2.16b,v25.16b - ldr q0, .Lxts_magic + adrp x9, .Lxts_magic + ldr q0, [x9, #:lo12:.Lxts_magic] shl v17.16b, v2.16b, #1 ext v1.16b, v2.16b, v2.16b,#15 ushr v1.16b, v1.16b, #7 @@ -3197,7 +3208,8 @@ vpsm4_ex_xts_encrypt_gb: eor v17.16b, v17.16b, v1.16b rbit v17.16b,v17.16b rbit v2.16b,v17.16b - ldr q0, .Lxts_magic + adrp x9, .Lxts_magic + ldr q0, [x9, #:lo12:.Lxts_magic] shl v18.16b, v2.16b, #1 ext v1.16b, v2.16b, v2.16b,#15 ushr v1.16b, v1.16b, #7 @@ -3215,7 +3227,8 @@ vpsm4_ex_xts_encrypt_gb: rev32 v17.16b,v17.16b #endif rbit v2.16b,v17.16b - ldr q0, .Lxts_magic + adrp x9, .Lxts_magic + ldr q0, [x9, #:lo12:.Lxts_magic] shl v18.16b, v2.16b, #1 ext v1.16b, v2.16b, v2.16b,#15 ushr v1.16b, v1.16b, #7 @@ -3547,12 +3560,13 @@ vpsm4_ex_xts_encrypt: mov w28,w6 ld1 {v16.4s}, [x5] mov x3,x27 - ldr q26, .Lsbox_magic - ldr q27, .Lsbox_magic+16 - ldr q28, .Lsbox_magic+32 - ldr q29, .Lsbox_magic+48 - ldr q30, .Lsbox_magic+64 - ldr q31, .Lsbox_magic+80 + adrp x9, .Lsbox_magic + ldr q26, [x9, #:lo12:.Lsbox_magic] + ldr q27, [x9, #:lo12:.Lsbox_magic+16] + ldr q28, [x9, #:lo12:.Lsbox_magic+32] + ldr q29, [x9, #:lo12:.Lsbox_magic+48] + ldr q30, [x9, #:lo12:.Lsbox_magic+64] + ldr q31, [x9, #:lo12:.Lsbox_magic+80] #ifndef __AARCH64EB__ rev32 v16.16b,v16.16b #endif @@ -4170,14 +4184,16 @@ vpsm4_ex_xts_encrypt: rev32 v25.16b,v25.16b #endif mov v2.16b,v25.16b - ldr q0, .Lxts_magic + adrp x9, .Lxts_magic + ldr q0, [x9, #:lo12:.Lxts_magic] shl v17.16b, v2.16b, #1 ext v1.16b, v2.16b, v2.16b,#15 ushr v1.16b, v1.16b, #7 mul v1.16b, v1.16b, v0.16b eor v17.16b, v17.16b, v1.16b mov v2.16b,v17.16b - ldr q0, .Lxts_magic + adrp x9, .Lxts_magic + ldr q0, [x9, #:lo12:.Lxts_magic] shl v18.16b, v2.16b, #1 ext v1.16b, v2.16b, v2.16b,#15 ushr v1.16b, v1.16b, #7 @@ -4194,7 +4210,8 @@ vpsm4_ex_xts_encrypt: rev32 v17.16b,v17.16b #endif mov v2.16b,v17.16b - ldr q0, .Lxts_magic + adrp x9, .Lxts_magic + ldr q0, [x9, #:lo12:.Lxts_magic] shl v18.16b, v2.16b, #1 ext v1.16b, v2.16b, v2.16b,#15 ushr v1.16b, v1.16b, #7 diff --git a/contrib/openssl-cmake/asm/crypto/sm4/sm4-riscv64-zvksed.S b/contrib/openssl-cmake/asm/crypto/sm4/sm4-riscv64-zvksed.S new file mode 100644 index 000000000000..c353c27e1c06 --- /dev/null +++ b/contrib/openssl-cmake/asm/crypto/sm4/sm4-riscv64-zvksed.S @@ -0,0 +1,188 @@ +.text +.p2align 3 +.globl rv64i_zvksed_sm4_set_encrypt_key +.type rv64i_zvksed_sm4_set_encrypt_key,@function +rv64i_zvksed_sm4_set_encrypt_key: + .word 0xc1027057 + + # Load the user key + .word 33906823 + .word 1242865879 + + # Load the FK. + la t0, FK + .word 33743111 + + # Generate round keys. + .word 772866263 + .word 2249204215 # rk[0:3] + .word 2251334263 # rk[4:7] + .word 2252415735 # rk[8:11] + .word 2253497207 # rk[12:15] + .word 2254578679 # rk[16:19] + .word 2255660151 # rk[20:23] + .word 2256741623 # rk[24:27] + .word 2257823095 # rk[28:31] + + # Store round keys + .word 33939879 # rk[0:3] + addi a1, a1, 16 + .word 33940007 # rk[4:7] + addi a1, a1, 16 + .word 33940135 # rk[8:11] + addi a1, a1, 16 + .word 33940263 # rk[12:15] + addi a1, a1, 16 + .word 33940391 # rk[16:19] + addi a1, a1, 16 + .word 33940519 # rk[20:23] + addi a1, a1, 16 + .word 33940647 # rk[24:27] + addi a1, a1, 16 + .word 33940775 # rk[28:31] + + li a0, 1 + ret +.size rv64i_zvksed_sm4_set_encrypt_key,.-rv64i_zvksed_sm4_set_encrypt_key +.p2align 3 +.globl rv64i_zvksed_sm4_set_decrypt_key +.type rv64i_zvksed_sm4_set_decrypt_key,@function +rv64i_zvksed_sm4_set_decrypt_key: + .word 0xc1027057 + + # Load the user key + .word 33906823 + .word 1242865879 + + # Load the FK. + la t0, FK + .word 33743111 + + # Generate round keys. + .word 772866263 + .word 2249204215 # rk[0:3] + .word 2251334263 # rk[4:7] + .word 2252415735 # rk[8:11] + .word 2253497207 # rk[12:15] + .word 2254578679 # rk[16:19] + .word 2255660151 # rk[20:23] + .word 2256741623 # rk[24:27] + .word 2257823095 # rk[28:31] + + # Store round keys in reverse order + addi a1, a1, 12 + li t1, -4 + .word 174449959 # rk[31:28] + addi a1, a1, 16 + .word 174449831 # rk[27:24] + addi a1, a1, 16 + .word 174449703 # rk[23:20] + addi a1, a1, 16 + .word 174449575 # rk[19:16] + addi a1, a1, 16 + .word 174449447 # rk[15:12] + addi a1, a1, 16 + .word 174449319 # rk[11:8] + addi a1, a1, 16 + .word 174449191 # rk[7:4] + addi a1, a1, 16 + .word 174449063 # rk[3:0] + + li a0, 1 + ret +.size rv64i_zvksed_sm4_set_decrypt_key,.-rv64i_zvksed_sm4_set_decrypt_key +.p2align 3 +.globl rv64i_zvksed_sm4_encrypt +.type rv64i_zvksed_sm4_encrypt,@function +rv64i_zvksed_sm4_encrypt: + .word 0xc1027057 + + # Order of elements was adjusted in set_encrypt_key() + .word 33972487 # rk[0:3] + addi a2, a2, 16 + .word 33972615 # rk[4:7] + addi a2, a2, 16 + .word 33972743 # rk[8:11] + addi a2, a2, 16 + .word 33972871 # rk[12:15] + addi a2, a2, 16 + .word 33972999 # rk[16:19] + addi a2, a2, 16 + .word 33973127 # rk[20:23] + addi a2, a2, 16 + .word 33973255 # rk[24:27] + addi a2, a2, 16 + .word 33973383 # rk[28:31] + + # Load input data + .word 33906823 + .word 1242865879 + + # Encrypt with all keys + .word 2787647735 + .word 2788696311 + .word 2789744887 + .word 2790793463 + .word 2791842039 + .word 2792890615 + .word 2793939191 + .word 2794987767 + + # Save the ciphertext (in reverse element order) + .word 1242865879 + li t0, -4 + addi a1, a1, 12 + .word 173400231 + + ret +.size rv64i_zvksed_sm4_encrypt,.-rv64i_zvksed_sm4_encrypt +.p2align 3 +.globl rv64i_zvksed_sm4_decrypt +.type rv64i_zvksed_sm4_decrypt,@function +rv64i_zvksed_sm4_decrypt: + .word 0xc1027057 + + # Order of elements was adjusted in set_decrypt_key() + .word 33973383 # rk[31:28] + addi a2, a2, 16 + .word 33973255 # rk[27:24] + addi a2, a2, 16 + .word 33973127 # rk[23:20] + addi a2, a2, 16 + .word 33972999 # rk[19:16] + addi a2, a2, 16 + .word 33972871 # rk[15:11] + addi a2, a2, 16 + .word 33972743 # rk[11:8] + addi a2, a2, 16 + .word 33972615 # rk[7:4] + addi a2, a2, 16 + .word 33972487 # rk[3:0] + + # Load input data + .word 33906823 + .word 1242865879 + + # Encrypt with all keys + .word 2794987767 + .word 2793939191 + .word 2792890615 + .word 2791842039 + .word 2790793463 + .word 2789744887 + .word 2788696311 + .word 2787647735 + + # Save the ciphertext (in reverse element order) + .word 1242865879 + li t0, -4 + addi a1, a1, 12 + .word 173400231 + + ret +.size rv64i_zvksed_sm4_decrypt,.-rv64i_zvksed_sm4_decrypt +# Family Key (little-endian 32-bit chunks) +.p2align 3 +FK: + .word 0xA3B1BAC6, 0x56AA3350, 0x677D9197, 0xB27022DC +.size FK,.-FK diff --git a/contrib/openssl-cmake/asm/crypto/whrlpool/wp-x86_64.s b/contrib/openssl-cmake/asm/crypto/whrlpool/wp-x86_64.s index 2c261f398a1e..9f59c5d7efd4 100644 --- a/contrib/openssl-cmake/asm/crypto/whrlpool/wp-x86_64.s +++ b/contrib/openssl-cmake/asm/crypto/whrlpool/wp-x86_64.s @@ -608,6 +608,7 @@ whirlpool_block: .cfi_endproc .size whirlpool_block,.-whirlpool_block +.section .rodata .align 64 .type .Ltable,@object .Ltable: diff --git a/contrib/openssl-cmake/asm/crypto/x86_64cpuid.s b/contrib/openssl-cmake/asm/crypto/x86_64cpuid.s index f04ea4d38699..3b40b616c91c 100644 --- a/contrib/openssl-cmake/asm/crypto/x86_64cpuid.s +++ b/contrib/openssl-cmake/asm/crypto/x86_64cpuid.s @@ -1,11 +1,11 @@ + .hidden OPENSSL_cpuid_setup .section .init call OPENSSL_cpuid_setup .hidden OPENSSL_ia32cap_P -.comm OPENSSL_ia32cap_P,16,4 - +.comm OPENSSL_ia32cap_P,40,4 .text .globl OPENSSL_atomic_add @@ -163,6 +163,7 @@ OPENSSL_ia32_cpuid: movl $7,%eax xorl %ecx,%ecx cpuid + movd %eax,%xmm1 btl $26,%r9d jc .Lnotknights andl $0xfff7ffff,%ebx @@ -173,9 +174,31 @@ OPENSSL_ia32_cpuid: jne .Lnotskylakex andl $0xfffeffff,%ebx + .Lnotskylakex: movl %ebx,8(%rdi) movl %ecx,12(%rdi) + movl %edx,16(%rdi) + + movd %xmm1,%eax + cmpl $0x1,%eax + jb .Lno_extended_info + movl $0x7,%eax + movl $0x1,%ecx + cpuid + movl %eax,20(%rdi) + movl %edx,24(%rdi) + movl %ebx,28(%rdi) + movl %ecx,32(%rdi) + + andl $0x80000,%edx + cmpl $0x0,%edx + je .Lno_extended_info + movl $0x24,%eax + movl $0x0,%ecx + cpuid + movl %ebx,36(%rdi) + .Lno_extended_info: btl $27,%r9d @@ -194,6 +217,9 @@ OPENSSL_ia32_cpuid: cmpl $6,%eax je .Ldone .Lclear_avx: + andl $0xff7fffff,20(%rdi) + + movl $0xefffe7ff,%eax andl %eax,%r9d movl $0x3fdeffdf,%eax diff --git a/contrib/openssl-cmake/asm/generate_asm.sh b/contrib/openssl-cmake/asm/generate_asm.sh index 06d1e88523df..ac37736f9e4e 100755 --- a/contrib/openssl-cmake/asm/generate_asm.sh +++ b/contrib/openssl-cmake/asm/generate_asm.sh @@ -22,11 +22,15 @@ declare -a jobs=( "crypto/aes/asm/aesni-sha1-x86_64.pl crypto/aes/aesni-sha1-x86_64.s" "crypto/aes/asm/aesni-sha256-x86_64.pl crypto/aes/aesni-sha256-x86_64.s" "crypto/aes/asm/aesni-x86_64.pl crypto/aes/aesni-x86_64.s" + "crypto/aes/asm/aesni-xts-avx512.pl crypto/aes/aesni-xts-avx512.s" "crypto/aes/asm/bsaes-x86_64.pl crypto/aes/bsaes-x86_64.s" "crypto/aes/asm/vpaes-x86_64.pl crypto/aes/vpaes-x86_64.s" "crypto/bn/asm/rsaz-2k-avx512.pl crypto/bn/rsaz-2k-avx512.s" + "crypto/bn/asm/rsaz-2k-avxifma.pl crypto/bn/rsaz-2k-avxifma.s" "crypto/bn/asm/rsaz-3k-avx512.pl crypto/bn/rsaz-3k-avx512.s" + "crypto/bn/asm/rsaz-3k-avxifma.pl crypto/bn/rsaz-3k-avxifma.s" "crypto/bn/asm/rsaz-4k-avx512.pl crypto/bn/rsaz-4k-avx512.s" + "crypto/bn/asm/rsaz-4k-avxifma.pl crypto/bn/rsaz-4k-avxifma.s" "crypto/bn/asm/rsaz-avx2.pl crypto/bn/rsaz-avx2.s" "crypto/bn/asm/rsaz-x86_64.pl crypto/bn/rsaz-x86_64.s" "crypto/bn/asm/x86_64-gf2m.pl crypto/bn/x86_64-gf2m.s" @@ -37,13 +41,15 @@ declare -a jobs=( "crypto/ec/asm/ecp_nistz256-x86_64.pl crypto/ec/ecp_nistz256-x86_64.s" "crypto/ec/asm/x25519-x86_64.pl crypto/ec/x25519-x86_64.s" "crypto/md5/asm/md5-x86_64.pl crypto/md5/md5-x86_64.s" - "crypto/modes/asm/aesni-gcm-x86_64.pl crypto/modes/aesni-gcm-x86_64.s" "crypto/modes/asm/aes-gcm-avx512.pl crypto/modes/aes-gcm-avx512.s" - "crypto/x86_64cpuid.pl crypto/x86_64cpuid.s" + "crypto/modes/asm/aesni-gcm-x86_64.pl crypto/modes/aesni-gcm-x86_64.s" "crypto/modes/asm/ghash-x86_64.pl crypto/modes/ghash-x86_64.s" "crypto/poly1305/asm/poly1305-x86_64.pl crypto/poly1305/poly1305-x86_64.s" "crypto/rc4/asm/rc4-md5-x86_64.pl crypto/rc4/rc4-md5-x86_64.s" "crypto/rc4/asm/rc4-x86_64.pl crypto/rc4/rc4-x86_64.s" + "crypto/sha/asm/keccak1600-avx2.pl crypto/sha/keccak1600-avx2.s" + "crypto/sha/asm/keccak1600-avx512.pl crypto/sha/keccak1600-avx512.s" + "crypto/sha/asm/keccak1600-avx512vl.pl crypto/sha/keccak1600-avx512vl.s" "crypto/sha/asm/keccak1600-x86_64.pl crypto/sha/keccak1600-x86_64.s" "crypto/sha/asm/sha1-mb-x86_64.pl crypto/sha/sha1-mb-x86_64.s" "crypto/sha/asm/sha1-x86_64.pl crypto/sha/sha1-x86_64.s" @@ -51,48 +57,56 @@ declare -a jobs=( "crypto/sha/asm/sha512-x86_64.pl crypto/sha/sha256-x86_64.s" "crypto/sha/asm/sha512-x86_64.pl crypto/sha/sha512-x86_64.s" "crypto/whrlpool/asm/wp-x86_64.pl crypto/whrlpool/wp-x86_64.s" + "crypto/x86_64cpuid.pl crypto/x86_64cpuid.s" # ARCH_AARCH64 "crypto/aes/asm/aesv8-armx.pl crypto/aes/aesv8-armx.S linux64" "crypto/aes/asm/bsaes-armv8.pl crypto/aes/bsaes-armv8.S linux64" "crypto/aes/asm/vpaes-armv8.pl crypto/aes/vpaes-armv8.S linux64" + "crypto/arm64cpuid.pl crypto/arm64cpuid.S linux64" "crypto/bn/asm/armv8-mont.pl crypto/bn/armv8-mont.S linux64" - "crypto/chacha/asm/chacha-armv8.pl crypto/chacha/chacha-armv8.S linux64" "crypto/chacha/asm/chacha-armv8-sve.pl crypto/chacha/chacha-armv8-sve.S linux64" + "crypto/chacha/asm/chacha-armv8.pl crypto/chacha/chacha-armv8.S linux64" "crypto/ec/asm/ecp_nistz256-armv8.pl crypto/ec/ecp_nistz256-armv8.S linux64" "crypto/ec/asm/ecp_sm2p256-armv8.pl crypto/ec/ecp_sm2p256-armv8.S linux64" - "crypto/arm64cpuid.pl crypto/arm64cpuid.S linux64" + "crypto/md5/asm/md5-aarch64.pl crypto/md5/asm/md5-aarch64.S linux64" + "crypto/modes/asm/aes-gcm-armv8-unroll8_64.pl crypto/modes/asm/aes-gcm-armv8-unroll8_64.S linux64" + "crypto/modes/asm/aes-gcm-armv8_64.pl crypto/modes/asm/aes-gcm-armv8_64.S linux64" "crypto/modes/asm/ghashv8-armx.pl crypto/modes/ghashv8-armx.S linux64" "crypto/poly1305/asm/poly1305-armv8.pl crypto/poly1305/poly1305-armv8.S linux64" "crypto/sha/asm/keccak1600-armv8.pl crypto/sha/keccak1600-armv8.S linux64" "crypto/sha/asm/sha1-armv8.pl crypto/sha/sha1-armv8.S linux64" "crypto/sha/asm/sha512-armv8.pl crypto/sha/sha256-armv8.S linux64" "crypto/sha/asm/sha512-armv8.pl crypto/sha/sha512-armv8.S linux64" - "crypto/modes/asm/aes-gcm-armv8_64.pl crypto/modes/asm/aes-gcm-armv8_64.S linux64" - "crypto/modes/asm/aes-gcm-armv8-unroll8_64.pl crypto/modes/asm/aes-gcm-armv8-unroll8_64.S linux64" "crypto/sm3/asm/sm3-armv8.pl crypto/sm3/asm/sm3-armv8.S linux64" "crypto/sm4/asm/sm4-armv8.pl crypto/sm4/asm/sm4-armv8.S linux64" "crypto/sm4/asm/vpsm4-armv8.pl crypto/sm4/asm/vpsm4-armv8.S linux64" "crypto/sm4/asm/vpsm4_ex-armv8.pl crypto/sm4/asm/vpsm4_ex-armv8.S linux64" - "crypto/md5/asm/md5-aarch64.pl crypto/md5/asm/md5-aarch64.S linux64" # ARCH_PPC64LE "crypto/aes/asm/aesp8-ppc.pl crypto/aes/aesp8-ppc.s linux64v2" + "crypto/modes/asm/aes-gcm-ppc.pl crypto/modes/aes-gcm-ppc.s linux64v2" "crypto/modes/asm/ghashp8-ppc.pl crypto/modes/ghashp8-ppc.s linux64v2" "crypto/ppccpuid.pl crypto/ppccpuid.s linux64v2" - "crypto/modes/asm/aes-gcm-ppc.pl crypto/modes/aes-gcm-ppc.s linux64v2" # ARCH_S390X "crypto/aes/asm/aes-s390x.pl crypto/aes/aes-s390x.S linux64" - "crypto/s390xcpuid.pl crypto/s390xcpuid.S linux64" "crypto/chacha/asm/chacha-s390x.pl crypto/chacha/chacha-s390x.S linux64" "crypto/rc4/asm/rc4-s390x.pl crypto/rc4/rc4-s390x.S linux64" + "crypto/s390xcpuid.pl crypto/s390xcpuid.S linux64" "crypto/sha/asm/keccak1600-s390x.pl crypto/sha/keccak1600-s390x.S linux64" # ARCH_RISCV64 - "crypto/riscv64cpuid.pl crypto/riscv64cpuid.S linux64" "crypto/aes/asm/aes-riscv64-zkn.pl crypto/aes/aes-riscv64-zkn.S linux64" + "crypto/aes/asm/aes-riscv64-zvbb-zvkg-zvkned.pl crypto/aes/aes-riscv64-zvbb-zvkg-zvkned.S linux64" + "crypto/aes/asm/aes-riscv64-zvkb-zvkned.pl crypto/aes/aes-riscv64-zvkb-zvkned.S linux64" + "crypto/aes/asm/aes-riscv64-zvkned.pl crypto/aes/aes-riscv64-zvkned.S linux64" + "crypto/modes/asm/aes-gcm-riscv64-zvkb-zvkg-zvkned.pl crypto/modes/aes-gcm-riscv64-zvkb-zvkg-zvkned.S linux64" + "crypto/modes/asm/ghash-riscv64-zvkb-zvbc.pl crypto/modes/ghash-riscv64-zvkb-zvbc.S linux64" + "crypto/modes/asm/ghash-riscv64-zvkg.pl crypto/modes/ghash-riscv64-zvkg.S linux64" "crypto/modes/asm/ghash-riscv64.pl crypto/modes/ghash-riscv64.S linux64" + "crypto/riscv64cpuid.pl crypto/riscv64cpuid.S linux64" + "crypto/sm4/asm/sm4-riscv64-zvksed.pl crypto/sm4/sm4-riscv64-zvksed.S linux64" # ARCH_LOONGARCH64 "crypto/loongarch64cpuid.pl crypto/loongarch64cpuid.S linux64" diff --git a/contrib/openssl-cmake/common/include/crypto/bn_conf.h b/contrib/openssl-cmake/common/include/crypto/bn_conf.h new file mode 100644 index 000000000000..0347a6ddc067 --- /dev/null +++ b/contrib/openssl-cmake/common/include/crypto/bn_conf.h @@ -0,0 +1,29 @@ +/* WARNING: do not edit! */ +/* Generated by Makefile from include/crypto/bn_conf.h.in */ +/* + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_BN_CONF_H +# define OSSL_CRYPTO_BN_CONF_H +# pragma once + +/* + * The contents of this file are not used in the UEFI build, as + * both 32-bit and 64-bit builds are supported from a single run + * of the Configure script. + */ + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +#define SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#undef THIRTY_TWO_BIT + +#endif diff --git a/contrib/openssl-cmake/common/include/crypto/dso_conf.h b/contrib/openssl-cmake/common/include/crypto/dso_conf.h new file mode 100644 index 000000000000..795dfa0f1a66 --- /dev/null +++ b/contrib/openssl-cmake/common/include/crypto/dso_conf.h @@ -0,0 +1,19 @@ +/* WARNING: do not edit! */ +/* Generated by Makefile from include/crypto/dso_conf.h.in */ +/* + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_DSO_CONF_H +# define OSSL_CRYPTO_DSO_CONF_H +# pragma once + +# define DSO_DLFCN +# define HAVE_DLFCN_H +# define DSO_EXTENSION ".so" +#endif diff --git a/contrib/openssl-cmake/common/include/internal/param_names.h b/contrib/openssl-cmake/common/include/internal/param_names.h new file mode 100644 index 000000000000..0a0404a57e82 --- /dev/null +++ b/contrib/openssl-cmake/common/include/internal/param_names.h @@ -0,0 +1,469 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/internal/param_names.h.in + * + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + +int ossl_param_find_pidx(const char *s); + +/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */ +#define NUM_PIDX 346 + +#define PIDX_ALG_PARAM_ALGORITHM_ID 0 +#define PIDX_ALG_PARAM_ALGORITHM_ID_PARAMS 1 +#define PIDX_ALG_PARAM_CIPHER 2 +#define PIDX_ALG_PARAM_DIGEST 3 +#define PIDX_ALG_PARAM_ENGINE 4 +#define PIDX_ALG_PARAM_FIPS_APPROVED_INDICATOR 5 +#define PIDX_ALG_PARAM_MAC 6 +#define PIDX_ALG_PARAM_PROPERTIES 7 +#define PIDX_ASYM_CIPHER_PARAM_DIGEST PIDX_PKEY_PARAM_DIGEST +#define PIDX_ASYM_CIPHER_PARAM_ENGINE PIDX_PKEY_PARAM_ENGINE +#define PIDX_ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR PIDX_ALG_PARAM_FIPS_APPROVED_INDICATOR +#define PIDX_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK PIDX_PKEY_PARAM_FIPS_KEY_CHECK +#define PIDX_ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED PIDX_PROV_PARAM_RSA_PKCS15_PAD_DISABLED +#define PIDX_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION 8 +#define PIDX_ASYM_CIPHER_PARAM_MGF1_DIGEST PIDX_PKEY_PARAM_MGF1_DIGEST +#define PIDX_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS PIDX_PKEY_PARAM_MGF1_PROPERTIES +#define PIDX_ASYM_CIPHER_PARAM_OAEP_DIGEST PIDX_ALG_PARAM_DIGEST +#define PIDX_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS 9 +#define PIDX_ASYM_CIPHER_PARAM_OAEP_LABEL 10 +#define PIDX_ASYM_CIPHER_PARAM_PAD_MODE PIDX_PKEY_PARAM_PAD_MODE +#define PIDX_ASYM_CIPHER_PARAM_PROPERTIES PIDX_PKEY_PARAM_PROPERTIES +#define PIDX_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION 11 +#define PIDX_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION 12 +#define PIDX_CAPABILITY_TLS_GROUP_ALG 13 +#define PIDX_CAPABILITY_TLS_GROUP_ID 14 +#define PIDX_CAPABILITY_TLS_GROUP_IS_KEM 15 +#define PIDX_CAPABILITY_TLS_GROUP_MAX_DTLS 16 +#define PIDX_CAPABILITY_TLS_GROUP_MAX_TLS 17 +#define PIDX_CAPABILITY_TLS_GROUP_MIN_DTLS 18 +#define PIDX_CAPABILITY_TLS_GROUP_MIN_TLS 19 +#define PIDX_CAPABILITY_TLS_GROUP_NAME 20 +#define PIDX_CAPABILITY_TLS_GROUP_NAME_INTERNAL 21 +#define PIDX_CAPABILITY_TLS_GROUP_SECURITY_BITS 22 +#define PIDX_CAPABILITY_TLS_SIGALG_CODE_POINT 23 +#define PIDX_CAPABILITY_TLS_SIGALG_HASH_NAME 24 +#define PIDX_CAPABILITY_TLS_SIGALG_HASH_OID 25 +#define PIDX_CAPABILITY_TLS_SIGALG_IANA_NAME 26 +#define PIDX_CAPABILITY_TLS_SIGALG_KEYTYPE 27 +#define PIDX_CAPABILITY_TLS_SIGALG_KEYTYPE_OID 28 +#define PIDX_CAPABILITY_TLS_SIGALG_MAX_DTLS 16 +#define PIDX_CAPABILITY_TLS_SIGALG_MAX_TLS 17 +#define PIDX_CAPABILITY_TLS_SIGALG_MIN_DTLS 18 +#define PIDX_CAPABILITY_TLS_SIGALG_MIN_TLS 19 +#define PIDX_CAPABILITY_TLS_SIGALG_NAME 29 +#define PIDX_CAPABILITY_TLS_SIGALG_OID 30 +#define PIDX_CAPABILITY_TLS_SIGALG_SECURITY_BITS 31 +#define PIDX_CAPABILITY_TLS_SIGALG_SIG_NAME 32 +#define PIDX_CAPABILITY_TLS_SIGALG_SIG_OID 33 +#define PIDX_CIPHER_PARAM_AEAD 34 +#define PIDX_CIPHER_PARAM_AEAD_IVLEN PIDX_CIPHER_PARAM_IVLEN +#define PIDX_CIPHER_PARAM_AEAD_IV_GENERATED 35 +#define PIDX_CIPHER_PARAM_AEAD_MAC_KEY 36 +#define PIDX_CIPHER_PARAM_AEAD_TAG 37 +#define PIDX_CIPHER_PARAM_AEAD_TAGLEN 38 +#define PIDX_CIPHER_PARAM_AEAD_TLS1_AAD 39 +#define PIDX_CIPHER_PARAM_AEAD_TLS1_AAD_PAD 40 +#define PIDX_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN 41 +#define PIDX_CIPHER_PARAM_AEAD_TLS1_IV_FIXED 42 +#define PIDX_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV 43 +#define PIDX_CIPHER_PARAM_ALGORITHM_ID PIDX_ALG_PARAM_ALGORITHM_ID +#define PIDX_CIPHER_PARAM_ALGORITHM_ID_PARAMS PIDX_ALG_PARAM_ALGORITHM_ID_PARAMS +#define PIDX_CIPHER_PARAM_ALGORITHM_ID_PARAMS_OLD 44 +#define PIDX_CIPHER_PARAM_BLOCK_SIZE 45 +#define PIDX_CIPHER_PARAM_CTS 46 +#define PIDX_CIPHER_PARAM_CTS_MODE 47 +#define PIDX_CIPHER_PARAM_CUSTOM_IV 48 +#define PIDX_CIPHER_PARAM_DECRYPT_ONLY 49 +#define PIDX_CIPHER_PARAM_FIPS_APPROVED_INDICATOR PIDX_ALG_PARAM_FIPS_APPROVED_INDICATOR +#define PIDX_CIPHER_PARAM_FIPS_ENCRYPT_CHECK 50 +#define PIDX_CIPHER_PARAM_HAS_RAND_KEY 51 +#define PIDX_CIPHER_PARAM_IV 52 +#define PIDX_CIPHER_PARAM_IVLEN 53 +#define PIDX_CIPHER_PARAM_KEYLEN 54 +#define PIDX_CIPHER_PARAM_MODE 55 +#define PIDX_CIPHER_PARAM_NUM 56 +#define PIDX_CIPHER_PARAM_PADDING 57 +#define PIDX_CIPHER_PARAM_PIPELINE_AEAD_TAG 58 +#define PIDX_CIPHER_PARAM_RANDOM_KEY 59 +#define PIDX_CIPHER_PARAM_RC2_KEYBITS 60 +#define PIDX_CIPHER_PARAM_ROUNDS 61 +#define PIDX_CIPHER_PARAM_SPEED 62 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK 63 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD 64 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN 65 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC 66 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN 67 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN 68 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE 69 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE 70 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT 71 +#define PIDX_CIPHER_PARAM_TLS_MAC 72 +#define PIDX_CIPHER_PARAM_TLS_MAC_SIZE 73 +#define PIDX_CIPHER_PARAM_TLS_VERSION 74 +#define PIDX_CIPHER_PARAM_UPDATED_IV 75 +#define PIDX_CIPHER_PARAM_USE_BITS 76 +#define PIDX_CIPHER_PARAM_XTS_STANDARD 77 +#define PIDX_DECODER_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_DIGEST_PARAM_ALGID_ABSENT 78 +#define PIDX_DIGEST_PARAM_BLOCK_SIZE 45 +#define PIDX_DIGEST_PARAM_MICALG 79 +#define PIDX_DIGEST_PARAM_PAD_TYPE 80 +#define PIDX_DIGEST_PARAM_SIZE 81 +#define PIDX_DIGEST_PARAM_SSL3_MS 82 +#define PIDX_DIGEST_PARAM_XOF 83 +#define PIDX_DIGEST_PARAM_XOFLEN 84 +#define PIDX_DRBG_PARAM_CIPHER PIDX_ALG_PARAM_CIPHER +#define PIDX_DRBG_PARAM_DIGEST PIDX_ALG_PARAM_DIGEST +#define PIDX_DRBG_PARAM_ENTROPY_REQUIRED 85 +#define PIDX_DRBG_PARAM_FIPS_APPROVED_INDICATOR PIDX_ALG_PARAM_FIPS_APPROVED_INDICATOR +#define PIDX_DRBG_PARAM_FIPS_DIGEST_CHECK PIDX_PKEY_PARAM_FIPS_DIGEST_CHECK +#define PIDX_DRBG_PARAM_MAC PIDX_ALG_PARAM_MAC +#define PIDX_DRBG_PARAM_MAX_ADINLEN 86 +#define PIDX_DRBG_PARAM_MAX_ENTROPYLEN 87 +#define PIDX_DRBG_PARAM_MAX_LENGTH 88 +#define PIDX_DRBG_PARAM_MAX_NONCELEN 89 +#define PIDX_DRBG_PARAM_MAX_PERSLEN 90 +#define PIDX_DRBG_PARAM_MIN_ENTROPYLEN 91 +#define PIDX_DRBG_PARAM_MIN_LENGTH 92 +#define PIDX_DRBG_PARAM_MIN_NONCELEN 93 +#define PIDX_DRBG_PARAM_PREDICTION_RESISTANCE 94 +#define PIDX_DRBG_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_DRBG_PARAM_RANDOM_DATA 95 +#define PIDX_DRBG_PARAM_RESEED_COUNTER 96 +#define PIDX_DRBG_PARAM_RESEED_REQUESTS 97 +#define PIDX_DRBG_PARAM_RESEED_TIME 98 +#define PIDX_DRBG_PARAM_RESEED_TIME_INTERVAL 99 +#define PIDX_DRBG_PARAM_SIZE 81 +#define PIDX_DRBG_PARAM_USE_DF 100 +#define PIDX_ENCODER_PARAM_CIPHER PIDX_ALG_PARAM_CIPHER +#define PIDX_ENCODER_PARAM_ENCRYPT_LEVEL 101 +#define PIDX_ENCODER_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_ENCODER_PARAM_SAVE_PARAMETERS 102 +#define PIDX_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE 103 +#define PIDX_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR PIDX_ALG_PARAM_FIPS_APPROVED_INDICATOR +#define PIDX_EXCHANGE_PARAM_FIPS_DIGEST_CHECK PIDX_PKEY_PARAM_FIPS_DIGEST_CHECK +#define PIDX_EXCHANGE_PARAM_FIPS_ECDH_COFACTOR_CHECK PIDX_PROV_PARAM_ECDH_COFACTOR_CHECK +#define PIDX_EXCHANGE_PARAM_FIPS_KEY_CHECK PIDX_PKEY_PARAM_FIPS_KEY_CHECK +#define PIDX_EXCHANGE_PARAM_KDF_DIGEST 104 +#define PIDX_EXCHANGE_PARAM_KDF_DIGEST_PROPS 105 +#define PIDX_EXCHANGE_PARAM_KDF_OUTLEN 106 +#define PIDX_EXCHANGE_PARAM_KDF_TYPE 107 +#define PIDX_EXCHANGE_PARAM_KDF_UKM 108 +#define PIDX_EXCHANGE_PARAM_PAD 109 +#define PIDX_GEN_PARAM_ITERATION 110 +#define PIDX_GEN_PARAM_POTENTIAL 111 +#define PIDX_KDF_PARAM_ARGON2_AD 112 +#define PIDX_KDF_PARAM_ARGON2_LANES 113 +#define PIDX_KDF_PARAM_ARGON2_MEMCOST 114 +#define PIDX_KDF_PARAM_ARGON2_VERSION 115 +#define PIDX_KDF_PARAM_CEK_ALG 116 +#define PIDX_KDF_PARAM_CIPHER PIDX_ALG_PARAM_CIPHER +#define PIDX_KDF_PARAM_CONSTANT 117 +#define PIDX_KDF_PARAM_DATA 118 +#define PIDX_KDF_PARAM_DIGEST PIDX_ALG_PARAM_DIGEST +#define PIDX_KDF_PARAM_EARLY_CLEAN 119 +#define PIDX_KDF_PARAM_FIPS_APPROVED_INDICATOR PIDX_ALG_PARAM_FIPS_APPROVED_INDICATOR +#define PIDX_KDF_PARAM_FIPS_DIGEST_CHECK PIDX_PKEY_PARAM_FIPS_DIGEST_CHECK +#define PIDX_KDF_PARAM_FIPS_EMS_CHECK 120 +#define PIDX_KDF_PARAM_FIPS_KEY_CHECK PIDX_PKEY_PARAM_FIPS_KEY_CHECK +#define PIDX_KDF_PARAM_HMACDRBG_ENTROPY 121 +#define PIDX_KDF_PARAM_HMACDRBG_NONCE 122 +#define PIDX_KDF_PARAM_INFO 123 +#define PIDX_KDF_PARAM_ITER 124 +#define PIDX_KDF_PARAM_KBKDF_R 125 +#define PIDX_KDF_PARAM_KBKDF_USE_L 126 +#define PIDX_KDF_PARAM_KBKDF_USE_SEPARATOR 127 +#define PIDX_KDF_PARAM_KEY 128 +#define PIDX_KDF_PARAM_LABEL 129 +#define PIDX_KDF_PARAM_MAC PIDX_ALG_PARAM_MAC +#define PIDX_KDF_PARAM_MAC_SIZE 130 +#define PIDX_KDF_PARAM_MODE 55 +#define PIDX_KDF_PARAM_PASSWORD 131 +#define PIDX_KDF_PARAM_PKCS12_ID 132 +#define PIDX_KDF_PARAM_PKCS5 133 +#define PIDX_KDF_PARAM_PREFIX 134 +#define PIDX_KDF_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_KDF_PARAM_SALT 135 +#define PIDX_KDF_PARAM_SCRYPT_MAXMEM 136 +#define PIDX_KDF_PARAM_SCRYPT_N 137 +#define PIDX_KDF_PARAM_SCRYPT_P 138 +#define PIDX_KDF_PARAM_SCRYPT_R 125 +#define PIDX_KDF_PARAM_SECRET 139 +#define PIDX_KDF_PARAM_SEED 140 +#define PIDX_KDF_PARAM_SIZE 81 +#define PIDX_KDF_PARAM_SSHKDF_SESSION_ID 141 +#define PIDX_KDF_PARAM_SSHKDF_TYPE 142 +#define PIDX_KDF_PARAM_SSHKDF_XCGHASH 143 +#define PIDX_KDF_PARAM_THREADS 144 +#define PIDX_KDF_PARAM_UKM 145 +#define PIDX_KDF_PARAM_X942_ACVPINFO 146 +#define PIDX_KDF_PARAM_X942_PARTYUINFO 147 +#define PIDX_KDF_PARAM_X942_PARTYVINFO 148 +#define PIDX_KDF_PARAM_X942_SUPP_PRIVINFO 149 +#define PIDX_KDF_PARAM_X942_SUPP_PUBINFO 150 +#define PIDX_KDF_PARAM_X942_USE_KEYBITS 151 +#define PIDX_KEM_PARAM_FIPS_APPROVED_INDICATOR PIDX_ALG_PARAM_FIPS_APPROVED_INDICATOR +#define PIDX_KEM_PARAM_FIPS_KEY_CHECK PIDX_PKEY_PARAM_FIPS_KEY_CHECK +#define PIDX_KEM_PARAM_IKME 152 +#define PIDX_KEM_PARAM_OPERATION 153 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING 154 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_HS_PADDING 155 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA 156 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN 157 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_MODE 55 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_OPTIONS 158 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD 159 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC 160 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_TLSTREE 161 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_USE_ETM 162 +#define PIDX_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN 163 +#define PIDX_MAC_PARAM_BLOCK_SIZE 164 +#define PIDX_MAC_PARAM_CIPHER PIDX_ALG_PARAM_CIPHER +#define PIDX_MAC_PARAM_CUSTOM 165 +#define PIDX_MAC_PARAM_C_ROUNDS 166 +#define PIDX_MAC_PARAM_DIGEST PIDX_ALG_PARAM_DIGEST +#define PIDX_MAC_PARAM_DIGEST_NOINIT 167 +#define PIDX_MAC_PARAM_DIGEST_ONESHOT 168 +#define PIDX_MAC_PARAM_D_ROUNDS 169 +#define PIDX_MAC_PARAM_FIPS_APPROVED_INDICATOR PIDX_ALG_PARAM_FIPS_APPROVED_INDICATOR +#define PIDX_MAC_PARAM_FIPS_KEY_CHECK PIDX_PKEY_PARAM_FIPS_KEY_CHECK +#define PIDX_MAC_PARAM_FIPS_NO_SHORT_MAC PIDX_PROV_PARAM_NO_SHORT_MAC +#define PIDX_MAC_PARAM_IV 52 +#define PIDX_MAC_PARAM_KEY 128 +#define PIDX_MAC_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_MAC_PARAM_SALT 135 +#define PIDX_MAC_PARAM_SIZE 81 +#define PIDX_MAC_PARAM_TLS_DATA_SIZE 170 +#define PIDX_MAC_PARAM_XOF 83 +#define PIDX_OBJECT_PARAM_DATA 118 +#define PIDX_OBJECT_PARAM_DATA_STRUCTURE 171 +#define PIDX_OBJECT_PARAM_DATA_TYPE 172 +#define PIDX_OBJECT_PARAM_DESC 173 +#define PIDX_OBJECT_PARAM_INPUT_TYPE 174 +#define PIDX_OBJECT_PARAM_REFERENCE 175 +#define PIDX_OBJECT_PARAM_TYPE 142 +#define PIDX_PASSPHRASE_PARAM_INFO 123 +#define PIDX_PKEY_PARAM_ALGORITHM_ID PIDX_ALG_PARAM_ALGORITHM_ID +#define PIDX_PKEY_PARAM_ALGORITHM_ID_PARAMS PIDX_ALG_PARAM_ALGORITHM_ID_PARAMS +#define PIDX_PKEY_PARAM_BITS 176 +#define PIDX_PKEY_PARAM_CIPHER PIDX_ALG_PARAM_CIPHER +#define PIDX_PKEY_PARAM_DEFAULT_DIGEST 177 +#define PIDX_PKEY_PARAM_DHKEM_IKM 178 +#define PIDX_PKEY_PARAM_DH_GENERATOR 179 +#define PIDX_PKEY_PARAM_DH_PRIV_LEN 180 +#define PIDX_PKEY_PARAM_DIGEST PIDX_ALG_PARAM_DIGEST +#define PIDX_PKEY_PARAM_DIGEST_SIZE 181 +#define PIDX_PKEY_PARAM_DIST_ID 182 +#define PIDX_PKEY_PARAM_EC_A 183 +#define PIDX_PKEY_PARAM_EC_B 184 +#define PIDX_PKEY_PARAM_EC_CHAR2_M 185 +#define PIDX_PKEY_PARAM_EC_CHAR2_PP_K1 186 +#define PIDX_PKEY_PARAM_EC_CHAR2_PP_K2 187 +#define PIDX_PKEY_PARAM_EC_CHAR2_PP_K3 188 +#define PIDX_PKEY_PARAM_EC_CHAR2_TP_BASIS 189 +#define PIDX_PKEY_PARAM_EC_CHAR2_TYPE 190 +#define PIDX_PKEY_PARAM_EC_COFACTOR 191 +#define PIDX_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS 192 +#define PIDX_PKEY_PARAM_EC_ENCODING 193 +#define PIDX_PKEY_PARAM_EC_FIELD_TYPE 194 +#define PIDX_PKEY_PARAM_EC_GENERATOR 195 +#define PIDX_PKEY_PARAM_EC_GROUP_CHECK_TYPE 196 +#define PIDX_PKEY_PARAM_EC_INCLUDE_PUBLIC 197 +#define PIDX_PKEY_PARAM_EC_ORDER 198 +#define PIDX_PKEY_PARAM_EC_P 138 +#define PIDX_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT 199 +#define PIDX_PKEY_PARAM_EC_PUB_X 200 +#define PIDX_PKEY_PARAM_EC_PUB_Y 201 +#define PIDX_PKEY_PARAM_EC_SEED 140 +#define PIDX_PKEY_PARAM_ENCODED_PUBLIC_KEY 202 +#define PIDX_PKEY_PARAM_ENGINE PIDX_ALG_PARAM_ENGINE +#define PIDX_PKEY_PARAM_FFC_COFACTOR 203 +#define PIDX_PKEY_PARAM_FFC_DIGEST PIDX_PKEY_PARAM_DIGEST +#define PIDX_PKEY_PARAM_FFC_DIGEST_PROPS PIDX_PKEY_PARAM_PROPERTIES +#define PIDX_PKEY_PARAM_FFC_G 204 +#define PIDX_PKEY_PARAM_FFC_GINDEX 205 +#define PIDX_PKEY_PARAM_FFC_H 206 +#define PIDX_PKEY_PARAM_FFC_P 138 +#define PIDX_PKEY_PARAM_FFC_PBITS 207 +#define PIDX_PKEY_PARAM_FFC_PCOUNTER 208 +#define PIDX_PKEY_PARAM_FFC_Q 209 +#define PIDX_PKEY_PARAM_FFC_QBITS 210 +#define PIDX_PKEY_PARAM_FFC_SEED 140 +#define PIDX_PKEY_PARAM_FFC_TYPE 142 +#define PIDX_PKEY_PARAM_FFC_VALIDATE_G 211 +#define PIDX_PKEY_PARAM_FFC_VALIDATE_LEGACY 212 +#define PIDX_PKEY_PARAM_FFC_VALIDATE_PQ 213 +#define PIDX_PKEY_PARAM_FIPS_APPROVED_INDICATOR PIDX_ALG_PARAM_FIPS_APPROVED_INDICATOR +#define PIDX_PKEY_PARAM_FIPS_DIGEST_CHECK 214 +#define PIDX_PKEY_PARAM_FIPS_KEY_CHECK 215 +#define PIDX_PKEY_PARAM_FIPS_SIGN_CHECK 216 +#define PIDX_PKEY_PARAM_GROUP_NAME 217 +#define PIDX_PKEY_PARAM_IMPLICIT_REJECTION 8 +#define PIDX_PKEY_PARAM_MANDATORY_DIGEST 218 +#define PIDX_PKEY_PARAM_MASKGENFUNC 219 +#define PIDX_PKEY_PARAM_MAX_SIZE 220 +#define PIDX_PKEY_PARAM_MGF1_DIGEST 221 +#define PIDX_PKEY_PARAM_MGF1_PROPERTIES 222 +#define PIDX_PKEY_PARAM_ML_DSA_INPUT_FORMATS 223 +#define PIDX_PKEY_PARAM_ML_DSA_OUTPUT_FORMATS 224 +#define PIDX_PKEY_PARAM_ML_DSA_PREFER_SEED 225 +#define PIDX_PKEY_PARAM_ML_DSA_RETAIN_SEED 226 +#define PIDX_PKEY_PARAM_ML_DSA_SEED 140 +#define PIDX_PKEY_PARAM_ML_KEM_IMPORT_PCT_TYPE 227 +#define PIDX_PKEY_PARAM_ML_KEM_INPUT_FORMATS 228 +#define PIDX_PKEY_PARAM_ML_KEM_OUTPUT_FORMATS 229 +#define PIDX_PKEY_PARAM_ML_KEM_PREFER_SEED 230 +#define PIDX_PKEY_PARAM_ML_KEM_RETAIN_SEED 231 +#define PIDX_PKEY_PARAM_ML_KEM_SEED 140 +#define PIDX_PKEY_PARAM_PAD_MODE 232 +#define PIDX_PKEY_PARAM_PRIV_KEY 233 +#define PIDX_PKEY_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_PKEY_PARAM_PUB_KEY 234 +#define PIDX_PKEY_PARAM_RSA_BITS PIDX_PKEY_PARAM_BITS +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT 235 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT1 236 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT2 237 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT3 238 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT4 239 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT5 240 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT6 241 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT7 242 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT8 243 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT9 244 +#define PIDX_PKEY_PARAM_RSA_D 245 +#define PIDX_PKEY_PARAM_RSA_DERIVE_FROM_PQ 246 +#define PIDX_PKEY_PARAM_RSA_DIGEST PIDX_PKEY_PARAM_DIGEST +#define PIDX_PKEY_PARAM_RSA_DIGEST_PROPS PIDX_PKEY_PARAM_PROPERTIES +#define PIDX_PKEY_PARAM_RSA_E 247 +#define PIDX_PKEY_PARAM_RSA_EXPONENT 248 +#define PIDX_PKEY_PARAM_RSA_EXPONENT1 249 +#define PIDX_PKEY_PARAM_RSA_EXPONENT10 250 +#define PIDX_PKEY_PARAM_RSA_EXPONENT2 251 +#define PIDX_PKEY_PARAM_RSA_EXPONENT3 252 +#define PIDX_PKEY_PARAM_RSA_EXPONENT4 253 +#define PIDX_PKEY_PARAM_RSA_EXPONENT5 254 +#define PIDX_PKEY_PARAM_RSA_EXPONENT6 255 +#define PIDX_PKEY_PARAM_RSA_EXPONENT7 256 +#define PIDX_PKEY_PARAM_RSA_EXPONENT8 257 +#define PIDX_PKEY_PARAM_RSA_EXPONENT9 258 +#define PIDX_PKEY_PARAM_RSA_FACTOR 259 +#define PIDX_PKEY_PARAM_RSA_FACTOR1 260 +#define PIDX_PKEY_PARAM_RSA_FACTOR10 261 +#define PIDX_PKEY_PARAM_RSA_FACTOR2 262 +#define PIDX_PKEY_PARAM_RSA_FACTOR3 263 +#define PIDX_PKEY_PARAM_RSA_FACTOR4 264 +#define PIDX_PKEY_PARAM_RSA_FACTOR5 265 +#define PIDX_PKEY_PARAM_RSA_FACTOR6 266 +#define PIDX_PKEY_PARAM_RSA_FACTOR7 267 +#define PIDX_PKEY_PARAM_RSA_FACTOR8 268 +#define PIDX_PKEY_PARAM_RSA_FACTOR9 269 +#define PIDX_PKEY_PARAM_RSA_MASKGENFUNC PIDX_PKEY_PARAM_MASKGENFUNC +#define PIDX_PKEY_PARAM_RSA_MGF1_DIGEST PIDX_PKEY_PARAM_MGF1_DIGEST +#define PIDX_PKEY_PARAM_RSA_N 137 +#define PIDX_PKEY_PARAM_RSA_PRIMES 270 +#define PIDX_PKEY_PARAM_RSA_PSS_SALTLEN 271 +#define PIDX_PKEY_PARAM_RSA_TEST_P1 272 +#define PIDX_PKEY_PARAM_RSA_TEST_P2 273 +#define PIDX_PKEY_PARAM_RSA_TEST_Q1 274 +#define PIDX_PKEY_PARAM_RSA_TEST_Q2 275 +#define PIDX_PKEY_PARAM_RSA_TEST_XP 276 +#define PIDX_PKEY_PARAM_RSA_TEST_XP1 277 +#define PIDX_PKEY_PARAM_RSA_TEST_XP2 278 +#define PIDX_PKEY_PARAM_RSA_TEST_XQ 279 +#define PIDX_PKEY_PARAM_RSA_TEST_XQ1 280 +#define PIDX_PKEY_PARAM_RSA_TEST_XQ2 281 +#define PIDX_PKEY_PARAM_SECURITY_BITS 282 +#define PIDX_PKEY_PARAM_SLH_DSA_SEED 140 +#define PIDX_PKEY_PARAM_USE_COFACTOR_ECDH PIDX_PKEY_PARAM_USE_COFACTOR_FLAG +#define PIDX_PKEY_PARAM_USE_COFACTOR_FLAG 283 +#define PIDX_PROV_PARAM_BUILDINFO 284 +#define PIDX_PROV_PARAM_CORE_MODULE_FILENAME 285 +#define PIDX_PROV_PARAM_CORE_PROV_NAME 286 +#define PIDX_PROV_PARAM_CORE_VERSION 287 +#define PIDX_PROV_PARAM_DRBG_TRUNC_DIGEST 288 +#define PIDX_PROV_PARAM_DSA_SIGN_DISABLED 289 +#define PIDX_PROV_PARAM_ECDH_COFACTOR_CHECK 290 +#define PIDX_PROV_PARAM_HKDF_DIGEST_CHECK 291 +#define PIDX_PROV_PARAM_HKDF_KEY_CHECK 292 +#define PIDX_PROV_PARAM_HMAC_KEY_CHECK 293 +#define PIDX_PROV_PARAM_KBKDF_KEY_CHECK 294 +#define PIDX_PROV_PARAM_KMAC_KEY_CHECK 295 +#define PIDX_PROV_PARAM_NAME 296 +#define PIDX_PROV_PARAM_NO_SHORT_MAC 297 +#define PIDX_PROV_PARAM_PBKDF2_LOWER_BOUND_CHECK 298 +#define PIDX_PROV_PARAM_RSA_PKCS15_PAD_DISABLED 299 +#define PIDX_PROV_PARAM_RSA_PSS_SALTLEN_CHECK 300 +#define PIDX_PROV_PARAM_RSA_SIGN_X931_PAD_DISABLED 301 +#define PIDX_PROV_PARAM_SECURITY_CHECKS 302 +#define PIDX_PROV_PARAM_SELF_TEST_DESC 303 +#define PIDX_PROV_PARAM_SELF_TEST_PHASE 304 +#define PIDX_PROV_PARAM_SELF_TEST_TYPE 305 +#define PIDX_PROV_PARAM_SIGNATURE_DIGEST_CHECK 306 +#define PIDX_PROV_PARAM_SSHKDF_DIGEST_CHECK 307 +#define PIDX_PROV_PARAM_SSHKDF_KEY_CHECK 308 +#define PIDX_PROV_PARAM_SSKDF_DIGEST_CHECK 309 +#define PIDX_PROV_PARAM_SSKDF_KEY_CHECK 310 +#define PIDX_PROV_PARAM_STATUS 311 +#define PIDX_PROV_PARAM_TDES_ENCRYPT_DISABLED 312 +#define PIDX_PROV_PARAM_TLS13_KDF_DIGEST_CHECK 313 +#define PIDX_PROV_PARAM_TLS13_KDF_KEY_CHECK 314 +#define PIDX_PROV_PARAM_TLS1_PRF_DIGEST_CHECK 315 +#define PIDX_PROV_PARAM_TLS1_PRF_EMS_CHECK 316 +#define PIDX_PROV_PARAM_TLS1_PRF_KEY_CHECK 317 +#define PIDX_PROV_PARAM_VERSION 115 +#define PIDX_PROV_PARAM_X942KDF_KEY_CHECK 318 +#define PIDX_PROV_PARAM_X963KDF_DIGEST_CHECK 319 +#define PIDX_PROV_PARAM_X963KDF_KEY_CHECK 320 +#define PIDX_RAND_PARAM_FIPS_APPROVED_INDICATOR PIDX_ALG_PARAM_FIPS_APPROVED_INDICATOR +#define PIDX_RAND_PARAM_GENERATE 321 +#define PIDX_RAND_PARAM_MAX_REQUEST 322 +#define PIDX_RAND_PARAM_STATE 323 +#define PIDX_RAND_PARAM_STRENGTH 324 +#define PIDX_RAND_PARAM_TEST_ENTROPY 325 +#define PIDX_RAND_PARAM_TEST_NONCE 326 +#define PIDX_SIGNATURE_PARAM_ADD_RANDOM 327 +#define PIDX_SIGNATURE_PARAM_ALGORITHM_ID PIDX_PKEY_PARAM_ALGORITHM_ID +#define PIDX_SIGNATURE_PARAM_ALGORITHM_ID_PARAMS PIDX_PKEY_PARAM_ALGORITHM_ID_PARAMS +#define PIDX_SIGNATURE_PARAM_CONTEXT_STRING 328 +#define PIDX_SIGNATURE_PARAM_DETERMINISTIC 329 +#define PIDX_SIGNATURE_PARAM_DIGEST PIDX_PKEY_PARAM_DIGEST +#define PIDX_SIGNATURE_PARAM_DIGEST_SIZE PIDX_PKEY_PARAM_DIGEST_SIZE +#define PIDX_SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR PIDX_ALG_PARAM_FIPS_APPROVED_INDICATOR +#define PIDX_SIGNATURE_PARAM_FIPS_DIGEST_CHECK PIDX_PKEY_PARAM_FIPS_DIGEST_CHECK +#define PIDX_SIGNATURE_PARAM_FIPS_KEY_CHECK PIDX_PKEY_PARAM_FIPS_KEY_CHECK +#define PIDX_SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK 300 +#define PIDX_SIGNATURE_PARAM_FIPS_SIGN_CHECK PIDX_PKEY_PARAM_FIPS_SIGN_CHECK +#define PIDX_SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK 330 +#define PIDX_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE 331 +#define PIDX_SIGNATURE_PARAM_INSTANCE 332 +#define PIDX_SIGNATURE_PARAM_KAT 333 +#define PIDX_SIGNATURE_PARAM_MESSAGE_ENCODING 334 +#define PIDX_SIGNATURE_PARAM_MGF1_DIGEST PIDX_PKEY_PARAM_MGF1_DIGEST +#define PIDX_SIGNATURE_PARAM_MGF1_PROPERTIES PIDX_PKEY_PARAM_MGF1_PROPERTIES +#define PIDX_SIGNATURE_PARAM_MU 335 +#define PIDX_SIGNATURE_PARAM_NONCE_TYPE 336 +#define PIDX_SIGNATURE_PARAM_PAD_MODE PIDX_PKEY_PARAM_PAD_MODE +#define PIDX_SIGNATURE_PARAM_PROPERTIES PIDX_PKEY_PARAM_PROPERTIES +#define PIDX_SIGNATURE_PARAM_PSS_SALTLEN 271 +#define PIDX_SIGNATURE_PARAM_SIGNATURE 337 +#define PIDX_SIGNATURE_PARAM_TEST_ENTROPY 338 +#define PIDX_SKEY_PARAM_KEY_LENGTH 339 +#define PIDX_SKEY_PARAM_RAW_BYTES 340 +#define PIDX_STORE_PARAM_ALIAS 341 +#define PIDX_STORE_PARAM_DIGEST 3 +#define PIDX_STORE_PARAM_EXPECT 342 +#define PIDX_STORE_PARAM_FINGERPRINT 343 +#define PIDX_STORE_PARAM_INPUT_TYPE 174 +#define PIDX_STORE_PARAM_ISSUER 296 +#define PIDX_STORE_PARAM_PROPERTIES 7 +#define PIDX_STORE_PARAM_SERIAL 344 +#define PIDX_STORE_PARAM_SUBJECT 345 diff --git a/contrib/openssl-cmake/common/include/openssl/asn1.h b/contrib/openssl-cmake/common/include/openssl/asn1.h new file mode 100644 index 000000000000..15e9e44674b0 --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/asn1.h @@ -0,0 +1,1134 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/asn1.h.in + * + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + + +#ifndef OPENSSL_ASN1_H +# define OPENSSL_ASN1_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ASN1_H +# endif + +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include +# include +# include +# include +# include +# include +# include + +# include +# include + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define V_ASN1_UNIVERSAL 0x00 +# define V_ASN1_APPLICATION 0x40 +# define V_ASN1_CONTEXT_SPECIFIC 0x80 +# define V_ASN1_PRIVATE 0xc0 + +# define V_ASN1_CONSTRUCTED 0x20 +# define V_ASN1_PRIMITIVE_TAG 0x1f +# define V_ASN1_PRIMATIVE_TAG /*compat*/ V_ASN1_PRIMITIVE_TAG + +# define V_ASN1_APP_CHOOSE -2 /* let the recipient choose */ +# define V_ASN1_OTHER -3 /* used in ASN1_TYPE */ +# define V_ASN1_ANY -4 /* used in ASN1 template code */ + +# define V_ASN1_UNDEF -1 +/* ASN.1 tag values */ +# define V_ASN1_EOC 0 +# define V_ASN1_BOOLEAN 1 +# define V_ASN1_INTEGER 2 +# define V_ASN1_BIT_STRING 3 +# define V_ASN1_OCTET_STRING 4 +# define V_ASN1_NULL 5 +# define V_ASN1_OBJECT 6 +# define V_ASN1_OBJECT_DESCRIPTOR 7 +# define V_ASN1_EXTERNAL 8 +# define V_ASN1_REAL 9 +# define V_ASN1_ENUMERATED 10 +# define V_ASN1_UTF8STRING 12 +# define V_ASN1_SEQUENCE 16 +# define V_ASN1_SET 17 +# define V_ASN1_NUMERICSTRING 18 +# define V_ASN1_PRINTABLESTRING 19 +# define V_ASN1_T61STRING 20 +# define V_ASN1_TELETEXSTRING 20 /* alias */ +# define V_ASN1_VIDEOTEXSTRING 21 +# define V_ASN1_IA5STRING 22 +# define V_ASN1_UTCTIME 23 +# define V_ASN1_GENERALIZEDTIME 24 +# define V_ASN1_GRAPHICSTRING 25 +# define V_ASN1_ISO64STRING 26 +# define V_ASN1_VISIBLESTRING 26 /* alias */ +# define V_ASN1_GENERALSTRING 27 +# define V_ASN1_UNIVERSALSTRING 28 +# define V_ASN1_BMPSTRING 30 + +/* + * NB the constants below are used internally by ASN1_INTEGER + * and ASN1_ENUMERATED to indicate the sign. They are *not* on + * the wire tag values. + */ + +# define V_ASN1_NEG 0x100 +# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) +# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) + +/* For use with d2i_ASN1_type_bytes() */ +# define B_ASN1_NUMERICSTRING 0x0001 +# define B_ASN1_PRINTABLESTRING 0x0002 +# define B_ASN1_T61STRING 0x0004 +# define B_ASN1_TELETEXSTRING 0x0004 +# define B_ASN1_VIDEOTEXSTRING 0x0008 +# define B_ASN1_IA5STRING 0x0010 +# define B_ASN1_GRAPHICSTRING 0x0020 +# define B_ASN1_ISO64STRING 0x0040 +# define B_ASN1_VISIBLESTRING 0x0040 +# define B_ASN1_GENERALSTRING 0x0080 +# define B_ASN1_UNIVERSALSTRING 0x0100 +# define B_ASN1_OCTET_STRING 0x0200 +# define B_ASN1_BIT_STRING 0x0400 +# define B_ASN1_BMPSTRING 0x0800 +# define B_ASN1_UNKNOWN 0x1000 +# define B_ASN1_UTF8STRING 0x2000 +# define B_ASN1_UTCTIME 0x4000 +# define B_ASN1_GENERALIZEDTIME 0x8000 +# define B_ASN1_SEQUENCE 0x10000 +/* For use with ASN1_mbstring_copy() */ +# define MBSTRING_FLAG 0x1000 +# define MBSTRING_UTF8 (MBSTRING_FLAG) +# define MBSTRING_ASC (MBSTRING_FLAG|1) +# define MBSTRING_BMP (MBSTRING_FLAG|2) +# define MBSTRING_UNIV (MBSTRING_FLAG|4) +# define SMIME_OLDMIME 0x400 +# define SMIME_CRLFEOL 0x800 +# define SMIME_STREAM 0x1000 + +/* Stacks for types not otherwise defined in this header */ +SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR) +#define sk_X509_ALGOR_num(sk) OPENSSL_sk_num(ossl_check_const_X509_ALGOR_sk_type(sk)) +#define sk_X509_ALGOR_value(sk, idx) ((X509_ALGOR *)OPENSSL_sk_value(ossl_check_const_X509_ALGOR_sk_type(sk), (idx))) +#define sk_X509_ALGOR_new(cmp) ((STACK_OF(X509_ALGOR) *)OPENSSL_sk_new(ossl_check_X509_ALGOR_compfunc_type(cmp))) +#define sk_X509_ALGOR_new_null() ((STACK_OF(X509_ALGOR) *)OPENSSL_sk_new_null()) +#define sk_X509_ALGOR_new_reserve(cmp, n) ((STACK_OF(X509_ALGOR) *)OPENSSL_sk_new_reserve(ossl_check_X509_ALGOR_compfunc_type(cmp), (n))) +#define sk_X509_ALGOR_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_X509_ALGOR_sk_type(sk), (n)) +#define sk_X509_ALGOR_free(sk) OPENSSL_sk_free(ossl_check_X509_ALGOR_sk_type(sk)) +#define sk_X509_ALGOR_zero(sk) OPENSSL_sk_zero(ossl_check_X509_ALGOR_sk_type(sk)) +#define sk_X509_ALGOR_delete(sk, i) ((X509_ALGOR *)OPENSSL_sk_delete(ossl_check_X509_ALGOR_sk_type(sk), (i))) +#define sk_X509_ALGOR_delete_ptr(sk, ptr) ((X509_ALGOR *)OPENSSL_sk_delete_ptr(ossl_check_X509_ALGOR_sk_type(sk), ossl_check_X509_ALGOR_type(ptr))) +#define sk_X509_ALGOR_push(sk, ptr) OPENSSL_sk_push(ossl_check_X509_ALGOR_sk_type(sk), ossl_check_X509_ALGOR_type(ptr)) +#define sk_X509_ALGOR_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_X509_ALGOR_sk_type(sk), ossl_check_X509_ALGOR_type(ptr)) +#define sk_X509_ALGOR_pop(sk) ((X509_ALGOR *)OPENSSL_sk_pop(ossl_check_X509_ALGOR_sk_type(sk))) +#define sk_X509_ALGOR_shift(sk) ((X509_ALGOR *)OPENSSL_sk_shift(ossl_check_X509_ALGOR_sk_type(sk))) +#define sk_X509_ALGOR_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_X509_ALGOR_sk_type(sk),ossl_check_X509_ALGOR_freefunc_type(freefunc)) +#define sk_X509_ALGOR_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_X509_ALGOR_sk_type(sk), ossl_check_X509_ALGOR_type(ptr), (idx)) +#define sk_X509_ALGOR_set(sk, idx, ptr) ((X509_ALGOR *)OPENSSL_sk_set(ossl_check_X509_ALGOR_sk_type(sk), (idx), ossl_check_X509_ALGOR_type(ptr))) +#define sk_X509_ALGOR_find(sk, ptr) OPENSSL_sk_find(ossl_check_X509_ALGOR_sk_type(sk), ossl_check_X509_ALGOR_type(ptr)) +#define sk_X509_ALGOR_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_X509_ALGOR_sk_type(sk), ossl_check_X509_ALGOR_type(ptr)) +#define sk_X509_ALGOR_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_X509_ALGOR_sk_type(sk), ossl_check_X509_ALGOR_type(ptr), pnum) +#define sk_X509_ALGOR_sort(sk) OPENSSL_sk_sort(ossl_check_X509_ALGOR_sk_type(sk)) +#define sk_X509_ALGOR_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_X509_ALGOR_sk_type(sk)) +#define sk_X509_ALGOR_dup(sk) ((STACK_OF(X509_ALGOR) *)OPENSSL_sk_dup(ossl_check_const_X509_ALGOR_sk_type(sk))) +#define sk_X509_ALGOR_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_ALGOR) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_ALGOR_sk_type(sk), ossl_check_X509_ALGOR_copyfunc_type(copyfunc), ossl_check_X509_ALGOR_freefunc_type(freefunc))) +#define sk_X509_ALGOR_set_cmp_func(sk, cmp) ((sk_X509_ALGOR_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_ALGOR_sk_type(sk), ossl_check_X509_ALGOR_compfunc_type(cmp))) + + + +# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ +/* + * This indicates that the ASN1_STRING is not a real value but just a place + * holder for the location where indefinite length constructed data should be + * inserted in the memory buffer + */ +# define ASN1_STRING_FLAG_NDEF 0x010 + +/* + * This flag is used by the CMS code to indicate that a string is not + * complete and is a place holder for content when it had all been accessed. + * The flag will be reset when content has been written to it. + */ + +# define ASN1_STRING_FLAG_CONT 0x020 +/* + * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING + * type. + */ +# define ASN1_STRING_FLAG_MSTRING 0x040 +/* String is embedded and only content should be freed */ +# define ASN1_STRING_FLAG_EMBED 0x080 +/* String should be parsed in RFC 5280's time format */ +# define ASN1_STRING_FLAG_X509_TIME 0x100 +/* This is the base type that holds just about everything :-) */ +struct asn1_string_st { + int length; + int type; + unsigned char *data; + /* + * The value of the following field depends on the type being held. It + * is mostly being used for BIT_STRING so if the input data has a + * non-zero 'unused bits' value, it will be handled correctly + */ + long flags; +}; + +/* + * ASN1_ENCODING structure: this is used to save the received encoding of an + * ASN1 type. This is useful to get round problems with invalid encodings + * which can break signatures. + */ + +typedef struct ASN1_ENCODING_st { + unsigned char *enc; /* DER encoding */ + long len; /* Length of encoding */ + int modified; /* set to 1 if 'enc' is invalid */ +} ASN1_ENCODING; + +/* Used with ASN1 LONG type: if a long is set to this it is omitted */ +# define ASN1_LONG_UNDEF 0x7fffffffL + +# define STABLE_FLAGS_MALLOC 0x01 +/* + * A zero passed to ASN1_STRING_TABLE_new_add for the flags is interpreted + * as "don't change" and STABLE_FLAGS_MALLOC is always set. By setting + * STABLE_FLAGS_MALLOC only we can clear the existing value. Use the alias + * STABLE_FLAGS_CLEAR to reflect this. + */ +# define STABLE_FLAGS_CLEAR STABLE_FLAGS_MALLOC +# define STABLE_NO_MASK 0x02 +# define DIRSTRING_TYPE \ + (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) +# define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING) + +struct asn1_string_table_st { + int nid; + long minsize; + long maxsize; + unsigned long mask; + unsigned long flags; +}; + +SKM_DEFINE_STACK_OF_INTERNAL(ASN1_STRING_TABLE, ASN1_STRING_TABLE, ASN1_STRING_TABLE) +#define sk_ASN1_STRING_TABLE_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_STRING_TABLE_sk_type(sk)) +#define sk_ASN1_STRING_TABLE_value(sk, idx) ((ASN1_STRING_TABLE *)OPENSSL_sk_value(ossl_check_const_ASN1_STRING_TABLE_sk_type(sk), (idx))) +#define sk_ASN1_STRING_TABLE_new(cmp) ((STACK_OF(ASN1_STRING_TABLE) *)OPENSSL_sk_new(ossl_check_ASN1_STRING_TABLE_compfunc_type(cmp))) +#define sk_ASN1_STRING_TABLE_new_null() ((STACK_OF(ASN1_STRING_TABLE) *)OPENSSL_sk_new_null()) +#define sk_ASN1_STRING_TABLE_new_reserve(cmp, n) ((STACK_OF(ASN1_STRING_TABLE) *)OPENSSL_sk_new_reserve(ossl_check_ASN1_STRING_TABLE_compfunc_type(cmp), (n))) +#define sk_ASN1_STRING_TABLE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ASN1_STRING_TABLE_sk_type(sk), (n)) +#define sk_ASN1_STRING_TABLE_free(sk) OPENSSL_sk_free(ossl_check_ASN1_STRING_TABLE_sk_type(sk)) +#define sk_ASN1_STRING_TABLE_zero(sk) OPENSSL_sk_zero(ossl_check_ASN1_STRING_TABLE_sk_type(sk)) +#define sk_ASN1_STRING_TABLE_delete(sk, i) ((ASN1_STRING_TABLE *)OPENSSL_sk_delete(ossl_check_ASN1_STRING_TABLE_sk_type(sk), (i))) +#define sk_ASN1_STRING_TABLE_delete_ptr(sk, ptr) ((ASN1_STRING_TABLE *)OPENSSL_sk_delete_ptr(ossl_check_ASN1_STRING_TABLE_sk_type(sk), ossl_check_ASN1_STRING_TABLE_type(ptr))) +#define sk_ASN1_STRING_TABLE_push(sk, ptr) OPENSSL_sk_push(ossl_check_ASN1_STRING_TABLE_sk_type(sk), ossl_check_ASN1_STRING_TABLE_type(ptr)) +#define sk_ASN1_STRING_TABLE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ASN1_STRING_TABLE_sk_type(sk), ossl_check_ASN1_STRING_TABLE_type(ptr)) +#define sk_ASN1_STRING_TABLE_pop(sk) ((ASN1_STRING_TABLE *)OPENSSL_sk_pop(ossl_check_ASN1_STRING_TABLE_sk_type(sk))) +#define sk_ASN1_STRING_TABLE_shift(sk) ((ASN1_STRING_TABLE *)OPENSSL_sk_shift(ossl_check_ASN1_STRING_TABLE_sk_type(sk))) +#define sk_ASN1_STRING_TABLE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ASN1_STRING_TABLE_sk_type(sk),ossl_check_ASN1_STRING_TABLE_freefunc_type(freefunc)) +#define sk_ASN1_STRING_TABLE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ASN1_STRING_TABLE_sk_type(sk), ossl_check_ASN1_STRING_TABLE_type(ptr), (idx)) +#define sk_ASN1_STRING_TABLE_set(sk, idx, ptr) ((ASN1_STRING_TABLE *)OPENSSL_sk_set(ossl_check_ASN1_STRING_TABLE_sk_type(sk), (idx), ossl_check_ASN1_STRING_TABLE_type(ptr))) +#define sk_ASN1_STRING_TABLE_find(sk, ptr) OPENSSL_sk_find(ossl_check_ASN1_STRING_TABLE_sk_type(sk), ossl_check_ASN1_STRING_TABLE_type(ptr)) +#define sk_ASN1_STRING_TABLE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ASN1_STRING_TABLE_sk_type(sk), ossl_check_ASN1_STRING_TABLE_type(ptr)) +#define sk_ASN1_STRING_TABLE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ASN1_STRING_TABLE_sk_type(sk), ossl_check_ASN1_STRING_TABLE_type(ptr), pnum) +#define sk_ASN1_STRING_TABLE_sort(sk) OPENSSL_sk_sort(ossl_check_ASN1_STRING_TABLE_sk_type(sk)) +#define sk_ASN1_STRING_TABLE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ASN1_STRING_TABLE_sk_type(sk)) +#define sk_ASN1_STRING_TABLE_dup(sk) ((STACK_OF(ASN1_STRING_TABLE) *)OPENSSL_sk_dup(ossl_check_const_ASN1_STRING_TABLE_sk_type(sk))) +#define sk_ASN1_STRING_TABLE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_STRING_TABLE) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_STRING_TABLE_sk_type(sk), ossl_check_ASN1_STRING_TABLE_copyfunc_type(copyfunc), ossl_check_ASN1_STRING_TABLE_freefunc_type(freefunc))) +#define sk_ASN1_STRING_TABLE_set_cmp_func(sk, cmp) ((sk_ASN1_STRING_TABLE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_STRING_TABLE_sk_type(sk), ossl_check_ASN1_STRING_TABLE_compfunc_type(cmp))) + + +/* size limits: this stuff is taken straight from RFC2459 */ + +# define ub_name 32768 +# define ub_common_name 64 +# define ub_locality_name 128 +# define ub_state_name 128 +# define ub_organization_name 64 +# define ub_organization_unit_name 64 +# define ub_title 64 +# define ub_email_address 128 + +/* + * Declarations for template structures: for full definitions see asn1t.h + */ +typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; +typedef struct ASN1_TLC_st ASN1_TLC; +/* This is just an opaque pointer */ +typedef struct ASN1_VALUE_st ASN1_VALUE; + +/* Declare ASN1 functions: the implement macro is in asn1t.h */ + +/* + * The mysterious 'extern' that's passed to some macros is innocuous, + * and is there to quiet pre-C99 compilers that may complain about empty + * arguments in macro calls. + */ + +# define DECLARE_ASN1_FUNCTIONS_attr(attr, type) \ + DECLARE_ASN1_FUNCTIONS_name_attr(attr, type, type) +# define DECLARE_ASN1_FUNCTIONS(type) \ + DECLARE_ASN1_FUNCTIONS_attr(extern, type) + +# define DECLARE_ASN1_ALLOC_FUNCTIONS_attr(attr, type) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name_attr(attr, type, type) +# define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_attr(extern, type) + +# define DECLARE_ASN1_FUNCTIONS_name_attr(attr, type, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name_attr(attr, type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(attr, type, name) +# define DECLARE_ASN1_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_FUNCTIONS_name_attr(extern, type, name) + +# define DECLARE_ASN1_ENCODE_FUNCTIONS_attr(attr, type, itname, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(attr, type, name) \ + DECLARE_ASN1_ITEM_attr(attr, itname) +# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_attr(extern, type, itname, name) + +# define DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(attr, type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_attr(attr, type, name, name) +# define DECLARE_ASN1_ENCODE_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(extern, type, name) + +# define DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(attr, type, name) \ + attr type *d2i_##name(type **a, const unsigned char **in, long len); \ + attr int i2d_##name(const type *a, unsigned char **out); +# define DECLARE_ASN1_ENCODE_FUNCTIONS_only(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(extern, type, name) + +# define DECLARE_ASN1_NDEF_FUNCTION_attr(attr, name) \ + attr int i2d_##name##_NDEF(const name *a, unsigned char **out); +# define DECLARE_ASN1_NDEF_FUNCTION(name) \ + DECLARE_ASN1_NDEF_FUNCTION_attr(extern, name) + +# define DECLARE_ASN1_ALLOC_FUNCTIONS_name_attr(attr, type, name) \ + attr type *name##_new(void); \ + attr void name##_free(type *a); +# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name_attr(extern, type, name) + +# define DECLARE_ASN1_DUP_FUNCTION_attr(attr, type) \ + DECLARE_ASN1_DUP_FUNCTION_name_attr(attr, type, type) +# define DECLARE_ASN1_DUP_FUNCTION(type) \ + DECLARE_ASN1_DUP_FUNCTION_attr(extern, type) + +# define DECLARE_ASN1_DUP_FUNCTION_name_attr(attr, type, name) \ + attr type *name##_dup(const type *a); +# define DECLARE_ASN1_DUP_FUNCTION_name(type, name) \ + DECLARE_ASN1_DUP_FUNCTION_name_attr(extern, type, name) + +# define DECLARE_ASN1_PRINT_FUNCTION_attr(attr, stname) \ + DECLARE_ASN1_PRINT_FUNCTION_fname_attr(attr, stname, stname) +# define DECLARE_ASN1_PRINT_FUNCTION(stname) \ + DECLARE_ASN1_PRINT_FUNCTION_attr(extern, stname) + +# define DECLARE_ASN1_PRINT_FUNCTION_fname_attr(attr, stname, fname) \ + attr int fname##_print_ctx(BIO *out, const stname *x, int indent, \ + const ASN1_PCTX *pctx); +# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ + DECLARE_ASN1_PRINT_FUNCTION_fname_attr(extern, stname, fname) + +# define D2I_OF(type) type *(*)(type **,const unsigned char **,long) +# define I2D_OF(type) int (*)(const type *,unsigned char **) + +# define CHECKED_D2I_OF(type, d2i) \ + ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0))) +# define CHECKED_I2D_OF(type, i2d) \ + ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0))) +# define CHECKED_NEW_OF(type, xnew) \ + ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0))) +# define CHECKED_PTR_OF(type, p) \ + ((void*) (1 ? p : (type*)0)) +# define CHECKED_PPTR_OF(type, p) \ + ((void**) (1 ? p : (type**)0)) + +# define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) +# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(const type *,unsigned char **) +# define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) + +typedef void *d2i_of_void(void **, const unsigned char **, long); +typedef int i2d_of_void(const void *, unsigned char **); +typedef int OSSL_i2d_of_void_ctx(const void *, unsigned char **, void *vctx); + +/*- + * The following macros and typedefs allow an ASN1_ITEM + * to be embedded in a structure and referenced. Since + * the ASN1_ITEM pointers need to be globally accessible + * (possibly from shared libraries) they may exist in + * different forms. On platforms that support it the + * ASN1_ITEM structure itself will be globally exported. + * Other platforms will export a function that returns + * an ASN1_ITEM pointer. + * + * To handle both cases transparently the macros below + * should be used instead of hard coding an ASN1_ITEM + * pointer in a structure. + * + * The structure will look like this: + * + * typedef struct SOMETHING_st { + * ... + * ASN1_ITEM_EXP *iptr; + * ... + * } SOMETHING; + * + * It would be initialised as e.g.: + * + * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...}; + * + * and the actual pointer extracted with: + * + * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr); + * + * Finally an ASN1_ITEM pointer can be extracted from an + * appropriate reference with: ASN1_ITEM_rptr(X509). This + * would be used when a function takes an ASN1_ITEM * argument. + * + */ + + +/* + * Platforms that can't easily handle shared global variables are declared as + * functions returning ASN1_ITEM pointers. + */ + +/* ASN1_ITEM pointer exported type */ +typedef const ASN1_ITEM *ASN1_ITEM_EXP (void); + +/* Macro to obtain ASN1_ITEM pointer from exported type */ +# define ASN1_ITEM_ptr(iptr) (iptr()) + +/* Macro to include ASN1_ITEM pointer from base type */ +# define ASN1_ITEM_ref(iptr) (iptr##_it) + +# define ASN1_ITEM_rptr(ref) (ref##_it()) + +# define DECLARE_ASN1_ITEM_attr(attr, name) \ + attr const ASN1_ITEM * name##_it(void); +# define DECLARE_ASN1_ITEM(name) \ + DECLARE_ASN1_ITEM_attr(extern, name) + +/* Parameters used by ASN1_STRING_print_ex() */ + +/* + * These determine which characters to escape: RFC2253 special characters, + * control characters and MSB set characters + */ + +# define ASN1_STRFLGS_ESC_2253 1 +# define ASN1_STRFLGS_ESC_CTRL 2 +# define ASN1_STRFLGS_ESC_MSB 4 + +/* Lower 8 bits are reserved as an output type specifier */ +# define ASN1_DTFLGS_TYPE_MASK 0x0FUL +# define ASN1_DTFLGS_RFC822 0x00UL +# define ASN1_DTFLGS_ISO8601 0x01UL + +/* + * This flag determines how we do escaping: normally RC2253 backslash only, + * set this to use backslash and quote. + */ + +# define ASN1_STRFLGS_ESC_QUOTE 8 + +/* These three flags are internal use only. */ + +/* Character is a valid PrintableString character */ +# define CHARTYPE_PRINTABLESTRING 0x10 +/* Character needs escaping if it is the first character */ +# define CHARTYPE_FIRST_ESC_2253 0x20 +/* Character needs escaping if it is the last character */ +# define CHARTYPE_LAST_ESC_2253 0x40 + +/* + * NB the internal flags are safely reused below by flags handled at the top + * level. + */ + +/* + * If this is set we convert all character strings to UTF8 first + */ + +# define ASN1_STRFLGS_UTF8_CONVERT 0x10 + +/* + * If this is set we don't attempt to interpret content: just assume all + * strings are 1 byte per character. This will produce some pretty odd + * looking output! + */ + +# define ASN1_STRFLGS_IGNORE_TYPE 0x20 + +/* If this is set we include the string type in the output */ +# define ASN1_STRFLGS_SHOW_TYPE 0x40 + +/* + * This determines which strings to display and which to 'dump' (hex dump of + * content octets or DER encoding). We can only dump non character strings or + * everything. If we don't dump 'unknown' they are interpreted as character + * strings with 1 octet per character and are subject to the usual escaping + * options. + */ + +# define ASN1_STRFLGS_DUMP_ALL 0x80 +# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 + +/* + * These determine what 'dumping' does, we can dump the content octets or the + * DER encoding: both use the RFC2253 #XXXXX notation. + */ + +# define ASN1_STRFLGS_DUMP_DER 0x200 + +/* + * This flag specifies that RC2254 escaping shall be performed. + */ +#define ASN1_STRFLGS_ESC_2254 0x400 + +/* + * All the string flags consistent with RFC2253, escaping control characters + * isn't essential in RFC2253 but it is advisable anyway. + */ + +# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + ASN1_STRFLGS_UTF8_CONVERT | \ + ASN1_STRFLGS_DUMP_UNKNOWN | \ + ASN1_STRFLGS_DUMP_DER) + + +struct asn1_type_st { + int type; + union { + char *ptr; + ASN1_BOOLEAN boolean; + ASN1_STRING *asn1_string; + ASN1_OBJECT *object; + ASN1_INTEGER *integer; + ASN1_ENUMERATED *enumerated; + ASN1_BIT_STRING *bit_string; + ASN1_OCTET_STRING *octet_string; + ASN1_PRINTABLESTRING *printablestring; + ASN1_T61STRING *t61string; + ASN1_IA5STRING *ia5string; + ASN1_GENERALSTRING *generalstring; + ASN1_BMPSTRING *bmpstring; + ASN1_UNIVERSALSTRING *universalstring; + ASN1_UTCTIME *utctime; + ASN1_GENERALIZEDTIME *generalizedtime; + ASN1_VISIBLESTRING *visiblestring; + ASN1_UTF8STRING *utf8string; + /* + * set and sequence are left complete and still contain the set or + * sequence bytes + */ + ASN1_STRING *set; + ASN1_STRING *sequence; + ASN1_VALUE *asn1_value; + } value; +}; + +SKM_DEFINE_STACK_OF_INTERNAL(ASN1_TYPE, ASN1_TYPE, ASN1_TYPE) +#define sk_ASN1_TYPE_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_TYPE_sk_type(sk)) +#define sk_ASN1_TYPE_value(sk, idx) ((ASN1_TYPE *)OPENSSL_sk_value(ossl_check_const_ASN1_TYPE_sk_type(sk), (idx))) +#define sk_ASN1_TYPE_new(cmp) ((STACK_OF(ASN1_TYPE) *)OPENSSL_sk_new(ossl_check_ASN1_TYPE_compfunc_type(cmp))) +#define sk_ASN1_TYPE_new_null() ((STACK_OF(ASN1_TYPE) *)OPENSSL_sk_new_null()) +#define sk_ASN1_TYPE_new_reserve(cmp, n) ((STACK_OF(ASN1_TYPE) *)OPENSSL_sk_new_reserve(ossl_check_ASN1_TYPE_compfunc_type(cmp), (n))) +#define sk_ASN1_TYPE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ASN1_TYPE_sk_type(sk), (n)) +#define sk_ASN1_TYPE_free(sk) OPENSSL_sk_free(ossl_check_ASN1_TYPE_sk_type(sk)) +#define sk_ASN1_TYPE_zero(sk) OPENSSL_sk_zero(ossl_check_ASN1_TYPE_sk_type(sk)) +#define sk_ASN1_TYPE_delete(sk, i) ((ASN1_TYPE *)OPENSSL_sk_delete(ossl_check_ASN1_TYPE_sk_type(sk), (i))) +#define sk_ASN1_TYPE_delete_ptr(sk, ptr) ((ASN1_TYPE *)OPENSSL_sk_delete_ptr(ossl_check_ASN1_TYPE_sk_type(sk), ossl_check_ASN1_TYPE_type(ptr))) +#define sk_ASN1_TYPE_push(sk, ptr) OPENSSL_sk_push(ossl_check_ASN1_TYPE_sk_type(sk), ossl_check_ASN1_TYPE_type(ptr)) +#define sk_ASN1_TYPE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ASN1_TYPE_sk_type(sk), ossl_check_ASN1_TYPE_type(ptr)) +#define sk_ASN1_TYPE_pop(sk) ((ASN1_TYPE *)OPENSSL_sk_pop(ossl_check_ASN1_TYPE_sk_type(sk))) +#define sk_ASN1_TYPE_shift(sk) ((ASN1_TYPE *)OPENSSL_sk_shift(ossl_check_ASN1_TYPE_sk_type(sk))) +#define sk_ASN1_TYPE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ASN1_TYPE_sk_type(sk),ossl_check_ASN1_TYPE_freefunc_type(freefunc)) +#define sk_ASN1_TYPE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ASN1_TYPE_sk_type(sk), ossl_check_ASN1_TYPE_type(ptr), (idx)) +#define sk_ASN1_TYPE_set(sk, idx, ptr) ((ASN1_TYPE *)OPENSSL_sk_set(ossl_check_ASN1_TYPE_sk_type(sk), (idx), ossl_check_ASN1_TYPE_type(ptr))) +#define sk_ASN1_TYPE_find(sk, ptr) OPENSSL_sk_find(ossl_check_ASN1_TYPE_sk_type(sk), ossl_check_ASN1_TYPE_type(ptr)) +#define sk_ASN1_TYPE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ASN1_TYPE_sk_type(sk), ossl_check_ASN1_TYPE_type(ptr)) +#define sk_ASN1_TYPE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ASN1_TYPE_sk_type(sk), ossl_check_ASN1_TYPE_type(ptr), pnum) +#define sk_ASN1_TYPE_sort(sk) OPENSSL_sk_sort(ossl_check_ASN1_TYPE_sk_type(sk)) +#define sk_ASN1_TYPE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ASN1_TYPE_sk_type(sk)) +#define sk_ASN1_TYPE_dup(sk) ((STACK_OF(ASN1_TYPE) *)OPENSSL_sk_dup(ossl_check_const_ASN1_TYPE_sk_type(sk))) +#define sk_ASN1_TYPE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_TYPE) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_TYPE_sk_type(sk), ossl_check_ASN1_TYPE_copyfunc_type(copyfunc), ossl_check_ASN1_TYPE_freefunc_type(freefunc))) +#define sk_ASN1_TYPE_set_cmp_func(sk, cmp) ((sk_ASN1_TYPE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_TYPE_sk_type(sk), ossl_check_ASN1_TYPE_compfunc_type(cmp))) + + +typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; + +DECLARE_ASN1_ENCODE_FUNCTIONS_name(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) +DECLARE_ASN1_ENCODE_FUNCTIONS_name(ASN1_SEQUENCE_ANY, ASN1_SET_ANY) + +/* This is used to contain a list of bit names */ +typedef struct BIT_STRING_BITNAME_st { + int bitnum; + const char *lname; + const char *sname; +} BIT_STRING_BITNAME; + +# define B_ASN1_TIME \ + B_ASN1_UTCTIME | \ + B_ASN1_GENERALIZEDTIME + +# define B_ASN1_PRINTABLE \ + B_ASN1_NUMERICSTRING| \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_T61STRING| \ + B_ASN1_IA5STRING| \ + B_ASN1_BIT_STRING| \ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING|\ + B_ASN1_SEQUENCE|\ + B_ASN1_UNKNOWN + +# define B_ASN1_DIRECTORYSTRING \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_TELETEXSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_UTF8STRING + +# define B_ASN1_DISPLAYTEXT \ + B_ASN1_IA5STRING| \ + B_ASN1_VISIBLESTRING| \ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING + +DECLARE_ASN1_ALLOC_FUNCTIONS_name(ASN1_TYPE, ASN1_TYPE) +DECLARE_ASN1_ENCODE_FUNCTIONS(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) + +int ASN1_TYPE_get(const ASN1_TYPE *a); +void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); +int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); + +ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t); +void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); + +SKM_DEFINE_STACK_OF_INTERNAL(ASN1_OBJECT, ASN1_OBJECT, ASN1_OBJECT) +#define sk_ASN1_OBJECT_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_OBJECT_sk_type(sk)) +#define sk_ASN1_OBJECT_value(sk, idx) ((ASN1_OBJECT *)OPENSSL_sk_value(ossl_check_const_ASN1_OBJECT_sk_type(sk), (idx))) +#define sk_ASN1_OBJECT_new(cmp) ((STACK_OF(ASN1_OBJECT) *)OPENSSL_sk_new(ossl_check_ASN1_OBJECT_compfunc_type(cmp))) +#define sk_ASN1_OBJECT_new_null() ((STACK_OF(ASN1_OBJECT) *)OPENSSL_sk_new_null()) +#define sk_ASN1_OBJECT_new_reserve(cmp, n) ((STACK_OF(ASN1_OBJECT) *)OPENSSL_sk_new_reserve(ossl_check_ASN1_OBJECT_compfunc_type(cmp), (n))) +#define sk_ASN1_OBJECT_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ASN1_OBJECT_sk_type(sk), (n)) +#define sk_ASN1_OBJECT_free(sk) OPENSSL_sk_free(ossl_check_ASN1_OBJECT_sk_type(sk)) +#define sk_ASN1_OBJECT_zero(sk) OPENSSL_sk_zero(ossl_check_ASN1_OBJECT_sk_type(sk)) +#define sk_ASN1_OBJECT_delete(sk, i) ((ASN1_OBJECT *)OPENSSL_sk_delete(ossl_check_ASN1_OBJECT_sk_type(sk), (i))) +#define sk_ASN1_OBJECT_delete_ptr(sk, ptr) ((ASN1_OBJECT *)OPENSSL_sk_delete_ptr(ossl_check_ASN1_OBJECT_sk_type(sk), ossl_check_ASN1_OBJECT_type(ptr))) +#define sk_ASN1_OBJECT_push(sk, ptr) OPENSSL_sk_push(ossl_check_ASN1_OBJECT_sk_type(sk), ossl_check_ASN1_OBJECT_type(ptr)) +#define sk_ASN1_OBJECT_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ASN1_OBJECT_sk_type(sk), ossl_check_ASN1_OBJECT_type(ptr)) +#define sk_ASN1_OBJECT_pop(sk) ((ASN1_OBJECT *)OPENSSL_sk_pop(ossl_check_ASN1_OBJECT_sk_type(sk))) +#define sk_ASN1_OBJECT_shift(sk) ((ASN1_OBJECT *)OPENSSL_sk_shift(ossl_check_ASN1_OBJECT_sk_type(sk))) +#define sk_ASN1_OBJECT_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ASN1_OBJECT_sk_type(sk),ossl_check_ASN1_OBJECT_freefunc_type(freefunc)) +#define sk_ASN1_OBJECT_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ASN1_OBJECT_sk_type(sk), ossl_check_ASN1_OBJECT_type(ptr), (idx)) +#define sk_ASN1_OBJECT_set(sk, idx, ptr) ((ASN1_OBJECT *)OPENSSL_sk_set(ossl_check_ASN1_OBJECT_sk_type(sk), (idx), ossl_check_ASN1_OBJECT_type(ptr))) +#define sk_ASN1_OBJECT_find(sk, ptr) OPENSSL_sk_find(ossl_check_ASN1_OBJECT_sk_type(sk), ossl_check_ASN1_OBJECT_type(ptr)) +#define sk_ASN1_OBJECT_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ASN1_OBJECT_sk_type(sk), ossl_check_ASN1_OBJECT_type(ptr)) +#define sk_ASN1_OBJECT_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ASN1_OBJECT_sk_type(sk), ossl_check_ASN1_OBJECT_type(ptr), pnum) +#define sk_ASN1_OBJECT_sort(sk) OPENSSL_sk_sort(ossl_check_ASN1_OBJECT_sk_type(sk)) +#define sk_ASN1_OBJECT_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ASN1_OBJECT_sk_type(sk)) +#define sk_ASN1_OBJECT_dup(sk) ((STACK_OF(ASN1_OBJECT) *)OPENSSL_sk_dup(ossl_check_const_ASN1_OBJECT_sk_type(sk))) +#define sk_ASN1_OBJECT_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_OBJECT) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_OBJECT_sk_type(sk), ossl_check_ASN1_OBJECT_copyfunc_type(copyfunc), ossl_check_ASN1_OBJECT_freefunc_type(freefunc))) +#define sk_ASN1_OBJECT_set_cmp_func(sk, cmp) ((sk_ASN1_OBJECT_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_OBJECT_sk_type(sk), ossl_check_ASN1_OBJECT_compfunc_type(cmp))) + + +DECLARE_ASN1_FUNCTIONS(ASN1_OBJECT) + +ASN1_STRING *ASN1_STRING_new(void); +void ASN1_STRING_free(ASN1_STRING *a); +void ASN1_STRING_clear_free(ASN1_STRING *a); +int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); +DECLARE_ASN1_DUP_FUNCTION(ASN1_STRING) +ASN1_STRING *ASN1_STRING_type_new(int type); +int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); + /* + * Since this is used to store all sorts of things, via macros, for now, + * make its data void * + */ +int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); +int ASN1_STRING_length(const ASN1_STRING *x); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 void ASN1_STRING_length_set(ASN1_STRING *x, int n); +# endif +int ASN1_STRING_type(const ASN1_STRING *x); +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +OSSL_DEPRECATEDIN_1_1_0 unsigned char *ASN1_STRING_data(ASN1_STRING *x); +# endif +const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); + +DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) +int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); +int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); +int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); +int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, + const unsigned char *flags, int flags_len); + +int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, + BIT_STRING_BITNAME *tbl, int indent); +int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl); +int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, + BIT_STRING_BITNAME *tbl); + +SKM_DEFINE_STACK_OF_INTERNAL(ASN1_INTEGER, ASN1_INTEGER, ASN1_INTEGER) +#define sk_ASN1_INTEGER_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_INTEGER_sk_type(sk)) +#define sk_ASN1_INTEGER_value(sk, idx) ((ASN1_INTEGER *)OPENSSL_sk_value(ossl_check_const_ASN1_INTEGER_sk_type(sk), (idx))) +#define sk_ASN1_INTEGER_new(cmp) ((STACK_OF(ASN1_INTEGER) *)OPENSSL_sk_new(ossl_check_ASN1_INTEGER_compfunc_type(cmp))) +#define sk_ASN1_INTEGER_new_null() ((STACK_OF(ASN1_INTEGER) *)OPENSSL_sk_new_null()) +#define sk_ASN1_INTEGER_new_reserve(cmp, n) ((STACK_OF(ASN1_INTEGER) *)OPENSSL_sk_new_reserve(ossl_check_ASN1_INTEGER_compfunc_type(cmp), (n))) +#define sk_ASN1_INTEGER_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ASN1_INTEGER_sk_type(sk), (n)) +#define sk_ASN1_INTEGER_free(sk) OPENSSL_sk_free(ossl_check_ASN1_INTEGER_sk_type(sk)) +#define sk_ASN1_INTEGER_zero(sk) OPENSSL_sk_zero(ossl_check_ASN1_INTEGER_sk_type(sk)) +#define sk_ASN1_INTEGER_delete(sk, i) ((ASN1_INTEGER *)OPENSSL_sk_delete(ossl_check_ASN1_INTEGER_sk_type(sk), (i))) +#define sk_ASN1_INTEGER_delete_ptr(sk, ptr) ((ASN1_INTEGER *)OPENSSL_sk_delete_ptr(ossl_check_ASN1_INTEGER_sk_type(sk), ossl_check_ASN1_INTEGER_type(ptr))) +#define sk_ASN1_INTEGER_push(sk, ptr) OPENSSL_sk_push(ossl_check_ASN1_INTEGER_sk_type(sk), ossl_check_ASN1_INTEGER_type(ptr)) +#define sk_ASN1_INTEGER_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ASN1_INTEGER_sk_type(sk), ossl_check_ASN1_INTEGER_type(ptr)) +#define sk_ASN1_INTEGER_pop(sk) ((ASN1_INTEGER *)OPENSSL_sk_pop(ossl_check_ASN1_INTEGER_sk_type(sk))) +#define sk_ASN1_INTEGER_shift(sk) ((ASN1_INTEGER *)OPENSSL_sk_shift(ossl_check_ASN1_INTEGER_sk_type(sk))) +#define sk_ASN1_INTEGER_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ASN1_INTEGER_sk_type(sk),ossl_check_ASN1_INTEGER_freefunc_type(freefunc)) +#define sk_ASN1_INTEGER_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ASN1_INTEGER_sk_type(sk), ossl_check_ASN1_INTEGER_type(ptr), (idx)) +#define sk_ASN1_INTEGER_set(sk, idx, ptr) ((ASN1_INTEGER *)OPENSSL_sk_set(ossl_check_ASN1_INTEGER_sk_type(sk), (idx), ossl_check_ASN1_INTEGER_type(ptr))) +#define sk_ASN1_INTEGER_find(sk, ptr) OPENSSL_sk_find(ossl_check_ASN1_INTEGER_sk_type(sk), ossl_check_ASN1_INTEGER_type(ptr)) +#define sk_ASN1_INTEGER_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ASN1_INTEGER_sk_type(sk), ossl_check_ASN1_INTEGER_type(ptr)) +#define sk_ASN1_INTEGER_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ASN1_INTEGER_sk_type(sk), ossl_check_ASN1_INTEGER_type(ptr), pnum) +#define sk_ASN1_INTEGER_sort(sk) OPENSSL_sk_sort(ossl_check_ASN1_INTEGER_sk_type(sk)) +#define sk_ASN1_INTEGER_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ASN1_INTEGER_sk_type(sk)) +#define sk_ASN1_INTEGER_dup(sk) ((STACK_OF(ASN1_INTEGER) *)OPENSSL_sk_dup(ossl_check_const_ASN1_INTEGER_sk_type(sk))) +#define sk_ASN1_INTEGER_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_INTEGER) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_INTEGER_sk_type(sk), ossl_check_ASN1_INTEGER_copyfunc_type(copyfunc), ossl_check_ASN1_INTEGER_freefunc_type(freefunc))) +#define sk_ASN1_INTEGER_set_cmp_func(sk, cmp) ((sk_ASN1_INTEGER_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_INTEGER_sk_type(sk), ossl_check_ASN1_INTEGER_compfunc_type(cmp))) + + + +DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) +ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long length); +DECLARE_ASN1_DUP_FUNCTION(ASN1_INTEGER) +int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y); + +DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED) + +int ASN1_UTCTIME_check(const ASN1_UTCTIME *a); +ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); +ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + int offset_day, long offset_sec); +int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); +int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); + +int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, + time_t t); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, + time_t t, int offset_day, + long offset_sec); +int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); + +int ASN1_TIME_diff(int *pday, int *psec, + const ASN1_TIME *from, const ASN1_TIME *to); + +DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) +DECLARE_ASN1_DUP_FUNCTION(ASN1_OCTET_STRING) +int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, + const ASN1_OCTET_STRING *b); +int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, + int len); + +SKM_DEFINE_STACK_OF_INTERNAL(ASN1_UTF8STRING, ASN1_UTF8STRING, ASN1_UTF8STRING) +#define sk_ASN1_UTF8STRING_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_UTF8STRING_sk_type(sk)) +#define sk_ASN1_UTF8STRING_value(sk, idx) ((ASN1_UTF8STRING *)OPENSSL_sk_value(ossl_check_const_ASN1_UTF8STRING_sk_type(sk), (idx))) +#define sk_ASN1_UTF8STRING_new(cmp) ((STACK_OF(ASN1_UTF8STRING) *)OPENSSL_sk_new(ossl_check_ASN1_UTF8STRING_compfunc_type(cmp))) +#define sk_ASN1_UTF8STRING_new_null() ((STACK_OF(ASN1_UTF8STRING) *)OPENSSL_sk_new_null()) +#define sk_ASN1_UTF8STRING_new_reserve(cmp, n) ((STACK_OF(ASN1_UTF8STRING) *)OPENSSL_sk_new_reserve(ossl_check_ASN1_UTF8STRING_compfunc_type(cmp), (n))) +#define sk_ASN1_UTF8STRING_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ASN1_UTF8STRING_sk_type(sk), (n)) +#define sk_ASN1_UTF8STRING_free(sk) OPENSSL_sk_free(ossl_check_ASN1_UTF8STRING_sk_type(sk)) +#define sk_ASN1_UTF8STRING_zero(sk) OPENSSL_sk_zero(ossl_check_ASN1_UTF8STRING_sk_type(sk)) +#define sk_ASN1_UTF8STRING_delete(sk, i) ((ASN1_UTF8STRING *)OPENSSL_sk_delete(ossl_check_ASN1_UTF8STRING_sk_type(sk), (i))) +#define sk_ASN1_UTF8STRING_delete_ptr(sk, ptr) ((ASN1_UTF8STRING *)OPENSSL_sk_delete_ptr(ossl_check_ASN1_UTF8STRING_sk_type(sk), ossl_check_ASN1_UTF8STRING_type(ptr))) +#define sk_ASN1_UTF8STRING_push(sk, ptr) OPENSSL_sk_push(ossl_check_ASN1_UTF8STRING_sk_type(sk), ossl_check_ASN1_UTF8STRING_type(ptr)) +#define sk_ASN1_UTF8STRING_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ASN1_UTF8STRING_sk_type(sk), ossl_check_ASN1_UTF8STRING_type(ptr)) +#define sk_ASN1_UTF8STRING_pop(sk) ((ASN1_UTF8STRING *)OPENSSL_sk_pop(ossl_check_ASN1_UTF8STRING_sk_type(sk))) +#define sk_ASN1_UTF8STRING_shift(sk) ((ASN1_UTF8STRING *)OPENSSL_sk_shift(ossl_check_ASN1_UTF8STRING_sk_type(sk))) +#define sk_ASN1_UTF8STRING_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ASN1_UTF8STRING_sk_type(sk),ossl_check_ASN1_UTF8STRING_freefunc_type(freefunc)) +#define sk_ASN1_UTF8STRING_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ASN1_UTF8STRING_sk_type(sk), ossl_check_ASN1_UTF8STRING_type(ptr), (idx)) +#define sk_ASN1_UTF8STRING_set(sk, idx, ptr) ((ASN1_UTF8STRING *)OPENSSL_sk_set(ossl_check_ASN1_UTF8STRING_sk_type(sk), (idx), ossl_check_ASN1_UTF8STRING_type(ptr))) +#define sk_ASN1_UTF8STRING_find(sk, ptr) OPENSSL_sk_find(ossl_check_ASN1_UTF8STRING_sk_type(sk), ossl_check_ASN1_UTF8STRING_type(ptr)) +#define sk_ASN1_UTF8STRING_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ASN1_UTF8STRING_sk_type(sk), ossl_check_ASN1_UTF8STRING_type(ptr)) +#define sk_ASN1_UTF8STRING_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ASN1_UTF8STRING_sk_type(sk), ossl_check_ASN1_UTF8STRING_type(ptr), pnum) +#define sk_ASN1_UTF8STRING_sort(sk) OPENSSL_sk_sort(ossl_check_ASN1_UTF8STRING_sk_type(sk)) +#define sk_ASN1_UTF8STRING_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ASN1_UTF8STRING_sk_type(sk)) +#define sk_ASN1_UTF8STRING_dup(sk) ((STACK_OF(ASN1_UTF8STRING) *)OPENSSL_sk_dup(ossl_check_const_ASN1_UTF8STRING_sk_type(sk))) +#define sk_ASN1_UTF8STRING_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_UTF8STRING) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_UTF8STRING_sk_type(sk), ossl_check_ASN1_UTF8STRING_copyfunc_type(copyfunc), ossl_check_ASN1_UTF8STRING_freefunc_type(freefunc))) +#define sk_ASN1_UTF8STRING_set_cmp_func(sk, cmp) ((sk_ASN1_UTF8STRING_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_UTF8STRING_sk_type(sk), ossl_check_ASN1_UTF8STRING_compfunc_type(cmp))) + + +DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_NULL) +DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING) + +int UTF8_getc(const unsigned char *str, int len, unsigned long *val); +int UTF8_putc(unsigned char *str, int len, unsigned long value); + +SKM_DEFINE_STACK_OF_INTERNAL(ASN1_GENERALSTRING, ASN1_GENERALSTRING, ASN1_GENERALSTRING) +#define sk_ASN1_GENERALSTRING_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_GENERALSTRING_sk_type(sk)) +#define sk_ASN1_GENERALSTRING_value(sk, idx) ((ASN1_GENERALSTRING *)OPENSSL_sk_value(ossl_check_const_ASN1_GENERALSTRING_sk_type(sk), (idx))) +#define sk_ASN1_GENERALSTRING_new(cmp) ((STACK_OF(ASN1_GENERALSTRING) *)OPENSSL_sk_new(ossl_check_ASN1_GENERALSTRING_compfunc_type(cmp))) +#define sk_ASN1_GENERALSTRING_new_null() ((STACK_OF(ASN1_GENERALSTRING) *)OPENSSL_sk_new_null()) +#define sk_ASN1_GENERALSTRING_new_reserve(cmp, n) ((STACK_OF(ASN1_GENERALSTRING) *)OPENSSL_sk_new_reserve(ossl_check_ASN1_GENERALSTRING_compfunc_type(cmp), (n))) +#define sk_ASN1_GENERALSTRING_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ASN1_GENERALSTRING_sk_type(sk), (n)) +#define sk_ASN1_GENERALSTRING_free(sk) OPENSSL_sk_free(ossl_check_ASN1_GENERALSTRING_sk_type(sk)) +#define sk_ASN1_GENERALSTRING_zero(sk) OPENSSL_sk_zero(ossl_check_ASN1_GENERALSTRING_sk_type(sk)) +#define sk_ASN1_GENERALSTRING_delete(sk, i) ((ASN1_GENERALSTRING *)OPENSSL_sk_delete(ossl_check_ASN1_GENERALSTRING_sk_type(sk), (i))) +#define sk_ASN1_GENERALSTRING_delete_ptr(sk, ptr) ((ASN1_GENERALSTRING *)OPENSSL_sk_delete_ptr(ossl_check_ASN1_GENERALSTRING_sk_type(sk), ossl_check_ASN1_GENERALSTRING_type(ptr))) +#define sk_ASN1_GENERALSTRING_push(sk, ptr) OPENSSL_sk_push(ossl_check_ASN1_GENERALSTRING_sk_type(sk), ossl_check_ASN1_GENERALSTRING_type(ptr)) +#define sk_ASN1_GENERALSTRING_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ASN1_GENERALSTRING_sk_type(sk), ossl_check_ASN1_GENERALSTRING_type(ptr)) +#define sk_ASN1_GENERALSTRING_pop(sk) ((ASN1_GENERALSTRING *)OPENSSL_sk_pop(ossl_check_ASN1_GENERALSTRING_sk_type(sk))) +#define sk_ASN1_GENERALSTRING_shift(sk) ((ASN1_GENERALSTRING *)OPENSSL_sk_shift(ossl_check_ASN1_GENERALSTRING_sk_type(sk))) +#define sk_ASN1_GENERALSTRING_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ASN1_GENERALSTRING_sk_type(sk),ossl_check_ASN1_GENERALSTRING_freefunc_type(freefunc)) +#define sk_ASN1_GENERALSTRING_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ASN1_GENERALSTRING_sk_type(sk), ossl_check_ASN1_GENERALSTRING_type(ptr), (idx)) +#define sk_ASN1_GENERALSTRING_set(sk, idx, ptr) ((ASN1_GENERALSTRING *)OPENSSL_sk_set(ossl_check_ASN1_GENERALSTRING_sk_type(sk), (idx), ossl_check_ASN1_GENERALSTRING_type(ptr))) +#define sk_ASN1_GENERALSTRING_find(sk, ptr) OPENSSL_sk_find(ossl_check_ASN1_GENERALSTRING_sk_type(sk), ossl_check_ASN1_GENERALSTRING_type(ptr)) +#define sk_ASN1_GENERALSTRING_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ASN1_GENERALSTRING_sk_type(sk), ossl_check_ASN1_GENERALSTRING_type(ptr)) +#define sk_ASN1_GENERALSTRING_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ASN1_GENERALSTRING_sk_type(sk), ossl_check_ASN1_GENERALSTRING_type(ptr), pnum) +#define sk_ASN1_GENERALSTRING_sort(sk) OPENSSL_sk_sort(ossl_check_ASN1_GENERALSTRING_sk_type(sk)) +#define sk_ASN1_GENERALSTRING_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ASN1_GENERALSTRING_sk_type(sk)) +#define sk_ASN1_GENERALSTRING_dup(sk) ((STACK_OF(ASN1_GENERALSTRING) *)OPENSSL_sk_dup(ossl_check_const_ASN1_GENERALSTRING_sk_type(sk))) +#define sk_ASN1_GENERALSTRING_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_GENERALSTRING) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_GENERALSTRING_sk_type(sk), ossl_check_ASN1_GENERALSTRING_copyfunc_type(copyfunc), ossl_check_ASN1_GENERALSTRING_freefunc_type(freefunc))) +#define sk_ASN1_GENERALSTRING_set_cmp_func(sk, cmp) ((sk_ASN1_GENERALSTRING_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_GENERALSTRING_sk_type(sk), ossl_check_ASN1_GENERALSTRING_compfunc_type(cmp))) + + +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE) + +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING) +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT) +DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME) +DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) +DECLARE_ASN1_FUNCTIONS(ASN1_TIME) + +DECLARE_ASN1_DUP_FUNCTION(ASN1_TIME) +DECLARE_ASN1_DUP_FUNCTION(ASN1_UTCTIME) +DECLARE_ASN1_DUP_FUNCTION(ASN1_GENERALIZEDTIME) + +DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) + +ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); +ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, + int offset_day, long offset_sec); +int ASN1_TIME_check(const ASN1_TIME *t); +ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, + ASN1_GENERALIZEDTIME **out); +int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); +int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); +int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); +int ASN1_TIME_normalize(ASN1_TIME *s); +int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t); +int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b); + +int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a); +int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size); +int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a); +int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size); +int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a); +int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size); +int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type); +int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a); + +int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); +ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, + const char *sn, const char *ln); + +int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); +int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); +int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); +int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); + +int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); +long ASN1_INTEGER_get(const ASN1_INTEGER *a); +ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); +BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); + +int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); +int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); + + +int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); +long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); +ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); +BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn); + +/* General */ +/* given a string, return the correct type, max is the maximum length */ +int ASN1_PRINTABLE_type(const unsigned char *s, int max); + +unsigned long ASN1_tag2bit(int tag); + +/* SPECIALS */ +int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, + int *pclass, long omax); +int ASN1_check_infinite_end(unsigned char **p, long len); +int ASN1_const_check_infinite_end(const unsigned char **p, long len); +void ASN1_put_object(unsigned char **pp, int constructed, int length, + int tag, int xclass); +int ASN1_put_eoc(unsigned char **pp); +int ASN1_object_size(int constructed, int length, int tag); + +/* Used to implement other functions */ +void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, const void *x); + +# define ASN1_dup_of(type,i2d,d2i,x) \ + ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ + CHECKED_PTR_OF(const type, x))) + +void *ASN1_item_dup(const ASN1_ITEM *it, const void *x); +int ASN1_item_sign_ex(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + const void *data, const ASN1_OCTET_STRING *id, + EVP_PKEY *pkey, const EVP_MD *md, OSSL_LIB_CTX *libctx, + const char *propq); +int ASN1_item_verify_ex(const ASN1_ITEM *it, const X509_ALGOR *alg, + const ASN1_BIT_STRING *signature, const void *data, + const ASN1_OCTET_STRING *id, EVP_PKEY *pkey, + OSSL_LIB_CTX *libctx, const char *propq); + +/* ASN1 alloc/free macros for when a type is only used internally */ + +# define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type)) +# define M_ASN1_free_of(x, type) \ + ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) + +# ifndef OPENSSL_NO_STDIO +void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x); + +# define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_fp_ex(const ASN1_ITEM *it, FILE *in, void *x, + OSSL_LIB_CTX *libctx, const char *propq); +void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); +int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, const void *x); + +# define ASN1_i2d_fp_of(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, const void *x); +int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags); +# endif + +int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); + +void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x); + +# define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_bio_ex(const ASN1_ITEM *it, BIO *in, void *pval, + OSSL_LIB_CTX *libctx, const char *propq); +void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *pval); +int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, const void *x); + +# define ASN1_i2d_bio_of(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, const void *x); +BIO *ASN1_item_i2d_mem_bio(const ASN1_ITEM *it, const ASN1_VALUE *val); +int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a); +int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); +int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm); +int ASN1_TIME_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags); +int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v); +int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); +int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int off); +int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, + unsigned char *buf, int off); +int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); +int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, + int dump); +const char *ASN1_tag2str(int tag); + +/* Used to load and write Netscape format cert */ + +int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); + +int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len); +int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len); +int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, + unsigned char *data, int len); +int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, + unsigned char *data, int max_len); + +void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it); +void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq); + +ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, + ASN1_OCTET_STRING **oct); + +void ASN1_STRING_set_default_mask(unsigned long mask); +int ASN1_STRING_set_default_mask_asc(const char *p); +unsigned long ASN1_STRING_get_default_mask(void); +int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask); +int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask, + long minsize, long maxsize); + +ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, + const unsigned char *in, int inlen, + int inform, int nid); +ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); +int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long); +void ASN1_STRING_TABLE_cleanup(void); + +/* ASN1 template functions */ + +/* Old API compatible functions */ +ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); +ASN1_VALUE *ASN1_item_new_ex(const ASN1_ITEM *it, OSSL_LIB_CTX *libctx, + const char *propq); +void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); +ASN1_VALUE *ASN1_item_d2i_ex(ASN1_VALUE **val, const unsigned char **in, + long len, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq); +ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, + long len, const ASN1_ITEM *it); +int ASN1_item_i2d(const ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); +int ASN1_item_ndef_i2d(const ASN1_VALUE *val, unsigned char **out, + const ASN1_ITEM *it); + +void ASN1_add_oid_module(void); +void ASN1_add_stable_module(void); + +ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); +ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); +int ASN1_str2mask(const char *str, unsigned long *pmask); + +/* ASN1 Print flags */ + +/* Indicate missing OPTIONAL fields */ +# define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001 +/* Mark start and end of SEQUENCE */ +# define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002 +/* Mark start and end of SEQUENCE/SET OF */ +# define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004 +/* Show the ASN1 type of primitives */ +# define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008 +/* Don't show ASN1 type of ANY */ +# define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010 +/* Don't show ASN1 type of MSTRINGs */ +# define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020 +/* Don't show field names in SEQUENCE */ +# define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040 +/* Show structure names of each SEQUENCE field */ +# define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080 +/* Don't show structure name even at top level */ +# define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100 + +int ASN1_item_print(BIO *out, const ASN1_VALUE *ifld, int indent, + const ASN1_ITEM *it, const ASN1_PCTX *pctx); +ASN1_PCTX *ASN1_PCTX_new(void); +void ASN1_PCTX_free(ASN1_PCTX *p); +unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags); + +ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx)); +void ASN1_SCTX_free(ASN1_SCTX *p); +const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p); +const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p); +unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p); +void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data); +void *ASN1_SCTX_get_app_data(ASN1_SCTX *p); + +const BIO_METHOD *BIO_f_asn1(void); + +/* cannot constify val because of CMS_stream() */ +BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it); + +int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const ASN1_ITEM *it); +int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const char *hdr, const ASN1_ITEM *it); +/* cannot constify val because of CMS_dataFinal() */ +int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it); +int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq); +ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); +ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, int flags, BIO **bcont, + const ASN1_ITEM *it, ASN1_VALUE **x, + OSSL_LIB_CTX *libctx, const char *propq); +int SMIME_crlf_copy(BIO *in, BIO *out, int flags); +int SMIME_text(BIO *in, BIO *out); + +const ASN1_ITEM *ASN1_ITEM_lookup(const char *name); +const ASN1_ITEM *ASN1_ITEM_get(size_t i); + +/* Legacy compatibility */ +# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) +# define DECLARE_ASN1_FUNCTIONS_const(type) DECLARE_ASN1_FUNCTIONS(type) +# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, name) +# define I2D_OF_const(type) I2D_OF(type) +# define ASN1_dup_of_const(type,i2d,d2i,x) ASN1_dup_of(type,i2d,d2i,x) +# define ASN1_i2d_fp_of_const(type,i2d,out,x) ASN1_i2d_fp_of(type,i2d,out,x) +# define ASN1_i2d_bio_of_const(type,i2d,out,x) ASN1_i2d_bio_of(type,i2d,out,x) + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/asn1t.h b/contrib/openssl-cmake/common/include/openssl/asn1t.h new file mode 100644 index 000000000000..74ba47d0cf26 --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/asn1t.h @@ -0,0 +1,946 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/asn1t.h.in + * + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + + +#ifndef OPENSSL_ASN1T_H +# define OPENSSL_ASN1T_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ASN1T_H +# endif + +# include +# include +# include + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +/* ASN1 template defines, structures and functions */ + +#ifdef __cplusplus +extern "C" { +#endif + +/*- + * These are the possible values for the itype field of the + * ASN1_ITEM structure and determine how it is interpreted. + * + * For PRIMITIVE types the underlying type + * determines the behaviour if items is NULL. + * + * Otherwise templates must contain a single + * template and the type is treated in the + * same way as the type specified in the template. + * + * For SEQUENCE types the templates field points + * to the members, the size field is the + * structure size. + * + * For CHOICE types the templates field points + * to each possible member (typically a union) + * and the 'size' field is the offset of the + * selector. + * + * The 'funcs' field is used for application-specific + * data and functions. + * + * The EXTERN type uses a new style d2i/i2d. + * The new style should be used where possible + * because it avoids things like the d2i IMPLICIT + * hack. + * + * MSTRING is a multiple string type, it is used + * for a CHOICE of character strings where the + * actual strings all occupy an ASN1_STRING + * structure. In this case the 'utype' field + * has a special meaning, it is used as a mask + * of acceptable types using the B_ASN1 constants. + * + * NDEF_SEQUENCE is the same as SEQUENCE except + * that it will use indefinite length constructed + * encoding if requested. + * + */ + +# define ASN1_ITYPE_PRIMITIVE 0x0 +# define ASN1_ITYPE_SEQUENCE 0x1 +# define ASN1_ITYPE_CHOICE 0x2 +/* unused value 0x3 */ +# define ASN1_ITYPE_EXTERN 0x4 +# define ASN1_ITYPE_MSTRING 0x5 +# define ASN1_ITYPE_NDEF_SEQUENCE 0x6 + +/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ +# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)((iptr)())) + +/* Macros for start and end of ASN1_ITEM definition */ + +# define ASN1_ITEM_start(itname) \ + const ASN1_ITEM * itname##_it(void) \ + { \ + static const ASN1_ITEM local_it = { + +# define static_ASN1_ITEM_start(itname) \ + static ASN1_ITEM_start(itname) + +# define ASN1_ITEM_end(itname) \ + }; \ + return &local_it; \ + } + +/* Macros to aid ASN1 template writing */ + +# define ASN1_ITEM_TEMPLATE(tname) \ + static const ASN1_TEMPLATE tname##_item_tt + +# define ASN1_ITEM_TEMPLATE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE,\ + -1,\ + &tname##_item_tt,\ + 0,\ + NULL,\ + 0,\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_ITEM_TEMPLATE_END(tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE,\ + -1,\ + &tname##_item_tt,\ + 0,\ + NULL,\ + 0,\ + #tname \ + ASN1_ITEM_end(tname) + +/* This is a ASN1 type which just embeds a template */ + +/*- + * This pair helps declare a SEQUENCE. We can do: + * + * ASN1_SEQUENCE(stname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END(stname) + * + * This will produce an ASN1_ITEM called stname_it + * for a structure called stname. + * + * If you want the same structure but a different + * name then use: + * + * ASN1_SEQUENCE(itname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END_name(stname, itname) + * + * This will create an item called itname_it using + * a structure called stname. + */ + +# define ASN1_SEQUENCE(tname) \ + static const ASN1_TEMPLATE tname##_seq_tt[] + +# define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) + +# define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname) + +# define ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #tname \ + ASN1_ITEM_end(tname) + +# define static_ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_NDEF_SEQUENCE(tname) \ + ASN1_SEQUENCE(tname) + +# define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ + ASN1_SEQUENCE_cb(tname, cb) + +# define ASN1_SEQUENCE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0, NULL}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_const_cb(tname, const_cb) \ + static const ASN1_AUX tname##_aux = \ + {NULL, ASN1_AFLG_CONST_CB, 0, 0, NULL, 0, const_cb}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_cb_const_cb(tname, cb, const_cb) \ + static const ASN1_AUX tname##_aux = \ + {NULL, ASN1_AFLG_CONST_CB, 0, 0, cb, 0, const_cb}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_ref(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0, NULL}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_enc(tname, enc, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc), NULL}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) + + +# define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) + +# define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) +# define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname) + +# define ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +/*- + * This pair helps declare a CHOICE type. We can do: + * + * ASN1_CHOICE(chname) = { + * ... CHOICE options ... + * ASN1_CHOICE_END(chname) + * + * This will produce an ASN1_ITEM called chname_it + * for a structure called chname. The structure + * definition must look like this: + * typedef struct { + * int type; + * union { + * ASN1_SOMETHING *opt1; + * ASN1_SOMEOTHER *opt2; + * } value; + * } chname; + * + * the name of the selector must be 'type'. + * to use an alternative selector name use the + * ASN1_CHOICE_END_selector() version. + */ + +# define ASN1_CHOICE(tname) \ + static const ASN1_TEMPLATE tname##_ch_tt[] + +# define ASN1_CHOICE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0, NULL}; \ + ASN1_CHOICE(tname) + +# define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) + +# define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname) + +# define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) + +# define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type) + +# define ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define static_ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_CHOICE_END_cb(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +/* This helps with the template wrapper form of ASN1_ITEM */ + +# define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \ + (flags), (tag), 0,\ + #name, ASN1_ITEM_ref(type) } + +/* These help with SEQUENCE or CHOICE components */ + +/* used to declare other types */ + +# define ASN1_EX_TYPE(flags, tag, stname, field, type) { \ + (flags), (tag), offsetof(stname, field),\ + #field, ASN1_ITEM_ref(type) } + +/* implicit and explicit helper macros */ + +# define ASN1_IMP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | (ex), tag, stname, field, type) + +# define ASN1_EXP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | (ex), tag, stname, field, type) + +/* Any defined by macros: the field used is in the table itself */ + +# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb } +# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb } + +/* Plain simple type */ +# define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) +/* Embedded simple type */ +# define ASN1_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_EMBED,0, stname, field, type) + +/* OPTIONAL simple type */ +# define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) +# define ASN1_OPT_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED, 0, stname, field, type) + +/* IMPLICIT tagged simple type */ +# define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0) +# define ASN1_IMP_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) + +/* IMPLICIT tagged OPTIONAL simple type */ +# define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +# define ASN1_IMP_OPT_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED) + +/* Same as above but EXPLICIT */ + +# define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0) +# define ASN1_EXP_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) +# define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +# define ASN1_EXP_OPT_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED) + +/* SEQUENCE OF type */ +# define ASN1_SEQUENCE_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) + +/* OPTIONAL SEQUENCE OF */ +# define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Same as above but for SET OF */ + +# define ASN1_SET_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) + +# define ASN1_SET_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */ + +# define ASN1_IMP_SET_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +# define ASN1_EXP_SET_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +# define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +# define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +# define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +/* EXPLICIT using indefinite length constructed form */ +# define ASN1_NDEF_EXP(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) + +/* EXPLICIT OPTIONAL using indefinite length constructed form */ +# define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) + +/* Macros for the ASN1_ADB structure */ + +# define ASN1_ADB(name) \ + static const ASN1_ADB_TABLE name##_adbtbl[] + +# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ + ;\ + static const ASN1_ITEM *name##_adb(void) \ + { \ + static const ASN1_ADB internal_adb = \ + {\ + flags,\ + offsetof(name, field),\ + adb_cb,\ + name##_adbtbl,\ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ + def,\ + none\ + }; \ + return (const ASN1_ITEM *) &internal_adb; \ + } \ + void dummy_function(void) + +# define ADB_ENTRY(val, template) {val, template} + +# define ASN1_ADB_TEMPLATE(name) \ + static const ASN1_TEMPLATE name##_tt + +/* + * This is the ASN1 template structure that defines a wrapper round the + * actual type. It determines the actual position of the field in the value + * structure, various flags such as OPTIONAL and the field name. + */ + +struct ASN1_TEMPLATE_st { + unsigned long flags; /* Various flags */ + long tag; /* tag, not used if no tagging */ + unsigned long offset; /* Offset of this field in structure */ + const char *field_name; /* Field name */ + ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ +}; + +/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */ + +# define ASN1_TEMPLATE_item(t) (t->item_ptr) +# define ASN1_TEMPLATE_adb(t) (t->item_ptr) + +typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE; +typedef struct ASN1_ADB_st ASN1_ADB; + +struct ASN1_ADB_st { + unsigned long flags; /* Various flags */ + unsigned long offset; /* Offset of selector field */ + int (*adb_cb)(long *psel); /* Application callback */ + const ASN1_ADB_TABLE *tbl; /* Table of possible types */ + long tblcount; /* Number of entries in tbl */ + const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ + const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */ +}; + +struct ASN1_ADB_TABLE_st { + long value; /* NID for an object or value for an int */ + const ASN1_TEMPLATE tt; /* item for this value */ +}; + +/* template flags */ + +/* Field is optional */ +# define ASN1_TFLG_OPTIONAL (0x1) + +/* Field is a SET OF */ +# define ASN1_TFLG_SET_OF (0x1 << 1) + +/* Field is a SEQUENCE OF */ +# define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) + +/* + * Special case: this refers to a SET OF that will be sorted into DER order + * when encoded *and* the corresponding STACK will be modified to match the + * new order. + */ +# define ASN1_TFLG_SET_ORDER (0x3 << 1) + +/* Mask for SET OF or SEQUENCE OF */ +# define ASN1_TFLG_SK_MASK (0x3 << 1) + +/* + * These flags mean the tag should be taken from the tag field. If EXPLICIT + * then the underlying type is used for the inner tag. + */ + +/* IMPLICIT tagging */ +# define ASN1_TFLG_IMPTAG (0x1 << 3) + +/* EXPLICIT tagging, inner tag from underlying type */ +# define ASN1_TFLG_EXPTAG (0x2 << 3) + +# define ASN1_TFLG_TAG_MASK (0x3 << 3) + +/* context specific IMPLICIT */ +# define ASN1_TFLG_IMPLICIT (ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT) + +/* context specific EXPLICIT */ +# define ASN1_TFLG_EXPLICIT (ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT) + +/* + * If tagging is in force these determine the type of tag to use. Otherwise + * the tag is determined by the underlying type. These values reflect the + * actual octet format. + */ + +/* Universal tag */ +# define ASN1_TFLG_UNIVERSAL (0x0<<6) +/* Application tag */ +# define ASN1_TFLG_APPLICATION (0x1<<6) +/* Context specific tag */ +# define ASN1_TFLG_CONTEXT (0x2<<6) +/* Private tag */ +# define ASN1_TFLG_PRIVATE (0x3<<6) + +# define ASN1_TFLG_TAG_CLASS (0x3<<6) + +/* + * These are for ANY DEFINED BY type. In this case the 'item' field points to + * an ASN1_ADB structure which contains a table of values to decode the + * relevant type + */ + +# define ASN1_TFLG_ADB_MASK (0x3<<8) + +# define ASN1_TFLG_ADB_OID (0x1<<8) + +# define ASN1_TFLG_ADB_INT (0x1<<9) + +/* + * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes + * indefinite length constructed encoding to be used if required. + */ + +# define ASN1_TFLG_NDEF (0x1<<11) + +/* Field is embedded and not a pointer */ +# define ASN1_TFLG_EMBED (0x1 << 12) + +/* This is the actual ASN1 item itself */ + +struct ASN1_ITEM_st { + char itype; /* The item type, primitive, SEQUENCE, CHOICE + * or extern */ + long utype; /* underlying type */ + const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains + * the contents */ + long tcount; /* Number of templates if SEQUENCE or CHOICE */ + const void *funcs; /* further data and type-specific functions */ + /* funcs can be ASN1_PRIMITIVE_FUNCS*, ASN1_EXTERN_FUNCS*, or ASN1_AUX* */ + long size; /* Structure size (usually) */ + const char *sname; /* Structure name */ +}; + +/* + * Cache for ASN1 tag and length, so we don't keep re-reading it for things + * like CHOICE + */ + +struct ASN1_TLC_st { + char valid; /* Values below are valid */ + int ret; /* return value */ + long plen; /* length */ + int ptag; /* class value */ + int pclass; /* class value */ + int hdrlen; /* header length */ +}; + +/* Typedefs for ASN1 function pointers */ +typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + +typedef int ASN1_ex_d2i_ex(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx, OSSL_LIB_CTX *libctx, + const char *propq); +typedef int ASN1_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); +typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); +typedef int ASN1_ex_new_ex_func(ASN1_VALUE **pval, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq); +typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); + +typedef int ASN1_ex_print_func(BIO *out, const ASN1_VALUE **pval, + int indent, const char *fname, + const ASN1_PCTX *pctx); + +typedef int ASN1_primitive_i2c(const ASN1_VALUE **pval, unsigned char *cont, + int *putype, const ASN1_ITEM *it); +typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, + int len, int utype, char *free_cont, + const ASN1_ITEM *it); +typedef int ASN1_primitive_print(BIO *out, const ASN1_VALUE **pval, + const ASN1_ITEM *it, int indent, + const ASN1_PCTX *pctx); + +typedef struct ASN1_EXTERN_FUNCS_st { + void *app_data; + ASN1_ex_new_func *asn1_ex_new; + ASN1_ex_free_func *asn1_ex_free; + ASN1_ex_free_func *asn1_ex_clear; + ASN1_ex_d2i *asn1_ex_d2i; + ASN1_ex_i2d *asn1_ex_i2d; + ASN1_ex_print_func *asn1_ex_print; + ASN1_ex_new_ex_func *asn1_ex_new_ex; + ASN1_ex_d2i_ex *asn1_ex_d2i_ex; +} ASN1_EXTERN_FUNCS; + +typedef struct ASN1_PRIMITIVE_FUNCS_st { + void *app_data; + unsigned long flags; + ASN1_ex_new_func *prim_new; + ASN1_ex_free_func *prim_free; + ASN1_ex_free_func *prim_clear; + ASN1_primitive_c2i *prim_c2i; + ASN1_primitive_i2c *prim_i2c; + ASN1_primitive_print *prim_print; +} ASN1_PRIMITIVE_FUNCS; + +/* + * This is the ASN1_AUX structure: it handles various miscellaneous + * requirements. For example the use of reference counts and an informational + * callback. The "informational callback" is called at various points during + * the ASN1 encoding and decoding. It can be used to provide minor + * customisation of the structures used. This is most useful where the + * supplied routines *almost* do the right thing but need some extra help at + * a few points. If the callback returns zero then it is assumed a fatal + * error has occurred and the main operation should be abandoned. If major + * changes in the default behaviour are required then an external type is + * more appropriate. + * For the operations ASN1_OP_I2D_PRE, ASN1_OP_I2D_POST, ASN1_OP_PRINT_PRE, and + * ASN1_OP_PRINT_POST, meanwhile a variant of the callback with const parameter + * 'in' is provided to make clear statically that its input is not modified. If + * and only if this variant is in use the flag ASN1_AFLG_CONST_CB must be set. + */ + +typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it, + void *exarg); +typedef int ASN1_aux_const_cb(int operation, const ASN1_VALUE **in, + const ASN1_ITEM *it, void *exarg); + +typedef struct ASN1_AUX_st { + void *app_data; + int flags; + int ref_offset; /* Offset of reference value */ + int ref_lock; /* Offset of lock value */ + ASN1_aux_cb *asn1_cb; + int enc_offset; /* Offset of ASN1_ENCODING structure */ + ASN1_aux_const_cb *asn1_const_cb; /* for ASN1_OP_I2D_ and ASN1_OP_PRINT_ */ +} ASN1_AUX; + +/* For print related callbacks exarg points to this structure */ +typedef struct ASN1_PRINT_ARG_st { + BIO *out; + int indent; + const ASN1_PCTX *pctx; +} ASN1_PRINT_ARG; + +/* For streaming related callbacks exarg points to this structure */ +typedef struct ASN1_STREAM_ARG_st { + /* BIO to stream through */ + BIO *out; + /* BIO with filters appended */ + BIO *ndef_bio; + /* Streaming I/O boundary */ + unsigned char **boundary; +} ASN1_STREAM_ARG; + +/* Flags in ASN1_AUX */ + +/* Use a reference count */ +# define ASN1_AFLG_REFCOUNT 1 +/* Save the encoding of structure (useful for signatures) */ +# define ASN1_AFLG_ENCODING 2 +/* The Sequence length is invalid */ +# define ASN1_AFLG_BROKEN 4 +/* Use the new asn1_const_cb */ +# define ASN1_AFLG_CONST_CB 8 + +/* operation values for asn1_cb */ + +# define ASN1_OP_NEW_PRE 0 +# define ASN1_OP_NEW_POST 1 +# define ASN1_OP_FREE_PRE 2 +# define ASN1_OP_FREE_POST 3 +# define ASN1_OP_D2I_PRE 4 +# define ASN1_OP_D2I_POST 5 +# define ASN1_OP_I2D_PRE 6 +# define ASN1_OP_I2D_POST 7 +# define ASN1_OP_PRINT_PRE 8 +# define ASN1_OP_PRINT_POST 9 +# define ASN1_OP_STREAM_PRE 10 +# define ASN1_OP_STREAM_POST 11 +# define ASN1_OP_DETACHED_PRE 12 +# define ASN1_OP_DETACHED_POST 13 +# define ASN1_OP_DUP_PRE 14 +# define ASN1_OP_DUP_POST 15 +# define ASN1_OP_GET0_LIBCTX 16 +# define ASN1_OP_GET0_PROPQ 17 + +/* Macro to implement a primitive type */ +# define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) +# define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \ + ASN1_ITEM_end(itname) + +/* Macro to implement a multi string type */ +# define IMPLEMENT_ASN1_MSTRING(itname, mask) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ + ASN1_ITEM_end(itname) + +# define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ + ASN1_ITEM_start(sname) \ + ASN1_ITYPE_EXTERN, \ + tag, \ + NULL, \ + 0, \ + &fptrs, \ + 0, \ + #sname \ + ASN1_ITEM_end(sname) + +/* Macro to implement standard functions in terms of ASN1_ITEM structures */ + +# define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) + +# define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ + IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) + +# define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \ + pre stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + pre void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ + stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +# define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ + } \ + int i2d_##fname(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((const ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ + } + +# define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ + int i2d_##stname##_NDEF(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_ndef_i2d((const ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ + } + +# define IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(stname) \ + static stname *d2i_##stname(stname **a, \ + const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \ + ASN1_ITEM_rptr(stname)); \ + } \ + static int i2d_##stname(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((const ASN1_VALUE *)a, out, \ + ASN1_ITEM_rptr(stname)); \ + } + +# define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ + stname * stname##_dup(const stname *x) \ + { \ + return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ + } + +# define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \ + IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \ + int fname##_print_ctx(BIO *out, const stname *x, int indent, \ + const ASN1_PCTX *pctx) \ + { \ + return ASN1_item_print(out, (const ASN1_VALUE *)x, indent, \ + ASN1_ITEM_rptr(itname), pctx); \ + } + +/* external definitions for primitive types */ + +DECLARE_ASN1_ITEM(ASN1_BOOLEAN) +DECLARE_ASN1_ITEM(ASN1_TBOOLEAN) +DECLARE_ASN1_ITEM(ASN1_FBOOLEAN) +DECLARE_ASN1_ITEM(ASN1_SEQUENCE) +DECLARE_ASN1_ITEM(CBIGNUM) +DECLARE_ASN1_ITEM(BIGNUM) +DECLARE_ASN1_ITEM(INT32) +DECLARE_ASN1_ITEM(ZINT32) +DECLARE_ASN1_ITEM(UINT32) +DECLARE_ASN1_ITEM(ZUINT32) +DECLARE_ASN1_ITEM(INT64) +DECLARE_ASN1_ITEM(ZINT64) +DECLARE_ASN1_ITEM(UINT64) +DECLARE_ASN1_ITEM(ZUINT64) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* + * LONG and ZLONG are strongly discouraged for use as stored data, as the + * underlying C type (long) differs in size depending on the architecture. + * They are designed with 32-bit longs in mind. + */ +DECLARE_ASN1_ITEM(LONG) +DECLARE_ASN1_ITEM(ZLONG) +# endif + +SKM_DEFINE_STACK_OF_INTERNAL(ASN1_VALUE, ASN1_VALUE, ASN1_VALUE) +#define sk_ASN1_VALUE_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_VALUE_sk_type(sk)) +#define sk_ASN1_VALUE_value(sk, idx) ((ASN1_VALUE *)OPENSSL_sk_value(ossl_check_const_ASN1_VALUE_sk_type(sk), (idx))) +#define sk_ASN1_VALUE_new(cmp) ((STACK_OF(ASN1_VALUE) *)OPENSSL_sk_new(ossl_check_ASN1_VALUE_compfunc_type(cmp))) +#define sk_ASN1_VALUE_new_null() ((STACK_OF(ASN1_VALUE) *)OPENSSL_sk_new_null()) +#define sk_ASN1_VALUE_new_reserve(cmp, n) ((STACK_OF(ASN1_VALUE) *)OPENSSL_sk_new_reserve(ossl_check_ASN1_VALUE_compfunc_type(cmp), (n))) +#define sk_ASN1_VALUE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ASN1_VALUE_sk_type(sk), (n)) +#define sk_ASN1_VALUE_free(sk) OPENSSL_sk_free(ossl_check_ASN1_VALUE_sk_type(sk)) +#define sk_ASN1_VALUE_zero(sk) OPENSSL_sk_zero(ossl_check_ASN1_VALUE_sk_type(sk)) +#define sk_ASN1_VALUE_delete(sk, i) ((ASN1_VALUE *)OPENSSL_sk_delete(ossl_check_ASN1_VALUE_sk_type(sk), (i))) +#define sk_ASN1_VALUE_delete_ptr(sk, ptr) ((ASN1_VALUE *)OPENSSL_sk_delete_ptr(ossl_check_ASN1_VALUE_sk_type(sk), ossl_check_ASN1_VALUE_type(ptr))) +#define sk_ASN1_VALUE_push(sk, ptr) OPENSSL_sk_push(ossl_check_ASN1_VALUE_sk_type(sk), ossl_check_ASN1_VALUE_type(ptr)) +#define sk_ASN1_VALUE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ASN1_VALUE_sk_type(sk), ossl_check_ASN1_VALUE_type(ptr)) +#define sk_ASN1_VALUE_pop(sk) ((ASN1_VALUE *)OPENSSL_sk_pop(ossl_check_ASN1_VALUE_sk_type(sk))) +#define sk_ASN1_VALUE_shift(sk) ((ASN1_VALUE *)OPENSSL_sk_shift(ossl_check_ASN1_VALUE_sk_type(sk))) +#define sk_ASN1_VALUE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ASN1_VALUE_sk_type(sk),ossl_check_ASN1_VALUE_freefunc_type(freefunc)) +#define sk_ASN1_VALUE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ASN1_VALUE_sk_type(sk), ossl_check_ASN1_VALUE_type(ptr), (idx)) +#define sk_ASN1_VALUE_set(sk, idx, ptr) ((ASN1_VALUE *)OPENSSL_sk_set(ossl_check_ASN1_VALUE_sk_type(sk), (idx), ossl_check_ASN1_VALUE_type(ptr))) +#define sk_ASN1_VALUE_find(sk, ptr) OPENSSL_sk_find(ossl_check_ASN1_VALUE_sk_type(sk), ossl_check_ASN1_VALUE_type(ptr)) +#define sk_ASN1_VALUE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ASN1_VALUE_sk_type(sk), ossl_check_ASN1_VALUE_type(ptr)) +#define sk_ASN1_VALUE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ASN1_VALUE_sk_type(sk), ossl_check_ASN1_VALUE_type(ptr), pnum) +#define sk_ASN1_VALUE_sort(sk) OPENSSL_sk_sort(ossl_check_ASN1_VALUE_sk_type(sk)) +#define sk_ASN1_VALUE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ASN1_VALUE_sk_type(sk)) +#define sk_ASN1_VALUE_dup(sk) ((STACK_OF(ASN1_VALUE) *)OPENSSL_sk_dup(ossl_check_const_ASN1_VALUE_sk_type(sk))) +#define sk_ASN1_VALUE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_VALUE) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_VALUE_sk_type(sk), ossl_check_ASN1_VALUE_copyfunc_type(copyfunc), ossl_check_ASN1_VALUE_freefunc_type(freefunc))) +#define sk_ASN1_VALUE_set_cmp_func(sk, cmp) ((sk_ASN1_VALUE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_VALUE_sk_type(sk), ossl_check_ASN1_VALUE_compfunc_type(cmp))) + + + +/* Functions used internally by the ASN1 code */ + +int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it); +void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it); + +int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + +int ASN1_item_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); + +/* Legacy compatibility */ +# define IMPLEMENT_ASN1_FUNCTIONS_const(name) IMPLEMENT_ASN1_FUNCTIONS(name) +# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) + +#ifdef __cplusplus +} +#endif +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/bio.h b/contrib/openssl-cmake/common/include/openssl/bio.h new file mode 100644 index 000000000000..e02f867beb0e --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/bio.h @@ -0,0 +1,1022 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/bio.h.in + * + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + +#ifndef OPENSSL_BIO_H +# define OPENSSL_BIO_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_BIO_H +# endif + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* There are the classes of BIOs */ +# define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ +# define BIO_TYPE_FILTER 0x0200 +# define BIO_TYPE_SOURCE_SINK 0x0400 + +/* These are the 'types' of BIOs */ +# define BIO_TYPE_NONE 0 +# define BIO_TYPE_MEM ( 1|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_FILE ( 2|BIO_TYPE_SOURCE_SINK) + +# define BIO_TYPE_FD ( 4|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_SOCKET ( 5|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_NULL ( 6|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_SSL ( 7|BIO_TYPE_FILTER) +# define BIO_TYPE_MD ( 8|BIO_TYPE_FILTER) +# define BIO_TYPE_BUFFER ( 9|BIO_TYPE_FILTER) +# define BIO_TYPE_CIPHER (10|BIO_TYPE_FILTER) +# define BIO_TYPE_BASE64 (11|BIO_TYPE_FILTER) +# define BIO_TYPE_CONNECT (12|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_ACCEPT (13|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) + +# define BIO_TYPE_NBIO_TEST (16|BIO_TYPE_FILTER)/* server proxy BIO */ +# define BIO_TYPE_NULL_FILTER (17|BIO_TYPE_FILTER) +# define BIO_TYPE_BIO (19|BIO_TYPE_SOURCE_SINK)/* half a BIO pair */ +# define BIO_TYPE_LINEBUFFER (20|BIO_TYPE_FILTER) +# define BIO_TYPE_DGRAM (21|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_ASN1 (22|BIO_TYPE_FILTER) +# define BIO_TYPE_COMP (23|BIO_TYPE_FILTER) +# ifndef OPENSSL_NO_SCTP +# define BIO_TYPE_DGRAM_SCTP (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# endif +# define BIO_TYPE_CORE_TO_PROV (25|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_DGRAM_PAIR (26|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_DGRAM_MEM (27|BIO_TYPE_SOURCE_SINK) + +/* Custom type starting index returned by BIO_get_new_index() */ +#define BIO_TYPE_START 128 +/* Custom type maximum index that can be returned by BIO_get_new_index() */ +#define BIO_TYPE_MASK 0xFF + +/* + * BIO_FILENAME_READ|BIO_CLOSE to open or close on free. + * BIO_set_fp(in,stdin,BIO_NOCLOSE); + */ +# define BIO_NOCLOSE 0x00 +# define BIO_CLOSE 0x01 + +/* + * These are used in the following macros and are passed to BIO_ctrl() + */ +# define BIO_CTRL_RESET 1/* opt - rewind/zero etc */ +# define BIO_CTRL_EOF 2/* opt - are we at the eof */ +# define BIO_CTRL_INFO 3/* opt - extra tit-bits */ +# define BIO_CTRL_SET 4/* man - set the 'IO' type */ +# define BIO_CTRL_GET 5/* man - get the 'IO' type */ +# define BIO_CTRL_PUSH 6/* opt - internal, used to signify change */ +# define BIO_CTRL_POP 7/* opt - internal, used to signify change */ +# define BIO_CTRL_GET_CLOSE 8/* man - set the 'close' on free */ +# define BIO_CTRL_SET_CLOSE 9/* man - set the 'close' on free */ +# define BIO_CTRL_PENDING 10/* opt - is their more data buffered */ +# define BIO_CTRL_FLUSH 11/* opt - 'flush' buffered output */ +# define BIO_CTRL_DUP 12/* man - extra stuff for 'duped' BIO */ +# define BIO_CTRL_WPENDING 13/* opt - number of bytes still to write */ +# define BIO_CTRL_SET_CALLBACK 14/* opt - set callback function */ +# define BIO_CTRL_GET_CALLBACK 15/* opt - set callback function */ + +# define BIO_CTRL_PEEK 29/* BIO_f_buffer special */ +# define BIO_CTRL_SET_FILENAME 30/* BIO_s_file special */ + +/* dgram BIO stuff */ +# define BIO_CTRL_DGRAM_CONNECT 31/* BIO dgram special */ +# define BIO_CTRL_DGRAM_SET_CONNECTED 32/* allow for an externally connected + * socket to be passed in */ +# define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33/* setsockopt, essentially */ +# define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34/* getsockopt, essentially */ +# define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35/* setsockopt, essentially */ +# define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36/* getsockopt, essentially */ + +# define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37/* flag whether the last */ +# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation timed out */ + +/* #ifdef IP_MTU_DISCOVER */ +# define BIO_CTRL_DGRAM_MTU_DISCOVER 39/* set DF bit on egress packets */ +/* #endif */ + +# define BIO_CTRL_DGRAM_QUERY_MTU 40/* as kernel for current MTU */ +# define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47 +# define BIO_CTRL_DGRAM_GET_MTU 41/* get cached value for MTU */ +# define BIO_CTRL_DGRAM_SET_MTU 42/* set cached value for MTU. + * want to use this if asking + * the kernel fails */ + +# define BIO_CTRL_DGRAM_MTU_EXCEEDED 43/* check whether the MTU was + * exceed in the previous write + * operation */ + +# define BIO_CTRL_DGRAM_GET_PEER 46 +# define BIO_CTRL_DGRAM_SET_PEER 44/* Destination for the data */ + +# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45/* Next DTLS handshake timeout + * to adjust socket timeouts */ +# define BIO_CTRL_DGRAM_SET_DONT_FRAG 48 + +# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 + +/* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */ +# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 +# ifndef OPENSSL_NO_SCTP +/* SCTP stuff */ +# define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51 +# define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52 +# define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53 +# define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO 60 +# define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO 61 +# define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO 62 +# define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO 63 +# define BIO_CTRL_DGRAM_SCTP_GET_PRINFO 64 +# define BIO_CTRL_DGRAM_SCTP_SET_PRINFO 65 +# define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70 +# endif + +# define BIO_CTRL_DGRAM_SET_PEEK_MODE 71 + +/* + * internal BIO: + * # define BIO_CTRL_SET_KTLS_SEND 72 + * # define BIO_CTRL_SET_KTLS_SEND_CTRL_MSG 74 + * # define BIO_CTRL_CLEAR_KTLS_CTRL_MSG 75 + */ + +# define BIO_CTRL_GET_KTLS_SEND 73 +# define BIO_CTRL_GET_KTLS_RECV 76 + +# define BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY 77 +# define BIO_CTRL_DGRAM_SCTP_MSG_WAITING 78 + +/* BIO_f_prefix controls */ +# define BIO_CTRL_SET_PREFIX 79 +# define BIO_CTRL_SET_INDENT 80 +# define BIO_CTRL_GET_INDENT 81 + +# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP 82 +# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE 83 +# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE 84 +# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS 85 +# define BIO_CTRL_DGRAM_GET_CAPS 86 +# define BIO_CTRL_DGRAM_SET_CAPS 87 +# define BIO_CTRL_DGRAM_GET_NO_TRUNC 88 +# define BIO_CTRL_DGRAM_SET_NO_TRUNC 89 + +/* + * internal BIO: + * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90 + */ + +# define BIO_CTRL_GET_RPOLL_DESCRIPTOR 91 +# define BIO_CTRL_GET_WPOLL_DESCRIPTOR 92 +# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR 93 +# define BIO_CTRL_DGRAM_SET0_LOCAL_ADDR 94 + +# define BIO_DGRAM_CAP_NONE 0U +# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR (1U << 0) +# define BIO_DGRAM_CAP_HANDLES_DST_ADDR (1U << 1) +# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR (1U << 2) +# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR (1U << 3) + +# ifndef OPENSSL_NO_KTLS +# define BIO_get_ktls_send(b) \ + (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0) +# define BIO_get_ktls_recv(b) \ + (BIO_ctrl(b, BIO_CTRL_GET_KTLS_RECV, 0, NULL) > 0) +# else +# define BIO_get_ktls_send(b) (0) +# define BIO_get_ktls_recv(b) (0) +# endif + +/* modifiers */ +# define BIO_FP_READ 0x02 +# define BIO_FP_WRITE 0x04 +# define BIO_FP_APPEND 0x08 +# define BIO_FP_TEXT 0x10 + +# define BIO_FLAGS_READ 0x01 +# define BIO_FLAGS_WRITE 0x02 +# define BIO_FLAGS_IO_SPECIAL 0x04 +# define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) +# define BIO_FLAGS_SHOULD_RETRY 0x08 +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* This #define was replaced by an internal constant and should not be used. */ +# define BIO_FLAGS_UPLINK 0 +# endif + +# define BIO_FLAGS_BASE64_NO_NL 0x100 + +/* + * This is used with memory BIOs: + * BIO_FLAGS_MEM_RDONLY means we shouldn't free up or change the data in any way; + * BIO_FLAGS_NONCLEAR_RST means we shouldn't clear data on reset. + */ +# define BIO_FLAGS_MEM_RDONLY 0x200 +# define BIO_FLAGS_NONCLEAR_RST 0x400 +# define BIO_FLAGS_IN_EOF 0x800 + +/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */ + +typedef union bio_addr_st BIO_ADDR; +typedef struct bio_addrinfo_st BIO_ADDRINFO; + +int BIO_get_new_index(void); +void BIO_set_flags(BIO *b, int flags); +int BIO_test_flags(const BIO *b, int flags); +void BIO_clear_flags(BIO *b, int flags); + +# define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) +# define BIO_set_retry_special(b) \ + BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_set_retry_read(b) \ + BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_set_retry_write(b) \ + BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) + +/* These are normally used internally in BIOs */ +# define BIO_clear_retry_flags(b) \ + BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_get_retry_flags(b) \ + BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) + +/* These should be used by the application to tell why we should retry */ +# define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) +# define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) +# define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) +# define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) +# define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) + +/* + * The next three are used in conjunction with the BIO_should_io_special() + * condition. After this returns true, BIO *BIO_get_retry_BIO(BIO *bio, int + * *reason); will walk the BIO stack and return the 'reason' for the special + * and the offending BIO. Given a BIO, BIO_get_retry_reason(bio) will return + * the code. + */ +/* + * Returned from the SSL bio when the certificate retrieval code had an error + */ +# define BIO_RR_SSL_X509_LOOKUP 0x01 +/* Returned from the connect BIO when a connect would have blocked */ +# define BIO_RR_CONNECT 0x02 +/* Returned from the accept BIO when an accept would have blocked */ +# define BIO_RR_ACCEPT 0x03 + +/* These are passed by the BIO callback */ +# define BIO_CB_FREE 0x01 +# define BIO_CB_READ 0x02 +# define BIO_CB_WRITE 0x03 +# define BIO_CB_PUTS 0x04 +# define BIO_CB_GETS 0x05 +# define BIO_CB_CTRL 0x06 +# define BIO_CB_RECVMMSG 0x07 +# define BIO_CB_SENDMMSG 0x08 + +/* + * The callback is called before and after the underling operation, The + * BIO_CB_RETURN flag indicates if it is after the call + */ +# define BIO_CB_RETURN 0x80 +# define BIO_CB_return(a) ((a)|BIO_CB_RETURN) +# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) +# define BIO_cb_post(a) ((a)&BIO_CB_RETURN) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, + long argl, long ret); +OSSL_DEPRECATEDIN_3_0 BIO_callback_fn BIO_get_callback(const BIO *b); +OSSL_DEPRECATEDIN_3_0 void BIO_set_callback(BIO *b, BIO_callback_fn callback); +OSSL_DEPRECATEDIN_3_0 long BIO_debug_callback(BIO *bio, int cmd, + const char *argp, int argi, + long argl, long ret); +# endif + +typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, + size_t len, int argi, + long argl, int ret, size_t *processed); +BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); +void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); +long BIO_debug_callback_ex(BIO *bio, int oper, const char *argp, size_t len, + int argi, long argl, int ret, size_t *processed); + +char *BIO_get_callback_arg(const BIO *b); +void BIO_set_callback_arg(BIO *b, char *arg); + +typedef struct bio_method_st BIO_METHOD; + +const char *BIO_method_name(const BIO *b); +int BIO_method_type(const BIO *b); + +typedef int BIO_info_cb(BIO *, int, int); +typedef BIO_info_cb bio_info_cb; /* backward compatibility */ + +SKM_DEFINE_STACK_OF_INTERNAL(BIO, BIO, BIO) +#define sk_BIO_num(sk) OPENSSL_sk_num(ossl_check_const_BIO_sk_type(sk)) +#define sk_BIO_value(sk, idx) ((BIO *)OPENSSL_sk_value(ossl_check_const_BIO_sk_type(sk), (idx))) +#define sk_BIO_new(cmp) ((STACK_OF(BIO) *)OPENSSL_sk_new(ossl_check_BIO_compfunc_type(cmp))) +#define sk_BIO_new_null() ((STACK_OF(BIO) *)OPENSSL_sk_new_null()) +#define sk_BIO_new_reserve(cmp, n) ((STACK_OF(BIO) *)OPENSSL_sk_new_reserve(ossl_check_BIO_compfunc_type(cmp), (n))) +#define sk_BIO_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_BIO_sk_type(sk), (n)) +#define sk_BIO_free(sk) OPENSSL_sk_free(ossl_check_BIO_sk_type(sk)) +#define sk_BIO_zero(sk) OPENSSL_sk_zero(ossl_check_BIO_sk_type(sk)) +#define sk_BIO_delete(sk, i) ((BIO *)OPENSSL_sk_delete(ossl_check_BIO_sk_type(sk), (i))) +#define sk_BIO_delete_ptr(sk, ptr) ((BIO *)OPENSSL_sk_delete_ptr(ossl_check_BIO_sk_type(sk), ossl_check_BIO_type(ptr))) +#define sk_BIO_push(sk, ptr) OPENSSL_sk_push(ossl_check_BIO_sk_type(sk), ossl_check_BIO_type(ptr)) +#define sk_BIO_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_BIO_sk_type(sk), ossl_check_BIO_type(ptr)) +#define sk_BIO_pop(sk) ((BIO *)OPENSSL_sk_pop(ossl_check_BIO_sk_type(sk))) +#define sk_BIO_shift(sk) ((BIO *)OPENSSL_sk_shift(ossl_check_BIO_sk_type(sk))) +#define sk_BIO_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_BIO_sk_type(sk),ossl_check_BIO_freefunc_type(freefunc)) +#define sk_BIO_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_BIO_sk_type(sk), ossl_check_BIO_type(ptr), (idx)) +#define sk_BIO_set(sk, idx, ptr) ((BIO *)OPENSSL_sk_set(ossl_check_BIO_sk_type(sk), (idx), ossl_check_BIO_type(ptr))) +#define sk_BIO_find(sk, ptr) OPENSSL_sk_find(ossl_check_BIO_sk_type(sk), ossl_check_BIO_type(ptr)) +#define sk_BIO_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_BIO_sk_type(sk), ossl_check_BIO_type(ptr)) +#define sk_BIO_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_BIO_sk_type(sk), ossl_check_BIO_type(ptr), pnum) +#define sk_BIO_sort(sk) OPENSSL_sk_sort(ossl_check_BIO_sk_type(sk)) +#define sk_BIO_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_BIO_sk_type(sk)) +#define sk_BIO_dup(sk) ((STACK_OF(BIO) *)OPENSSL_sk_dup(ossl_check_const_BIO_sk_type(sk))) +#define sk_BIO_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(BIO) *)OPENSSL_sk_deep_copy(ossl_check_const_BIO_sk_type(sk), ossl_check_BIO_copyfunc_type(copyfunc), ossl_check_BIO_freefunc_type(freefunc))) +#define sk_BIO_set_cmp_func(sk, cmp) ((sk_BIO_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_BIO_sk_type(sk), ossl_check_BIO_compfunc_type(cmp))) + + + +/* Prefix and suffix callback in ASN1 BIO */ +typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen, + void *parg); + +typedef void (*BIO_dgram_sctp_notification_handler_fn) (BIO *b, + void *context, + void *buf); +# ifndef OPENSSL_NO_SCTP +/* SCTP parameter structs */ +struct bio_dgram_sctp_sndinfo { + uint16_t snd_sid; + uint16_t snd_flags; + uint32_t snd_ppid; + uint32_t snd_context; +}; + +struct bio_dgram_sctp_rcvinfo { + uint16_t rcv_sid; + uint16_t rcv_ssn; + uint16_t rcv_flags; + uint32_t rcv_ppid; + uint32_t rcv_tsn; + uint32_t rcv_cumtsn; + uint32_t rcv_context; +}; + +struct bio_dgram_sctp_prinfo { + uint16_t pr_policy; + uint32_t pr_value; +}; +# endif + +/* BIO_sendmmsg/BIO_recvmmsg-related definitions */ +typedef struct bio_msg_st { + void *data; + size_t data_len; + BIO_ADDR *peer, *local; + uint64_t flags; +} BIO_MSG; + +typedef struct bio_mmsg_cb_args_st { + BIO_MSG *msg; + size_t stride, num_msg; + uint64_t flags; + size_t *msgs_processed; +} BIO_MMSG_CB_ARGS; + +#define BIO_POLL_DESCRIPTOR_TYPE_NONE 0 +#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD 1 +#define BIO_POLL_DESCRIPTOR_TYPE_SSL 2 +#define BIO_POLL_DESCRIPTOR_CUSTOM_START 8192 + +typedef struct bio_poll_descriptor_st { + uint32_t type; + union { + int fd; + void *custom; + uintptr_t custom_ui; + SSL *ssl; + } value; +} BIO_POLL_DESCRIPTOR; + +/* + * #define BIO_CONN_get_param_hostname BIO_ctrl + */ + +# define BIO_C_SET_CONNECT 100 +# define BIO_C_DO_STATE_MACHINE 101 +# define BIO_C_SET_NBIO 102 +/* # define BIO_C_SET_PROXY_PARAM 103 */ +# define BIO_C_SET_FD 104 +# define BIO_C_GET_FD 105 +# define BIO_C_SET_FILE_PTR 106 +# define BIO_C_GET_FILE_PTR 107 +# define BIO_C_SET_FILENAME 108 +# define BIO_C_SET_SSL 109 +# define BIO_C_GET_SSL 110 +# define BIO_C_SET_MD 111 +# define BIO_C_GET_MD 112 +# define BIO_C_GET_CIPHER_STATUS 113 +# define BIO_C_SET_BUF_MEM 114 +# define BIO_C_GET_BUF_MEM_PTR 115 +# define BIO_C_GET_BUFF_NUM_LINES 116 +# define BIO_C_SET_BUFF_SIZE 117 +# define BIO_C_SET_ACCEPT 118 +# define BIO_C_SSL_MODE 119 +# define BIO_C_GET_MD_CTX 120 +/* # define BIO_C_GET_PROXY_PARAM 121 */ +# define BIO_C_SET_BUFF_READ_DATA 122/* data to read first */ +# define BIO_C_GET_CONNECT 123 +# define BIO_C_GET_ACCEPT 124 +# define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 +# define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 +# define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 +# define BIO_C_FILE_SEEK 128 +# define BIO_C_GET_CIPHER_CTX 129 +# define BIO_C_SET_BUF_MEM_EOF_RETURN 130/* return end of input + * value */ +# define BIO_C_SET_BIND_MODE 131 +# define BIO_C_GET_BIND_MODE 132 +# define BIO_C_FILE_TELL 133 +# define BIO_C_GET_SOCKS 134 +# define BIO_C_SET_SOCKS 135 + +# define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */ +# define BIO_C_GET_WRITE_BUF_SIZE 137 +# define BIO_C_MAKE_BIO_PAIR 138 +# define BIO_C_DESTROY_BIO_PAIR 139 +# define BIO_C_GET_WRITE_GUARANTEE 140 +# define BIO_C_GET_READ_REQUEST 141 +# define BIO_C_SHUTDOWN_WR 142 +# define BIO_C_NREAD0 143 +# define BIO_C_NREAD 144 +# define BIO_C_NWRITE0 145 +# define BIO_C_NWRITE 146 +# define BIO_C_RESET_READ_REQUEST 147 +# define BIO_C_SET_MD_CTX 148 + +# define BIO_C_SET_PREFIX 149 +# define BIO_C_GET_PREFIX 150 +# define BIO_C_SET_SUFFIX 151 +# define BIO_C_GET_SUFFIX 152 + +# define BIO_C_SET_EX_ARG 153 +# define BIO_C_GET_EX_ARG 154 + +# define BIO_C_SET_CONNECT_MODE 155 + +# define BIO_C_SET_TFO 156 /* like BIO_C_SET_NBIO */ + +# define BIO_C_SET_SOCK_TYPE 157 +# define BIO_C_GET_SOCK_TYPE 158 +# define BIO_C_GET_DGRAM_BIO 159 + +# define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) +# define BIO_get_app_data(s) BIO_get_ex_data(s,0) + +# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) +# define BIO_set_tfo(b,n) BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL) + +# ifndef OPENSSL_NO_SOCK +/* IP families we support, for BIO_s_connect() and BIO_s_accept() */ +/* Note: the underlying operating system may not support some of them */ +# define BIO_FAMILY_IPV4 4 +# define BIO_FAMILY_IPV6 6 +# define BIO_FAMILY_IPANY 256 + +/* BIO_s_connect() */ +# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0, \ + (char *)(name)) +# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1, \ + (char *)(port)) +# define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2, \ + (char *)(addr)) +# define BIO_set_conn_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f) +# define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)) +# define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)) +# define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)) +# define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) +# define BIO_get_conn_mode(b) BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL) +# define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL) +# define BIO_set_sock_type(b,t) BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL) +# define BIO_get_sock_type(b) BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL) +# define BIO_get0_dgram_bio(b, p) BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p)) + +/* BIO_s_accept() */ +# define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \ + (char *)(name)) +# define BIO_set_accept_port(b,port) BIO_ctrl(b,BIO_C_SET_ACCEPT,1, \ + (char *)(port)) +# define BIO_get_accept_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)) +# define BIO_get_accept_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,1)) +# define BIO_get_peer_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,2)) +# define BIO_get_peer_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,3)) +/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ +# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(n)?(void *)"a":NULL) +# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,3, \ + (char *)(bio)) +# define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f) +# define BIO_get_accept_ip_family(b) BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL) +# define BIO_set_tfo_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL) + +/* Aliases kept for backward compatibility */ +# define BIO_BIND_NORMAL 0 +# define BIO_BIND_REUSEADDR BIO_SOCK_REUSEADDR +# define BIO_BIND_REUSEADDR_IF_UNUSED BIO_SOCK_REUSEADDR +# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) +# define BIO_get_bind_mode(b) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) +# endif /* OPENSSL_NO_SOCK */ + +# define BIO_do_connect(b) BIO_do_handshake(b) +# define BIO_do_accept(b) BIO_do_handshake(b) + +# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) + +/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */ +# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) +# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)(c)) + +/* BIO_s_file() */ +# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)(fp)) +# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)(fpp)) + +/* BIO_s_fd() and BIO_s_file() */ +# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) +# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) + +/* + * name is cast to lose const, but might be better to route through a + * function so we can do it safely + */ +# ifdef CONST_STRICT +/* + * If you are wondering why this isn't defined, its because CONST_STRICT is + * purely a compile-time kludge to allow const to be checked. + */ +int BIO_read_filename(BIO *b, const char *name); +# else +# define BIO_read_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ,(char *)(name)) +# endif +# define BIO_write_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_WRITE,name) +# define BIO_append_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_APPEND,name) +# define BIO_rw_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name) + +/* + * WARNING WARNING, this ups the reference count on the read bio of the SSL + * structure. This is because the ssl read BIO is now pointed to by the + * next_bio field in the bio. So when you free the BIO, make sure you are + * doing a BIO_free_all() to catch the underlying BIO. + */ +# define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)(ssl)) +# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)(sslp)) +# define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) +# define BIO_set_ssl_renegotiate_bytes(b,num) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL) +# define BIO_get_num_renegotiates(b) \ + BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL) +# define BIO_set_ssl_renegotiate_timeout(b,seconds) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL) + +/* defined in evp.h */ +/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)(md)) */ + +# define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)(pp)) +# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)(bm)) +# define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0, \ + (char *)(pp)) +# define BIO_set_mem_eof_return(b,v) \ + BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL) + +/* For the BIO_f_buffer() type */ +# define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) +# define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL) +# define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0) +# define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1) +# define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf) + +/* Don't use the next one unless you know what you are doing :-) */ +# define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret)) + +# define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) +# define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL) +# define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL) +# define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL) +# define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) +# define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) +/* ...pending macros have inappropriate return type */ +size_t BIO_ctrl_pending(BIO *b); +size_t BIO_ctrl_wpending(BIO *b); +# define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL) +# define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \ + cbp) +# define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb) + +/* For the BIO_f_buffer() type */ +# define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL) +# define BIO_buffer_peek(b,s,l) BIO_ctrl(b,BIO_CTRL_PEEK,(l),(s)) + +/* For BIO_s_bio() */ +# define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL) +# define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL) +# define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2) +# define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL) +# define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL) +/* macros with inappropriate type -- but ...pending macros use int too: */ +# define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL) +# define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL) +size_t BIO_ctrl_get_write_guarantee(BIO *b); +size_t BIO_ctrl_get_read_request(BIO *b); +int BIO_ctrl_reset_read_request(BIO *b); + +/* ctrl macros for dgram */ +# define BIO_ctrl_dgram_connect(b,peer) \ + (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)(peer)) +# define BIO_ctrl_set_connected(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)(peer)) +# define BIO_dgram_recv_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) +# define BIO_dgram_send_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) +# define BIO_dgram_get_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer)) +# define BIO_dgram_set_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer)) +# define BIO_dgram_detect_peer_addr(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer)) +# define BIO_dgram_get_mtu_overhead(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) +# define BIO_dgram_get_local_addr_cap(b) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL) +# define BIO_dgram_get_local_addr_enable(b, penable) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable)) +# define BIO_dgram_set_local_addr_enable(b, enable) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL) +# define BIO_dgram_get_effective_caps(b) \ + (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL) +# define BIO_dgram_get_caps(b) \ + (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL) +# define BIO_dgram_set_caps(b, caps) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL) +# define BIO_dgram_get_no_trunc(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL) +# define BIO_dgram_set_no_trunc(b, enable) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL) +# define BIO_dgram_get_mtu(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL) +# define BIO_dgram_set_mtu(b, mtu) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL) +# define BIO_dgram_set0_local_addr(b, addr) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET0_LOCAL_ADDR, 0, (addr)) + +/* ctrl macros for BIO_f_prefix */ +# define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p)) +# define BIO_set_indent(b,i) BIO_ctrl((b), BIO_CTRL_SET_INDENT, (i), NULL) +# define BIO_get_indent(b) BIO_ctrl((b), BIO_CTRL_GET_INDENT, 0, NULL) + +#define BIO_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef) +int BIO_set_ex_data(BIO *bio, int idx, void *data); +void *BIO_get_ex_data(const BIO *bio, int idx); +uint64_t BIO_number_read(BIO *bio); +uint64_t BIO_number_written(BIO *bio); + +/* For BIO_f_asn1() */ +int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, + asn1_ps_func *prefix_free); +int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, + asn1_ps_func **pprefix_free); +int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, + asn1_ps_func *suffix_free); +int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, + asn1_ps_func **psuffix_free); + +const BIO_METHOD *BIO_s_file(void); +BIO *BIO_new_file(const char *filename, const char *mode); +BIO *BIO_new_from_core_bio(OSSL_LIB_CTX *libctx, OSSL_CORE_BIO *corebio); +# ifndef OPENSSL_NO_STDIO +BIO *BIO_new_fp(FILE *stream, int close_flag); +# endif +BIO *BIO_new_ex(OSSL_LIB_CTX *libctx, const BIO_METHOD *method); +BIO *BIO_new(const BIO_METHOD *type); +int BIO_free(BIO *a); +void BIO_set_data(BIO *a, void *ptr); +void *BIO_get_data(BIO *a); +void BIO_set_init(BIO *a, int init); +int BIO_get_init(BIO *a); +void BIO_set_shutdown(BIO *a, int shut); +int BIO_get_shutdown(BIO *a); +void BIO_vfree(BIO *a); +int BIO_up_ref(BIO *a); +int BIO_read(BIO *b, void *data, int dlen); +int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes); +__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg, + size_t stride, size_t num_msg, uint64_t flags, + size_t *msgs_processed); +int BIO_gets(BIO *bp, char *buf, int size); +int BIO_get_line(BIO *bio, char *buf, int size); +int BIO_write(BIO *b, const void *data, int dlen); +int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written); +__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg, + size_t stride, size_t num_msg, uint64_t flags, + size_t *msgs_processed); +__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc); +__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc); +int BIO_puts(BIO *bp, const char *buf); +int BIO_indent(BIO *b, int indent, int max); +long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); +long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); +void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); +long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); +BIO *BIO_push(BIO *b, BIO *append); +BIO *BIO_pop(BIO *b); +void BIO_free_all(BIO *a); +BIO *BIO_find_type(BIO *b, int bio_type); +BIO *BIO_next(BIO *b); +void BIO_set_next(BIO *b, BIO *next); +BIO *BIO_get_retry_BIO(BIO *bio, int *reason); +int BIO_get_retry_reason(BIO *bio); +void BIO_set_retry_reason(BIO *bio, int reason); +BIO *BIO_dup_chain(BIO *in); + +int BIO_nread0(BIO *bio, char **buf); +int BIO_nread(BIO *bio, char **buf, int num); +int BIO_nwrite0(BIO *bio, char **buf); +int BIO_nwrite(BIO *bio, char **buf, int num); + +const BIO_METHOD *BIO_s_mem(void); +# ifndef OPENSSL_NO_DGRAM +const BIO_METHOD *BIO_s_dgram_mem(void); +# endif +const BIO_METHOD *BIO_s_secmem(void); +BIO *BIO_new_mem_buf(const void *buf, int len); +# ifndef OPENSSL_NO_SOCK +const BIO_METHOD *BIO_s_socket(void); +const BIO_METHOD *BIO_s_connect(void); +const BIO_METHOD *BIO_s_accept(void); +# endif +const BIO_METHOD *BIO_s_fd(void); +const BIO_METHOD *BIO_s_log(void); +const BIO_METHOD *BIO_s_bio(void); +const BIO_METHOD *BIO_s_null(void); +const BIO_METHOD *BIO_f_null(void); +const BIO_METHOD *BIO_f_buffer(void); +const BIO_METHOD *BIO_f_readbuffer(void); +const BIO_METHOD *BIO_f_linebuffer(void); +const BIO_METHOD *BIO_f_nbio_test(void); +const BIO_METHOD *BIO_f_prefix(void); +const BIO_METHOD *BIO_s_core(void); +# ifndef OPENSSL_NO_DGRAM +const BIO_METHOD *BIO_s_dgram_pair(void); +const BIO_METHOD *BIO_s_datagram(void); +int BIO_dgram_non_fatal_error(int error); +BIO *BIO_new_dgram(int fd, int close_flag); +# ifndef OPENSSL_NO_SCTP +const BIO_METHOD *BIO_s_datagram_sctp(void); +BIO *BIO_new_dgram_sctp(int fd, int close_flag); +int BIO_dgram_is_sctp(BIO *bio); +int BIO_dgram_sctp_notification_cb(BIO *b, + BIO_dgram_sctp_notification_handler_fn handle_notifications, + void *context); +int BIO_dgram_sctp_wait_for_dry(BIO *b); +int BIO_dgram_sctp_msg_waiting(BIO *b); +# endif +# endif + +# ifndef OPENSSL_NO_SOCK +int BIO_sock_should_retry(int i); +int BIO_sock_non_fatal_error(int error); +int BIO_err_is_non_fatal(unsigned int errcode); +int BIO_socket_wait(int fd, int for_read, time_t max_time); +# endif +int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds); +int BIO_do_connect_retry(BIO *bio, int timeout, int nap_milliseconds); + +int BIO_fd_should_retry(int i); +int BIO_fd_non_fatal_error(int error); +int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u), + void *u, const void *s, int len); +int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), + void *u, const void *s, int len, int indent); +int BIO_dump(BIO *b, const void *bytes, int len); +int BIO_dump_indent(BIO *b, const void *bytes, int len, int indent); +# ifndef OPENSSL_NO_STDIO +int BIO_dump_fp(FILE *fp, const void *s, int len); +int BIO_dump_indent_fp(FILE *fp, const void *s, int len, int indent); +# endif +int BIO_hex_string(BIO *out, int indent, int width, const void *data, + int datalen); + +# ifndef OPENSSL_NO_SOCK +BIO_ADDR *BIO_ADDR_new(void); +int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src); +BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap); +int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, + const void *where, size_t wherelen, unsigned short port); +void BIO_ADDR_free(BIO_ADDR *); +void BIO_ADDR_clear(BIO_ADDR *ap); +int BIO_ADDR_family(const BIO_ADDR *ap); +int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l); +unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap); +char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric); +char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric); +char *BIO_ADDR_path_string(const BIO_ADDR *ap); + +const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai); +const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai); +void BIO_ADDRINFO_free(BIO_ADDRINFO *bai); + +enum BIO_hostserv_priorities { + BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV +}; +int BIO_parse_hostserv(const char *hostserv, char **host, char **service, + enum BIO_hostserv_priorities hostserv_prio); +enum BIO_lookup_type { + BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER +}; +int BIO_lookup(const char *host, const char *service, + enum BIO_lookup_type lookup_type, + int family, int socktype, BIO_ADDRINFO **res); +int BIO_lookup_ex(const char *host, const char *service, + int lookup_type, int family, int socktype, int protocol, + BIO_ADDRINFO **res); +int BIO_sock_error(int sock); +int BIO_socket_ioctl(int fd, long type, void *arg); +int BIO_socket_nbio(int fd, int mode); +int BIO_sock_init(void); +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define BIO_sock_cleanup() while(0) continue +# endif +int BIO_set_tcp_ndelay(int sock, int turn_on); +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +OSSL_DEPRECATEDIN_1_1_0 struct hostent *BIO_gethostbyname(const char *name); +OSSL_DEPRECATEDIN_1_1_0 int BIO_get_port(const char *str, unsigned short *port_ptr); +OSSL_DEPRECATEDIN_1_1_0 int BIO_get_host_ip(const char *str, unsigned char *ip); +OSSL_DEPRECATEDIN_1_1_0 int BIO_get_accept_socket(char *host_port, int mode); +OSSL_DEPRECATEDIN_1_1_0 int BIO_accept(int sock, char **ip_port); +# endif + +union BIO_sock_info_u { + BIO_ADDR *addr; +}; +enum BIO_sock_info_type { + BIO_SOCK_INFO_ADDRESS +}; +int BIO_sock_info(int sock, + enum BIO_sock_info_type type, union BIO_sock_info_u *info); + +# define BIO_SOCK_REUSEADDR 0x01 +# define BIO_SOCK_V6_ONLY 0x02 +# define BIO_SOCK_KEEPALIVE 0x04 +# define BIO_SOCK_NONBLOCK 0x08 +# define BIO_SOCK_NODELAY 0x10 +# define BIO_SOCK_TFO 0x20 + +int BIO_socket(int domain, int socktype, int protocol, int options); +int BIO_connect(int sock, const BIO_ADDR *addr, int options); +int BIO_bind(int sock, const BIO_ADDR *addr, int options); +int BIO_listen(int sock, const BIO_ADDR *addr, int options); +int BIO_accept_ex(int accept_sock, BIO_ADDR *addr, int options); +int BIO_closesocket(int sock); + +BIO *BIO_new_socket(int sock, int close_flag); +BIO *BIO_new_connect(const char *host_port); +BIO *BIO_new_accept(const char *host_port); +# endif /* OPENSSL_NO_SOCK*/ + +BIO *BIO_new_fd(int fd, int close_flag); + +int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, + BIO **bio2, size_t writebuf2); +# ifndef OPENSSL_NO_DGRAM +int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1, + BIO **bio2, size_t writebuf2); +# endif + +/* + * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. + * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default + * value. + */ + +void BIO_copy_next_retry(BIO *b); + +/* + * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); + */ + +# define ossl_bio__attr__(x) +# if defined(__GNUC__) && defined(__STDC_VERSION__) \ + && !defined(__MINGW32__) && !defined(__MINGW64__) \ + && !defined(__APPLE__) + /* + * Because we support the 'z' modifier, which made its appearance in C99, + * we can't use __attribute__ with pre C99 dialects. + */ +# if __STDC_VERSION__ >= 199901L +# undef ossl_bio__attr__ +# define ossl_bio__attr__ __attribute__ +# if __GNUC__*10 + __GNUC_MINOR__ >= 44 +# define ossl_bio__printf__ __gnu_printf__ +# else +# define ossl_bio__printf__ __printf__ +# endif +# endif +# endif +int BIO_printf(BIO *bio, const char *format, ...) +ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 3))); +int BIO_vprintf(BIO *bio, const char *format, va_list args) +ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 0))); +int BIO_snprintf(char *buf, size_t n, const char *format, ...) +ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 4))); +int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 0))); +# undef ossl_bio__attr__ +# undef ossl_bio__printf__ + + +BIO_METHOD *BIO_meth_new(int type, const char *name); +void BIO_meth_free(BIO_METHOD *biom); +int BIO_meth_set_write(BIO_METHOD *biom, + int (*write) (BIO *, const char *, int)); +int BIO_meth_set_write_ex(BIO_METHOD *biom, + int (*bwrite) (BIO *, const char *, size_t, size_t *)); +int BIO_meth_set_sendmmsg(BIO_METHOD *biom, + int (*f) (BIO *, BIO_MSG *, size_t, size_t, + uint64_t, size_t *)); +int BIO_meth_set_read(BIO_METHOD *biom, + int (*read) (BIO *, char *, int)); +int BIO_meth_set_read_ex(BIO_METHOD *biom, + int (*bread) (BIO *, char *, size_t, size_t *)); +int BIO_meth_set_recvmmsg(BIO_METHOD *biom, + int (*f) (BIO *, BIO_MSG *, size_t, size_t, + uint64_t, size_t *)); +int BIO_meth_set_puts(BIO_METHOD *biom, + int (*puts) (BIO *, const char *)); +int BIO_meth_set_gets(BIO_METHOD *biom, + int (*ossl_gets) (BIO *, char *, int)); +int BIO_meth_set_ctrl(BIO_METHOD *biom, + long (*ctrl) (BIO *, int, long, void *)); +int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); +int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); +int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, + long (*callback_ctrl) (BIO *, int, + BIO_info_cb *)); +# ifndef OPENSSL_NO_DEPRECATED_3_5 +OSSL_DEPRECATEDIN_3_5 int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, + int); +OSSL_DEPRECATEDIN_3_5 int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, + size_t, size_t *); +OSSL_DEPRECATEDIN_3_5 int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *, + size_t, size_t, + uint64_t, size_t *); +OSSL_DEPRECATEDIN_3_5 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int); +OSSL_DEPRECATEDIN_3_5 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, + size_t, size_t *); +OSSL_DEPRECATEDIN_3_5 int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *, + size_t, size_t, + uint64_t, size_t *); +OSSL_DEPRECATEDIN_3_5 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *); +OSSL_DEPRECATEDIN_3_5 int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); +OSSL_DEPRECATEDIN_3_5 long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, + long, void *); +OSSL_DEPRECATEDIN_3_5 int (*BIO_meth_get_create(const BIO_METHOD *bion)) (BIO *); +OSSL_DEPRECATEDIN_3_5 int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *); +OSSL_DEPRECATEDIN_3_5 long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) (BIO *, int, + BIO_info_cb *); +# endif +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/cmp.h b/contrib/openssl-cmake/common/include/openssl/cmp.h new file mode 100644 index 000000000000..fff7ea754c17 --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/cmp.h @@ -0,0 +1,729 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/cmp.h.in + * + * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Nokia 2007-2019 + * Copyright Siemens AG 2015-2019 + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + + +#ifndef OPENSSL_CMP_H +# define OPENSSL_CMP_H + +# include +# ifndef OPENSSL_NO_CMP + +# include +# include +# include +# include + +/* explicit #includes not strictly needed since implied by the above: */ +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# define OSSL_CMP_PVNO_2 2 +# define OSSL_CMP_PVNO_3 3 +# define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */ + +/*- + * PKIFailureInfo ::= BIT STRING { + * -- since we can fail in more than one way! + * -- More codes may be added in the future if/when required. + * badAlg (0), + * -- unrecognized or unsupported Algorithm Identifier + * badMessageCheck (1), + * -- integrity check failed (e.g., signature did not verify) + * badRequest (2), + * -- transaction not permitted or supported + * badTime (3), + * -- messageTime was not sufficiently close to the system time, + * -- as defined by local policy + * badCertId (4), + * -- no certificate could be found matching the provided criteria + * badDataFormat (5), + * -- the data submitted has the wrong format + * wrongAuthority (6), + * -- the authority indicated in the request is different from the + * -- one creating the response token + * incorrectData (7), + * -- the requester's data is incorrect (for notary services) + * missingTimeStamp (8), + * -- when the timestamp is missing but should be there + * -- (by policy) + * badPOP (9), + * -- the proof-of-possession failed + * certRevoked (10), + * -- the certificate has already been revoked + * certConfirmed (11), + * -- the certificate has already been confirmed + * wrongIntegrity (12), + * -- invalid integrity, password based instead of signature or + * -- vice versa + * badRecipientNonce (13), + * -- invalid recipient nonce, either missing or wrong value + * timeNotAvailable (14), + * -- the TSA's time source is not available + * unacceptedPolicy (15), + * -- the requested TSA policy is not supported by the TSA. + * unacceptedExtension (16), + * -- the requested extension is not supported by the TSA. + * addInfoNotAvailable (17), + * -- the additional information requested could not be + * -- understood or is not available + * badSenderNonce (18), + * -- invalid sender nonce, either missing or wrong size + * badCertTemplate (19), + * -- invalid cert. template or missing mandatory information + * signerNotTrusted (20), + * -- signer of the message unknown or not trusted + * transactionIdInUse (21), + * -- the transaction identifier is already in use + * unsupportedVersion (22), + * -- the version of the message is not supported + * notAuthorized (23), + * -- the sender was not authorized to make the preceding + * -- request or perform the preceding action + * systemUnavail (24), + * -- the request cannot be handled due to system unavailability + * systemFailure (25), + * -- the request cannot be handled due to system failure + * duplicateCertReq (26) + * -- certificate cannot be issued because a duplicate + * -- certificate already exists + * } + */ +# define OSSL_CMP_PKIFAILUREINFO_badAlg 0 +# define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1 +# define OSSL_CMP_PKIFAILUREINFO_badRequest 2 +# define OSSL_CMP_PKIFAILUREINFO_badTime 3 +# define OSSL_CMP_PKIFAILUREINFO_badCertId 4 +# define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5 +# define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6 +# define OSSL_CMP_PKIFAILUREINFO_incorrectData 7 +# define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8 +# define OSSL_CMP_PKIFAILUREINFO_badPOP 9 +# define OSSL_CMP_PKIFAILUREINFO_certRevoked 10 +# define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11 +# define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12 +# define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13 +# define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14 +# define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15 +# define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16 +# define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17 +# define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18 +# define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19 +# define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20 +# define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21 +# define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22 +# define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23 +# define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24 +# define OSSL_CMP_PKIFAILUREINFO_systemFailure 25 +# define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26 +# define OSSL_CMP_PKIFAILUREINFO_MAX 26 +# define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \ + ((1 << (OSSL_CMP_PKIFAILUREINFO_MAX + 1)) - 1) +# if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX +# error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int +# endif +typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; + +# define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0) +# define OSSL_CMP_CTX_FAILINFO_badMessageCheck (1 << 1) +# define OSSL_CMP_CTX_FAILINFO_badRequest (1 << 2) +# define OSSL_CMP_CTX_FAILINFO_badTime (1 << 3) +# define OSSL_CMP_CTX_FAILINFO_badCertId (1 << 4) +# define OSSL_CMP_CTX_FAILINFO_badDataFormat (1 << 5) +# define OSSL_CMP_CTX_FAILINFO_wrongAuthority (1 << 6) +# define OSSL_CMP_CTX_FAILINFO_incorrectData (1 << 7) +# define OSSL_CMP_CTX_FAILINFO_missingTimeStamp (1 << 8) +# define OSSL_CMP_CTX_FAILINFO_badPOP (1 << 9) +# define OSSL_CMP_CTX_FAILINFO_certRevoked (1 << 10) +# define OSSL_CMP_CTX_FAILINFO_certConfirmed (1 << 11) +# define OSSL_CMP_CTX_FAILINFO_wrongIntegrity (1 << 12) +# define OSSL_CMP_CTX_FAILINFO_badRecipientNonce (1 << 13) +# define OSSL_CMP_CTX_FAILINFO_timeNotAvailable (1 << 14) +# define OSSL_CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15) +# define OSSL_CMP_CTX_FAILINFO_unacceptedExtension (1 << 16) +# define OSSL_CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17) +# define OSSL_CMP_CTX_FAILINFO_badSenderNonce (1 << 18) +# define OSSL_CMP_CTX_FAILINFO_badCertTemplate (1 << 19) +# define OSSL_CMP_CTX_FAILINFO_signerNotTrusted (1 << 20) +# define OSSL_CMP_CTX_FAILINFO_transactionIdInUse (1 << 21) +# define OSSL_CMP_CTX_FAILINFO_unsupportedVersion (1 << 22) +# define OSSL_CMP_CTX_FAILINFO_notAuthorized (1 << 23) +# define OSSL_CMP_CTX_FAILINFO_systemUnavail (1 << 24) +# define OSSL_CMP_CTX_FAILINFO_systemFailure (1 << 25) +# define OSSL_CMP_CTX_FAILINFO_duplicateCertReq (1 << 26) + +/*- + * PKIStatus ::= INTEGER { + * accepted (0), + * -- you got exactly what you asked for + * grantedWithMods (1), + * -- you got something like what you asked for; the + * -- requester is responsible for ascertaining the differences + * rejection (2), + * -- you don't get it, more information elsewhere in the message + * waiting (3), + * -- the request body part has not yet been processed; expect to + * -- hear more later (note: proper handling of this status + * -- response MAY use the polling req/rep PKIMessages specified + * -- in Section 5.3.22; alternatively, polling in the underlying + * -- transport layer MAY have some utility in this regard) + * revocationWarning (4), + * -- this message contains a warning that a revocation is + * -- imminent + * revocationNotification (5), + * -- notification that a revocation has occurred + * keyUpdateWarning (6) + * -- update already done for the oldCertId specified in + * -- CertReqMsg + * } + */ +# define OSSL_CMP_PKISTATUS_rejected_by_client -5 +# define OSSL_CMP_PKISTATUS_checking_response -4 +# define OSSL_CMP_PKISTATUS_request -3 +# define OSSL_CMP_PKISTATUS_trans -2 +# define OSSL_CMP_PKISTATUS_unspecified -1 +# define OSSL_CMP_PKISTATUS_accepted 0 +# define OSSL_CMP_PKISTATUS_grantedWithMods 1 +# define OSSL_CMP_PKISTATUS_rejection 2 +# define OSSL_CMP_PKISTATUS_waiting 3 +# define OSSL_CMP_PKISTATUS_revocationWarning 4 +# define OSSL_CMP_PKISTATUS_revocationNotification 5 +# define OSSL_CMP_PKISTATUS_keyUpdateWarning 6 +typedef ASN1_INTEGER OSSL_CMP_PKISTATUS; + +DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS) + +# define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0 +# define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1 + +/* data type declarations */ +typedef struct ossl_cmp_ctx_st OSSL_CMP_CTX; +typedef struct ossl_cmp_pkiheader_st OSSL_CMP_PKIHEADER; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER) +typedef struct ossl_cmp_msg_st OSSL_CMP_MSG; +DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_MSG) +DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG) +typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS; +SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CMP_CERTSTATUS, OSSL_CMP_CERTSTATUS, OSSL_CMP_CERTSTATUS) +#define sk_OSSL_CMP_CERTSTATUS_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CMP_CERTSTATUS_sk_type(sk)) +#define sk_OSSL_CMP_CERTSTATUS_value(sk, idx) ((OSSL_CMP_CERTSTATUS *)OPENSSL_sk_value(ossl_check_const_OSSL_CMP_CERTSTATUS_sk_type(sk), (idx))) +#define sk_OSSL_CMP_CERTSTATUS_new(cmp) ((STACK_OF(OSSL_CMP_CERTSTATUS) *)OPENSSL_sk_new(ossl_check_OSSL_CMP_CERTSTATUS_compfunc_type(cmp))) +#define sk_OSSL_CMP_CERTSTATUS_new_null() ((STACK_OF(OSSL_CMP_CERTSTATUS) *)OPENSSL_sk_new_null()) +#define sk_OSSL_CMP_CERTSTATUS_new_reserve(cmp, n) ((STACK_OF(OSSL_CMP_CERTSTATUS) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_CMP_CERTSTATUS_compfunc_type(cmp), (n))) +#define sk_OSSL_CMP_CERTSTATUS_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), (n)) +#define sk_OSSL_CMP_CERTSTATUS_free(sk) OPENSSL_sk_free(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk)) +#define sk_OSSL_CMP_CERTSTATUS_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk)) +#define sk_OSSL_CMP_CERTSTATUS_delete(sk, i) ((OSSL_CMP_CERTSTATUS *)OPENSSL_sk_delete(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), (i))) +#define sk_OSSL_CMP_CERTSTATUS_delete_ptr(sk, ptr) ((OSSL_CMP_CERTSTATUS *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CERTSTATUS_type(ptr))) +#define sk_OSSL_CMP_CERTSTATUS_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CERTSTATUS_type(ptr)) +#define sk_OSSL_CMP_CERTSTATUS_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CERTSTATUS_type(ptr)) +#define sk_OSSL_CMP_CERTSTATUS_pop(sk) ((OSSL_CMP_CERTSTATUS *)OPENSSL_sk_pop(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk))) +#define sk_OSSL_CMP_CERTSTATUS_shift(sk) ((OSSL_CMP_CERTSTATUS *)OPENSSL_sk_shift(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk))) +#define sk_OSSL_CMP_CERTSTATUS_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk),ossl_check_OSSL_CMP_CERTSTATUS_freefunc_type(freefunc)) +#define sk_OSSL_CMP_CERTSTATUS_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CERTSTATUS_type(ptr), (idx)) +#define sk_OSSL_CMP_CERTSTATUS_set(sk, idx, ptr) ((OSSL_CMP_CERTSTATUS *)OPENSSL_sk_set(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), (idx), ossl_check_OSSL_CMP_CERTSTATUS_type(ptr))) +#define sk_OSSL_CMP_CERTSTATUS_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CERTSTATUS_type(ptr)) +#define sk_OSSL_CMP_CERTSTATUS_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CERTSTATUS_type(ptr)) +#define sk_OSSL_CMP_CERTSTATUS_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CERTSTATUS_type(ptr), pnum) +#define sk_OSSL_CMP_CERTSTATUS_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk)) +#define sk_OSSL_CMP_CERTSTATUS_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_CMP_CERTSTATUS_sk_type(sk)) +#define sk_OSSL_CMP_CERTSTATUS_dup(sk) ((STACK_OF(OSSL_CMP_CERTSTATUS) *)OPENSSL_sk_dup(ossl_check_const_OSSL_CMP_CERTSTATUS_sk_type(sk))) +#define sk_OSSL_CMP_CERTSTATUS_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CMP_CERTSTATUS) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CMP_CERTSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CERTSTATUS_copyfunc_type(copyfunc), ossl_check_OSSL_CMP_CERTSTATUS_freefunc_type(freefunc))) +#define sk_OSSL_CMP_CERTSTATUS_set_cmp_func(sk, cmp) ((sk_OSSL_CMP_CERTSTATUS_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CERTSTATUS_compfunc_type(cmp))) + +typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV; +DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV) +SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CMP_ITAV, OSSL_CMP_ITAV, OSSL_CMP_ITAV) +#define sk_OSSL_CMP_ITAV_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CMP_ITAV_sk_type(sk)) +#define sk_OSSL_CMP_ITAV_value(sk, idx) ((OSSL_CMP_ITAV *)OPENSSL_sk_value(ossl_check_const_OSSL_CMP_ITAV_sk_type(sk), (idx))) +#define sk_OSSL_CMP_ITAV_new(cmp) ((STACK_OF(OSSL_CMP_ITAV) *)OPENSSL_sk_new(ossl_check_OSSL_CMP_ITAV_compfunc_type(cmp))) +#define sk_OSSL_CMP_ITAV_new_null() ((STACK_OF(OSSL_CMP_ITAV) *)OPENSSL_sk_new_null()) +#define sk_OSSL_CMP_ITAV_new_reserve(cmp, n) ((STACK_OF(OSSL_CMP_ITAV) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_CMP_ITAV_compfunc_type(cmp), (n))) +#define sk_OSSL_CMP_ITAV_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_CMP_ITAV_sk_type(sk), (n)) +#define sk_OSSL_CMP_ITAV_free(sk) OPENSSL_sk_free(ossl_check_OSSL_CMP_ITAV_sk_type(sk)) +#define sk_OSSL_CMP_ITAV_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_CMP_ITAV_sk_type(sk)) +#define sk_OSSL_CMP_ITAV_delete(sk, i) ((OSSL_CMP_ITAV *)OPENSSL_sk_delete(ossl_check_OSSL_CMP_ITAV_sk_type(sk), (i))) +#define sk_OSSL_CMP_ITAV_delete_ptr(sk, ptr) ((OSSL_CMP_ITAV *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_CMP_ITAV_sk_type(sk), ossl_check_OSSL_CMP_ITAV_type(ptr))) +#define sk_OSSL_CMP_ITAV_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_CMP_ITAV_sk_type(sk), ossl_check_OSSL_CMP_ITAV_type(ptr)) +#define sk_OSSL_CMP_ITAV_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_CMP_ITAV_sk_type(sk), ossl_check_OSSL_CMP_ITAV_type(ptr)) +#define sk_OSSL_CMP_ITAV_pop(sk) ((OSSL_CMP_ITAV *)OPENSSL_sk_pop(ossl_check_OSSL_CMP_ITAV_sk_type(sk))) +#define sk_OSSL_CMP_ITAV_shift(sk) ((OSSL_CMP_ITAV *)OPENSSL_sk_shift(ossl_check_OSSL_CMP_ITAV_sk_type(sk))) +#define sk_OSSL_CMP_ITAV_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_CMP_ITAV_sk_type(sk),ossl_check_OSSL_CMP_ITAV_freefunc_type(freefunc)) +#define sk_OSSL_CMP_ITAV_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_CMP_ITAV_sk_type(sk), ossl_check_OSSL_CMP_ITAV_type(ptr), (idx)) +#define sk_OSSL_CMP_ITAV_set(sk, idx, ptr) ((OSSL_CMP_ITAV *)OPENSSL_sk_set(ossl_check_OSSL_CMP_ITAV_sk_type(sk), (idx), ossl_check_OSSL_CMP_ITAV_type(ptr))) +#define sk_OSSL_CMP_ITAV_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_CMP_ITAV_sk_type(sk), ossl_check_OSSL_CMP_ITAV_type(ptr)) +#define sk_OSSL_CMP_ITAV_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_CMP_ITAV_sk_type(sk), ossl_check_OSSL_CMP_ITAV_type(ptr)) +#define sk_OSSL_CMP_ITAV_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_CMP_ITAV_sk_type(sk), ossl_check_OSSL_CMP_ITAV_type(ptr), pnum) +#define sk_OSSL_CMP_ITAV_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_CMP_ITAV_sk_type(sk)) +#define sk_OSSL_CMP_ITAV_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_CMP_ITAV_sk_type(sk)) +#define sk_OSSL_CMP_ITAV_dup(sk) ((STACK_OF(OSSL_CMP_ITAV) *)OPENSSL_sk_dup(ossl_check_const_OSSL_CMP_ITAV_sk_type(sk))) +#define sk_OSSL_CMP_ITAV_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CMP_ITAV) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CMP_ITAV_sk_type(sk), ossl_check_OSSL_CMP_ITAV_copyfunc_type(copyfunc), ossl_check_OSSL_CMP_ITAV_freefunc_type(freefunc))) +#define sk_OSSL_CMP_ITAV_set_cmp_func(sk, cmp) ((sk_OSSL_CMP_ITAV_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CMP_ITAV_sk_type(sk), ossl_check_OSSL_CMP_ITAV_compfunc_type(cmp))) + + +typedef struct ossl_cmp_crlstatus_st OSSL_CMP_CRLSTATUS; +SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CMP_CRLSTATUS, OSSL_CMP_CRLSTATUS, OSSL_CMP_CRLSTATUS) +#define sk_OSSL_CMP_CRLSTATUS_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CMP_CRLSTATUS_sk_type(sk)) +#define sk_OSSL_CMP_CRLSTATUS_value(sk, idx) ((OSSL_CMP_CRLSTATUS *)OPENSSL_sk_value(ossl_check_const_OSSL_CMP_CRLSTATUS_sk_type(sk), (idx))) +#define sk_OSSL_CMP_CRLSTATUS_new(cmp) ((STACK_OF(OSSL_CMP_CRLSTATUS) *)OPENSSL_sk_new(ossl_check_OSSL_CMP_CRLSTATUS_compfunc_type(cmp))) +#define sk_OSSL_CMP_CRLSTATUS_new_null() ((STACK_OF(OSSL_CMP_CRLSTATUS) *)OPENSSL_sk_new_null()) +#define sk_OSSL_CMP_CRLSTATUS_new_reserve(cmp, n) ((STACK_OF(OSSL_CMP_CRLSTATUS) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_CMP_CRLSTATUS_compfunc_type(cmp), (n))) +#define sk_OSSL_CMP_CRLSTATUS_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_CMP_CRLSTATUS_sk_type(sk), (n)) +#define sk_OSSL_CMP_CRLSTATUS_free(sk) OPENSSL_sk_free(ossl_check_OSSL_CMP_CRLSTATUS_sk_type(sk)) +#define sk_OSSL_CMP_CRLSTATUS_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_CMP_CRLSTATUS_sk_type(sk)) +#define sk_OSSL_CMP_CRLSTATUS_delete(sk, i) ((OSSL_CMP_CRLSTATUS *)OPENSSL_sk_delete(ossl_check_OSSL_CMP_CRLSTATUS_sk_type(sk), (i))) +#define sk_OSSL_CMP_CRLSTATUS_delete_ptr(sk, ptr) ((OSSL_CMP_CRLSTATUS *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_CMP_CRLSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CRLSTATUS_type(ptr))) +#define sk_OSSL_CMP_CRLSTATUS_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_CMP_CRLSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CRLSTATUS_type(ptr)) +#define sk_OSSL_CMP_CRLSTATUS_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_CMP_CRLSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CRLSTATUS_type(ptr)) +#define sk_OSSL_CMP_CRLSTATUS_pop(sk) ((OSSL_CMP_CRLSTATUS *)OPENSSL_sk_pop(ossl_check_OSSL_CMP_CRLSTATUS_sk_type(sk))) +#define sk_OSSL_CMP_CRLSTATUS_shift(sk) ((OSSL_CMP_CRLSTATUS *)OPENSSL_sk_shift(ossl_check_OSSL_CMP_CRLSTATUS_sk_type(sk))) +#define sk_OSSL_CMP_CRLSTATUS_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_CMP_CRLSTATUS_sk_type(sk),ossl_check_OSSL_CMP_CRLSTATUS_freefunc_type(freefunc)) +#define sk_OSSL_CMP_CRLSTATUS_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_CMP_CRLSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CRLSTATUS_type(ptr), (idx)) +#define sk_OSSL_CMP_CRLSTATUS_set(sk, idx, ptr) ((OSSL_CMP_CRLSTATUS *)OPENSSL_sk_set(ossl_check_OSSL_CMP_CRLSTATUS_sk_type(sk), (idx), ossl_check_OSSL_CMP_CRLSTATUS_type(ptr))) +#define sk_OSSL_CMP_CRLSTATUS_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_CMP_CRLSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CRLSTATUS_type(ptr)) +#define sk_OSSL_CMP_CRLSTATUS_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_CMP_CRLSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CRLSTATUS_type(ptr)) +#define sk_OSSL_CMP_CRLSTATUS_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_CMP_CRLSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CRLSTATUS_type(ptr), pnum) +#define sk_OSSL_CMP_CRLSTATUS_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_CMP_CRLSTATUS_sk_type(sk)) +#define sk_OSSL_CMP_CRLSTATUS_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_CMP_CRLSTATUS_sk_type(sk)) +#define sk_OSSL_CMP_CRLSTATUS_dup(sk) ((STACK_OF(OSSL_CMP_CRLSTATUS) *)OPENSSL_sk_dup(ossl_check_const_OSSL_CMP_CRLSTATUS_sk_type(sk))) +#define sk_OSSL_CMP_CRLSTATUS_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CMP_CRLSTATUS) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CMP_CRLSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CRLSTATUS_copyfunc_type(copyfunc), ossl_check_OSSL_CMP_CRLSTATUS_freefunc_type(freefunc))) +#define sk_OSSL_CMP_CRLSTATUS_set_cmp_func(sk, cmp) ((sk_OSSL_CMP_CRLSTATUS_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CMP_CRLSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CRLSTATUS_compfunc_type(cmp))) + + +typedef OSSL_CRMF_ATTRIBUTETYPEANDVALUE OSSL_CMP_ATAV; +# define OSSL_CMP_ATAV_free OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free +typedef STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) OSSL_CMP_ATAVS; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_ATAVS) +# define stack_st_OSSL_CMP_ATAV stack_st_OSSL_CRMF_ATTRIBUTETYPEANDVALUE +# define sk_OSSL_CMP_ATAV_num sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_num +# define sk_OSSL_CMP_ATAV_value sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_value +# define sk_OSSL_CMP_ATAV_push sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_push +# define sk_OSSL_CMP_ATAV_pop_free sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_pop_free + +typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT; +typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI) +DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI) +SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CMP_PKISI, OSSL_CMP_PKISI, OSSL_CMP_PKISI) +#define sk_OSSL_CMP_PKISI_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CMP_PKISI_sk_type(sk)) +#define sk_OSSL_CMP_PKISI_value(sk, idx) ((OSSL_CMP_PKISI *)OPENSSL_sk_value(ossl_check_const_OSSL_CMP_PKISI_sk_type(sk), (idx))) +#define sk_OSSL_CMP_PKISI_new(cmp) ((STACK_OF(OSSL_CMP_PKISI) *)OPENSSL_sk_new(ossl_check_OSSL_CMP_PKISI_compfunc_type(cmp))) +#define sk_OSSL_CMP_PKISI_new_null() ((STACK_OF(OSSL_CMP_PKISI) *)OPENSSL_sk_new_null()) +#define sk_OSSL_CMP_PKISI_new_reserve(cmp, n) ((STACK_OF(OSSL_CMP_PKISI) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_CMP_PKISI_compfunc_type(cmp), (n))) +#define sk_OSSL_CMP_PKISI_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_CMP_PKISI_sk_type(sk), (n)) +#define sk_OSSL_CMP_PKISI_free(sk) OPENSSL_sk_free(ossl_check_OSSL_CMP_PKISI_sk_type(sk)) +#define sk_OSSL_CMP_PKISI_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_CMP_PKISI_sk_type(sk)) +#define sk_OSSL_CMP_PKISI_delete(sk, i) ((OSSL_CMP_PKISI *)OPENSSL_sk_delete(ossl_check_OSSL_CMP_PKISI_sk_type(sk), (i))) +#define sk_OSSL_CMP_PKISI_delete_ptr(sk, ptr) ((OSSL_CMP_PKISI *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_CMP_PKISI_sk_type(sk), ossl_check_OSSL_CMP_PKISI_type(ptr))) +#define sk_OSSL_CMP_PKISI_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_CMP_PKISI_sk_type(sk), ossl_check_OSSL_CMP_PKISI_type(ptr)) +#define sk_OSSL_CMP_PKISI_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_CMP_PKISI_sk_type(sk), ossl_check_OSSL_CMP_PKISI_type(ptr)) +#define sk_OSSL_CMP_PKISI_pop(sk) ((OSSL_CMP_PKISI *)OPENSSL_sk_pop(ossl_check_OSSL_CMP_PKISI_sk_type(sk))) +#define sk_OSSL_CMP_PKISI_shift(sk) ((OSSL_CMP_PKISI *)OPENSSL_sk_shift(ossl_check_OSSL_CMP_PKISI_sk_type(sk))) +#define sk_OSSL_CMP_PKISI_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_CMP_PKISI_sk_type(sk),ossl_check_OSSL_CMP_PKISI_freefunc_type(freefunc)) +#define sk_OSSL_CMP_PKISI_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_CMP_PKISI_sk_type(sk), ossl_check_OSSL_CMP_PKISI_type(ptr), (idx)) +#define sk_OSSL_CMP_PKISI_set(sk, idx, ptr) ((OSSL_CMP_PKISI *)OPENSSL_sk_set(ossl_check_OSSL_CMP_PKISI_sk_type(sk), (idx), ossl_check_OSSL_CMP_PKISI_type(ptr))) +#define sk_OSSL_CMP_PKISI_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_CMP_PKISI_sk_type(sk), ossl_check_OSSL_CMP_PKISI_type(ptr)) +#define sk_OSSL_CMP_PKISI_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_CMP_PKISI_sk_type(sk), ossl_check_OSSL_CMP_PKISI_type(ptr)) +#define sk_OSSL_CMP_PKISI_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_CMP_PKISI_sk_type(sk), ossl_check_OSSL_CMP_PKISI_type(ptr), pnum) +#define sk_OSSL_CMP_PKISI_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_CMP_PKISI_sk_type(sk)) +#define sk_OSSL_CMP_PKISI_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_CMP_PKISI_sk_type(sk)) +#define sk_OSSL_CMP_PKISI_dup(sk) ((STACK_OF(OSSL_CMP_PKISI) *)OPENSSL_sk_dup(ossl_check_const_OSSL_CMP_PKISI_sk_type(sk))) +#define sk_OSSL_CMP_PKISI_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CMP_PKISI) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CMP_PKISI_sk_type(sk), ossl_check_OSSL_CMP_PKISI_copyfunc_type(copyfunc), ossl_check_OSSL_CMP_PKISI_freefunc_type(freefunc))) +#define sk_OSSL_CMP_PKISI_set_cmp_func(sk, cmp) ((sk_OSSL_CMP_PKISI_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CMP_PKISI_sk_type(sk), ossl_check_OSSL_CMP_PKISI_compfunc_type(cmp))) + +typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE; +SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CMP_CERTREPMESSAGE, OSSL_CMP_CERTREPMESSAGE, OSSL_CMP_CERTREPMESSAGE) +#define sk_OSSL_CMP_CERTREPMESSAGE_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CMP_CERTREPMESSAGE_sk_type(sk)) +#define sk_OSSL_CMP_CERTREPMESSAGE_value(sk, idx) ((OSSL_CMP_CERTREPMESSAGE *)OPENSSL_sk_value(ossl_check_const_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), (idx))) +#define sk_OSSL_CMP_CERTREPMESSAGE_new(cmp) ((STACK_OF(OSSL_CMP_CERTREPMESSAGE) *)OPENSSL_sk_new(ossl_check_OSSL_CMP_CERTREPMESSAGE_compfunc_type(cmp))) +#define sk_OSSL_CMP_CERTREPMESSAGE_new_null() ((STACK_OF(OSSL_CMP_CERTREPMESSAGE) *)OPENSSL_sk_new_null()) +#define sk_OSSL_CMP_CERTREPMESSAGE_new_reserve(cmp, n) ((STACK_OF(OSSL_CMP_CERTREPMESSAGE) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_CMP_CERTREPMESSAGE_compfunc_type(cmp), (n))) +#define sk_OSSL_CMP_CERTREPMESSAGE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), (n)) +#define sk_OSSL_CMP_CERTREPMESSAGE_free(sk) OPENSSL_sk_free(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk)) +#define sk_OSSL_CMP_CERTREPMESSAGE_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk)) +#define sk_OSSL_CMP_CERTREPMESSAGE_delete(sk, i) ((OSSL_CMP_CERTREPMESSAGE *)OPENSSL_sk_delete(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), (i))) +#define sk_OSSL_CMP_CERTREPMESSAGE_delete_ptr(sk, ptr) ((OSSL_CMP_CERTREPMESSAGE *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), ossl_check_OSSL_CMP_CERTREPMESSAGE_type(ptr))) +#define sk_OSSL_CMP_CERTREPMESSAGE_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), ossl_check_OSSL_CMP_CERTREPMESSAGE_type(ptr)) +#define sk_OSSL_CMP_CERTREPMESSAGE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), ossl_check_OSSL_CMP_CERTREPMESSAGE_type(ptr)) +#define sk_OSSL_CMP_CERTREPMESSAGE_pop(sk) ((OSSL_CMP_CERTREPMESSAGE *)OPENSSL_sk_pop(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk))) +#define sk_OSSL_CMP_CERTREPMESSAGE_shift(sk) ((OSSL_CMP_CERTREPMESSAGE *)OPENSSL_sk_shift(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk))) +#define sk_OSSL_CMP_CERTREPMESSAGE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk),ossl_check_OSSL_CMP_CERTREPMESSAGE_freefunc_type(freefunc)) +#define sk_OSSL_CMP_CERTREPMESSAGE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), ossl_check_OSSL_CMP_CERTREPMESSAGE_type(ptr), (idx)) +#define sk_OSSL_CMP_CERTREPMESSAGE_set(sk, idx, ptr) ((OSSL_CMP_CERTREPMESSAGE *)OPENSSL_sk_set(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), (idx), ossl_check_OSSL_CMP_CERTREPMESSAGE_type(ptr))) +#define sk_OSSL_CMP_CERTREPMESSAGE_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), ossl_check_OSSL_CMP_CERTREPMESSAGE_type(ptr)) +#define sk_OSSL_CMP_CERTREPMESSAGE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), ossl_check_OSSL_CMP_CERTREPMESSAGE_type(ptr)) +#define sk_OSSL_CMP_CERTREPMESSAGE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), ossl_check_OSSL_CMP_CERTREPMESSAGE_type(ptr), pnum) +#define sk_OSSL_CMP_CERTREPMESSAGE_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk)) +#define sk_OSSL_CMP_CERTREPMESSAGE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_CMP_CERTREPMESSAGE_sk_type(sk)) +#define sk_OSSL_CMP_CERTREPMESSAGE_dup(sk) ((STACK_OF(OSSL_CMP_CERTREPMESSAGE) *)OPENSSL_sk_dup(ossl_check_const_OSSL_CMP_CERTREPMESSAGE_sk_type(sk))) +#define sk_OSSL_CMP_CERTREPMESSAGE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CMP_CERTREPMESSAGE) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), ossl_check_OSSL_CMP_CERTREPMESSAGE_copyfunc_type(copyfunc), ossl_check_OSSL_CMP_CERTREPMESSAGE_freefunc_type(freefunc))) +#define sk_OSSL_CMP_CERTREPMESSAGE_set_cmp_func(sk, cmp) ((sk_OSSL_CMP_CERTREPMESSAGE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), ossl_check_OSSL_CMP_CERTREPMESSAGE_compfunc_type(cmp))) + +typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP; +typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT; +typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE; +SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CMP_CERTRESPONSE, OSSL_CMP_CERTRESPONSE, OSSL_CMP_CERTRESPONSE) +#define sk_OSSL_CMP_CERTRESPONSE_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CMP_CERTRESPONSE_sk_type(sk)) +#define sk_OSSL_CMP_CERTRESPONSE_value(sk, idx) ((OSSL_CMP_CERTRESPONSE *)OPENSSL_sk_value(ossl_check_const_OSSL_CMP_CERTRESPONSE_sk_type(sk), (idx))) +#define sk_OSSL_CMP_CERTRESPONSE_new(cmp) ((STACK_OF(OSSL_CMP_CERTRESPONSE) *)OPENSSL_sk_new(ossl_check_OSSL_CMP_CERTRESPONSE_compfunc_type(cmp))) +#define sk_OSSL_CMP_CERTRESPONSE_new_null() ((STACK_OF(OSSL_CMP_CERTRESPONSE) *)OPENSSL_sk_new_null()) +#define sk_OSSL_CMP_CERTRESPONSE_new_reserve(cmp, n) ((STACK_OF(OSSL_CMP_CERTRESPONSE) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_CMP_CERTRESPONSE_compfunc_type(cmp), (n))) +#define sk_OSSL_CMP_CERTRESPONSE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), (n)) +#define sk_OSSL_CMP_CERTRESPONSE_free(sk) OPENSSL_sk_free(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk)) +#define sk_OSSL_CMP_CERTRESPONSE_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk)) +#define sk_OSSL_CMP_CERTRESPONSE_delete(sk, i) ((OSSL_CMP_CERTRESPONSE *)OPENSSL_sk_delete(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), (i))) +#define sk_OSSL_CMP_CERTRESPONSE_delete_ptr(sk, ptr) ((OSSL_CMP_CERTRESPONSE *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), ossl_check_OSSL_CMP_CERTRESPONSE_type(ptr))) +#define sk_OSSL_CMP_CERTRESPONSE_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), ossl_check_OSSL_CMP_CERTRESPONSE_type(ptr)) +#define sk_OSSL_CMP_CERTRESPONSE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), ossl_check_OSSL_CMP_CERTRESPONSE_type(ptr)) +#define sk_OSSL_CMP_CERTRESPONSE_pop(sk) ((OSSL_CMP_CERTRESPONSE *)OPENSSL_sk_pop(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk))) +#define sk_OSSL_CMP_CERTRESPONSE_shift(sk) ((OSSL_CMP_CERTRESPONSE *)OPENSSL_sk_shift(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk))) +#define sk_OSSL_CMP_CERTRESPONSE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk),ossl_check_OSSL_CMP_CERTRESPONSE_freefunc_type(freefunc)) +#define sk_OSSL_CMP_CERTRESPONSE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), ossl_check_OSSL_CMP_CERTRESPONSE_type(ptr), (idx)) +#define sk_OSSL_CMP_CERTRESPONSE_set(sk, idx, ptr) ((OSSL_CMP_CERTRESPONSE *)OPENSSL_sk_set(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), (idx), ossl_check_OSSL_CMP_CERTRESPONSE_type(ptr))) +#define sk_OSSL_CMP_CERTRESPONSE_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), ossl_check_OSSL_CMP_CERTRESPONSE_type(ptr)) +#define sk_OSSL_CMP_CERTRESPONSE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), ossl_check_OSSL_CMP_CERTRESPONSE_type(ptr)) +#define sk_OSSL_CMP_CERTRESPONSE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), ossl_check_OSSL_CMP_CERTRESPONSE_type(ptr), pnum) +#define sk_OSSL_CMP_CERTRESPONSE_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk)) +#define sk_OSSL_CMP_CERTRESPONSE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_CMP_CERTRESPONSE_sk_type(sk)) +#define sk_OSSL_CMP_CERTRESPONSE_dup(sk) ((STACK_OF(OSSL_CMP_CERTRESPONSE) *)OPENSSL_sk_dup(ossl_check_const_OSSL_CMP_CERTRESPONSE_sk_type(sk))) +#define sk_OSSL_CMP_CERTRESPONSE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CMP_CERTRESPONSE) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CMP_CERTRESPONSE_sk_type(sk), ossl_check_OSSL_CMP_CERTRESPONSE_copyfunc_type(copyfunc), ossl_check_OSSL_CMP_CERTRESPONSE_freefunc_type(freefunc))) +#define sk_OSSL_CMP_CERTRESPONSE_set_cmp_func(sk, cmp) ((sk_OSSL_CMP_CERTRESPONSE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), ossl_check_OSSL_CMP_CERTRESPONSE_compfunc_type(cmp))) + +typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT; + +/* + * function DECLARATIONS + */ + +/* from cmp_asn.c */ +OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value); +void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, + ASN1_TYPE *value); +ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav); +ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); +int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **sk_p, + OSSL_CMP_ITAV *itav); +void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav); + +OSSL_CMP_ITAV *OSSL_CMP_ITAV_new0_certProfile(STACK_OF(ASN1_UTF8STRING) + *certProfile); +int OSSL_CMP_ITAV_get0_certProfile(const OSSL_CMP_ITAV *itav, + STACK_OF(ASN1_UTF8STRING) **out); +OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts); +int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out); + +OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert); +int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out); +OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew, + const X509 *newWithOld, + const X509 *oldWithNew); +int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav, + X509 **newWithNew, + X509 **newWithOld, + X509 **oldWithNew); + +OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_create(const X509_CRL *crl, + const X509 *cert, int only_DN); +OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_new1(const DIST_POINT_NAME *dpn, + const GENERAL_NAMES *issuer, + const ASN1_TIME *thisUpdate); +int OSSL_CMP_CRLSTATUS_get0(const OSSL_CMP_CRLSTATUS *crlstatus, + DIST_POINT_NAME **dpn, GENERAL_NAMES **issuer, + ASN1_TIME **thisUpdate); +void OSSL_CMP_CRLSTATUS_free(OSSL_CMP_CRLSTATUS *crlstatus); +OSSL_CMP_ITAV +*OSSL_CMP_ITAV_new0_crlStatusList(STACK_OF(OSSL_CMP_CRLSTATUS) *crlStatusList); +int OSSL_CMP_ITAV_get0_crlStatusList(const OSSL_CMP_ITAV *itav, + STACK_OF(OSSL_CMP_CRLSTATUS) **out); +OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_crls(const X509_CRL *crls); +int OSSL_CMP_ITAV_get0_crls(const OSSL_CMP_ITAV *it, STACK_OF(X509_CRL) **out); +OSSL_CMP_ITAV +*OSSL_CMP_ITAV_new0_certReqTemplate(OSSL_CRMF_CERTTEMPLATE *certTemplate, + OSSL_CMP_ATAVS *keySpec); +int OSSL_CMP_ITAV_get1_certReqTemplate(const OSSL_CMP_ITAV *itav, + OSSL_CRMF_CERTTEMPLATE **certTemplate, + OSSL_CMP_ATAVS **keySpec); + +OSSL_CMP_ATAV *OSSL_CMP_ATAV_create(ASN1_OBJECT *type, ASN1_TYPE *value); +void OSSL_CMP_ATAV_set0(OSSL_CMP_ATAV *itav, ASN1_OBJECT *type, + ASN1_TYPE *value); +ASN1_OBJECT *OSSL_CMP_ATAV_get0_type(const OSSL_CMP_ATAV *itav); +ASN1_TYPE *OSSL_CMP_ATAV_get0_value(const OSSL_CMP_ATAV *itav); +OSSL_CMP_ATAV *OSSL_CMP_ATAV_new_algId(const X509_ALGOR *alg); +X509_ALGOR *OSSL_CMP_ATAV_get0_algId(const OSSL_CMP_ATAV *atav); +OSSL_CMP_ATAV *OSSL_CMP_ATAV_new_rsaKeyLen(int len); +int OSSL_CMP_ATAV_get_rsaKeyLen(const OSSL_CMP_ATAV *atav); +int OSSL_CMP_ATAV_push1(OSSL_CMP_ATAVS **sk_p, const OSSL_CMP_ATAV *atav); + +void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); + +/* from cmp_ctx.c */ +OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq); +void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx); +int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx); +OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx); +const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx); +/* CMP general options: */ +# define OSSL_CMP_OPT_LOG_VERBOSITY 0 +/* CMP transfer options: */ +# define OSSL_CMP_OPT_KEEP_ALIVE 10 +# define OSSL_CMP_OPT_MSG_TIMEOUT 11 +# define OSSL_CMP_OPT_TOTAL_TIMEOUT 12 +# define OSSL_CMP_OPT_USE_TLS 13 +/* CMP request options: */ +# define OSSL_CMP_OPT_VALIDITY_DAYS 20 +# define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21 +# define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 22 +# define OSSL_CMP_OPT_POLICIES_CRITICAL 23 +# define OSSL_CMP_OPT_POPO_METHOD 24 +# define OSSL_CMP_OPT_IMPLICIT_CONFIRM 25 +# define OSSL_CMP_OPT_DISABLE_CONFIRM 26 +# define OSSL_CMP_OPT_REVOCATION_REASON 27 +/* CMP protection options: */ +# define OSSL_CMP_OPT_UNPROTECTED_SEND 30 +# define OSSL_CMP_OPT_UNPROTECTED_ERRORS 31 +# define OSSL_CMP_OPT_OWF_ALGNID 32 +# define OSSL_CMP_OPT_MAC_ALGNID 33 +# define OSSL_CMP_OPT_DIGEST_ALGNID 34 +# define OSSL_CMP_OPT_IGNORE_KEYUSAGE 35 +# define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 36 +# define OSSL_CMP_OPT_NO_CACHE_EXTRACERTS 37 +int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val); +int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt); +/* CMP-specific callback for logging and outputting the error queue: */ +int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb); +# define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \ + OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_LOG_VERBOSITY, level) +void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX *ctx); +/* message transfer: */ +int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path); +int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address); +int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port); +int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name); +int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names); +# ifndef OPENSSL_NO_HTTP +int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb); +int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg); +void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx); +# endif +typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx, + const OSSL_CMP_MSG *req); +int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb); +int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg); +void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx); +/* server authentication: */ +int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert); +int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name); +int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store); +# define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore +X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx); +# define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore +int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs); +STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx); +/* client authentication: */ +int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert); +int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted, + STACK_OF(X509) *candidates); +int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey); +int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, + const unsigned char *ref, int len); +int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, + const unsigned char *sec, int len); +/* CMP message header and extra certificates: */ +int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name); +int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); +int OSSL_CMP_CTX_reset_geninfo_ITAVs(OSSL_CMP_CTX *ctx); +STACK_OF(OSSL_CMP_ITAV) + *OSSL_CMP_CTX_get0_geninfo_ITAVs(const OSSL_CMP_CTX *ctx); +int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, + STACK_OF(X509) *extraCertsOut); +/* certificate template: */ +int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey); +EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv); +int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name); +int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn); +int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name); +int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, + const GENERAL_NAME *name); +int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts); +int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx); +int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo); +int OSSL_CMP_CTX_set1_oldCert(OSSL_CMP_CTX *ctx, X509 *cert); +int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX *ctx, const X509_REQ *csr); +/* misc body contents: */ +int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); +/* certificate confirmation: */ +typedef int (*OSSL_CMP_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert, + int fail_info, const char **txt); +int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, + const char **text); +int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_certConf_cb_t cb); +int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg); +void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx); +/* result fetching: */ +int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx); +OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx); +int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx); +# define OSSL_CMP_PKISI_BUFLEN 1024 +X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx); +X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx); +STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx); +STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx); +STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx); +int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx, + const ASN1_OCTET_STRING *id); +int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx, + const ASN1_OCTET_STRING *nonce); + +/* from cmp_status.c */ +char *OSSL_CMP_CTX_snprint_PKIStatus(const OSSL_CMP_CTX *ctx, char *buf, + size_t bufsize); +char *OSSL_CMP_snprint_PKIStatusInfo(const OSSL_CMP_PKISI *statusInfo, + char *buf, size_t bufsize); +OSSL_CMP_PKISI * +OSSL_CMP_STATUSINFO_new(int status, int fail_info, const char *text); + +/* from cmp_hdr.c */ +ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const + OSSL_CMP_PKIHEADER *hdr); +ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr); +STACK_OF(OSSL_CMP_ITAV) + *OSSL_CMP_HDR_get0_geninfo_ITAVs(const OSSL_CMP_PKIHEADER *hdr); + +/* from cmp_msg.c */ +OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); +int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg); +X509_PUBKEY *OSSL_CMP_MSG_get0_certreq_publickey(const OSSL_CMP_MSG *msg); +int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); +int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); +OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); +OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, + const char *propq); +int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg); +OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg); +int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); + +/* from cmp_vfy.c */ +int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg); +int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx, + X509_STORE *trusted_store, X509 *cert); + +/* from cmp_http.c */ +# ifndef OPENSSL_NO_HTTP +OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, + const OSSL_CMP_MSG *req); +# endif + +/* from cmp_server.c */ +typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX; +OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, + const OSSL_CMP_MSG *req); +OSSL_CMP_MSG * OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx, + const OSSL_CMP_MSG *req); +OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OSSL_LIB_CTX *libctx, const char *propq); +void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx); +typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t) + (OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req, int certReqId, + const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr, + X509 **certOut, STACK_OF(X509) **chainOut, STACK_OF(X509) **caPubs); +typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_rr_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, + const OSSL_CMP_MSG *req, + const X509_NAME *issuer, + const ASN1_INTEGER *serial); +typedef int (*OSSL_CMP_SRV_genm_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, + const OSSL_CMP_MSG *req, + const STACK_OF(OSSL_CMP_ITAV) *in, + STACK_OF(OSSL_CMP_ITAV) **out); +typedef void (*OSSL_CMP_SRV_error_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, + const OSSL_CMP_MSG *req, + const OSSL_CMP_PKISI *statusInfo, + const ASN1_INTEGER *errorCode, + const OSSL_CMP_PKIFREETEXT *errDetails); +typedef int (*OSSL_CMP_SRV_certConf_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, + const OSSL_CMP_MSG *req, + int certReqId, + const ASN1_OCTET_STRING *certHash, + const OSSL_CMP_PKISI *si); +typedef int (*OSSL_CMP_SRV_pollReq_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, + const OSSL_CMP_MSG *req, int certReqId, + OSSL_CMP_MSG **certReq, + int64_t *check_after); +int OSSL_CMP_SRV_CTX_init(OSSL_CMP_SRV_CTX *srv_ctx, void *custom_ctx, + OSSL_CMP_SRV_cert_request_cb_t process_cert_request, + OSSL_CMP_SRV_rr_cb_t process_rr, + OSSL_CMP_SRV_genm_cb_t process_genm, + OSSL_CMP_SRV_error_cb_t process_error, + OSSL_CMP_SRV_certConf_cb_t process_certConf, + OSSL_CMP_SRV_pollReq_cb_t process_pollReq); +typedef int (*OSSL_CMP_SRV_delayed_delivery_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, + const OSSL_CMP_MSG *req); +typedef int (*OSSL_CMP_SRV_clean_transaction_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, + const ASN1_OCTET_STRING *id); +int OSSL_CMP_SRV_CTX_init_trans(OSSL_CMP_SRV_CTX *srv_ctx, + OSSL_CMP_SRV_delayed_delivery_cb_t delay, + OSSL_CMP_SRV_clean_transaction_cb_t clean); +OSSL_CMP_CTX *OSSL_CMP_SRV_CTX_get0_cmp_ctx(const OSSL_CMP_SRV_CTX *srv_ctx); +void *OSSL_CMP_SRV_CTX_get0_custom_ctx(const OSSL_CMP_SRV_CTX *srv_ctx); +int OSSL_CMP_SRV_CTX_set_send_unprotected_errors(OSSL_CMP_SRV_CTX *srv_ctx, + int val); +int OSSL_CMP_SRV_CTX_set_accept_unprotected(OSSL_CMP_SRV_CTX *srv_ctx, int val); +int OSSL_CMP_SRV_CTX_set_accept_raverified(OSSL_CMP_SRV_CTX *srv_ctx, int val); +int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx, + int val); + +/* from cmp_client.c */ +X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type, + const OSSL_CRMF_MSG *crm); +# define OSSL_CMP_IR 0 +# define OSSL_CMP_CR 2 +# define OSSL_CMP_P10CR 4 +# define OSSL_CMP_KUR 7 +# define OSSL_CMP_GENM 21 +# define OSSL_CMP_ERROR 23 +# define OSSL_CMP_exec_IR_ses(ctx) \ + OSSL_CMP_exec_certreq(ctx, OSSL_CMP_IR, NULL) +# define OSSL_CMP_exec_CR_ses(ctx) \ + OSSL_CMP_exec_certreq(ctx, OSSL_CMP_CR, NULL) +# define OSSL_CMP_exec_P10CR_ses(ctx) \ + OSSL_CMP_exec_certreq(ctx, OSSL_CMP_P10CR, NULL) +# define OSSL_CMP_exec_KUR_ses(ctx) \ + OSSL_CMP_exec_certreq(ctx, OSSL_CMP_KUR, NULL) +int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, + const OSSL_CRMF_MSG *crm, int *checkAfter); +int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx); +STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx); + +/* from cmp_genm.c */ +int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out); +int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx, + const X509 *oldWithOld, X509 **newWithNew, + X509 **newWithOld, X509 **oldWithNew); +int OSSL_CMP_get1_crlUpdate(OSSL_CMP_CTX *ctx, const X509 *crlcert, + const X509_CRL *last_crl, + X509_CRL **crl); +int OSSL_CMP_get1_certReqTemplate(OSSL_CMP_CTX *ctx, + OSSL_CRMF_CERTTEMPLATE **certTemplate, + OSSL_CMP_ATAVS **keySpec); + +# ifdef __cplusplus +} +# endif +# endif /* !defined(OPENSSL_NO_CMP) */ +#endif /* !defined(OPENSSL_CMP_H) */ diff --git a/contrib/openssl-cmake/common/include/openssl/cms.h b/contrib/openssl-cmake/common/include/openssl/cms.h new file mode 100644 index 000000000000..63afab563557 --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/cms.h @@ -0,0 +1,511 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/cms.h.in + * + * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + + +#ifndef OPENSSL_CMS_H +# define OPENSSL_CMS_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CMS_H +# endif + +# include + +# ifndef OPENSSL_NO_CMS +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; +typedef struct CMS_ContentInfo_st CMS_ContentInfo; +typedef struct CMS_SignerInfo_st CMS_SignerInfo; +typedef struct CMS_SignedData_st CMS_SignedData; +typedef struct CMS_CertificateChoices CMS_CertificateChoices; +typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice; +typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; +typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest; +typedef struct CMS_Receipt_st CMS_Receipt; +typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; +typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; + +SKM_DEFINE_STACK_OF_INTERNAL(CMS_SignerInfo, CMS_SignerInfo, CMS_SignerInfo) +#define sk_CMS_SignerInfo_num(sk) OPENSSL_sk_num(ossl_check_const_CMS_SignerInfo_sk_type(sk)) +#define sk_CMS_SignerInfo_value(sk, idx) ((CMS_SignerInfo *)OPENSSL_sk_value(ossl_check_const_CMS_SignerInfo_sk_type(sk), (idx))) +#define sk_CMS_SignerInfo_new(cmp) ((STACK_OF(CMS_SignerInfo) *)OPENSSL_sk_new(ossl_check_CMS_SignerInfo_compfunc_type(cmp))) +#define sk_CMS_SignerInfo_new_null() ((STACK_OF(CMS_SignerInfo) *)OPENSSL_sk_new_null()) +#define sk_CMS_SignerInfo_new_reserve(cmp, n) ((STACK_OF(CMS_SignerInfo) *)OPENSSL_sk_new_reserve(ossl_check_CMS_SignerInfo_compfunc_type(cmp), (n))) +#define sk_CMS_SignerInfo_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_CMS_SignerInfo_sk_type(sk), (n)) +#define sk_CMS_SignerInfo_free(sk) OPENSSL_sk_free(ossl_check_CMS_SignerInfo_sk_type(sk)) +#define sk_CMS_SignerInfo_zero(sk) OPENSSL_sk_zero(ossl_check_CMS_SignerInfo_sk_type(sk)) +#define sk_CMS_SignerInfo_delete(sk, i) ((CMS_SignerInfo *)OPENSSL_sk_delete(ossl_check_CMS_SignerInfo_sk_type(sk), (i))) +#define sk_CMS_SignerInfo_delete_ptr(sk, ptr) ((CMS_SignerInfo *)OPENSSL_sk_delete_ptr(ossl_check_CMS_SignerInfo_sk_type(sk), ossl_check_CMS_SignerInfo_type(ptr))) +#define sk_CMS_SignerInfo_push(sk, ptr) OPENSSL_sk_push(ossl_check_CMS_SignerInfo_sk_type(sk), ossl_check_CMS_SignerInfo_type(ptr)) +#define sk_CMS_SignerInfo_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_CMS_SignerInfo_sk_type(sk), ossl_check_CMS_SignerInfo_type(ptr)) +#define sk_CMS_SignerInfo_pop(sk) ((CMS_SignerInfo *)OPENSSL_sk_pop(ossl_check_CMS_SignerInfo_sk_type(sk))) +#define sk_CMS_SignerInfo_shift(sk) ((CMS_SignerInfo *)OPENSSL_sk_shift(ossl_check_CMS_SignerInfo_sk_type(sk))) +#define sk_CMS_SignerInfo_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_CMS_SignerInfo_sk_type(sk),ossl_check_CMS_SignerInfo_freefunc_type(freefunc)) +#define sk_CMS_SignerInfo_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_CMS_SignerInfo_sk_type(sk), ossl_check_CMS_SignerInfo_type(ptr), (idx)) +#define sk_CMS_SignerInfo_set(sk, idx, ptr) ((CMS_SignerInfo *)OPENSSL_sk_set(ossl_check_CMS_SignerInfo_sk_type(sk), (idx), ossl_check_CMS_SignerInfo_type(ptr))) +#define sk_CMS_SignerInfo_find(sk, ptr) OPENSSL_sk_find(ossl_check_CMS_SignerInfo_sk_type(sk), ossl_check_CMS_SignerInfo_type(ptr)) +#define sk_CMS_SignerInfo_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_CMS_SignerInfo_sk_type(sk), ossl_check_CMS_SignerInfo_type(ptr)) +#define sk_CMS_SignerInfo_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_CMS_SignerInfo_sk_type(sk), ossl_check_CMS_SignerInfo_type(ptr), pnum) +#define sk_CMS_SignerInfo_sort(sk) OPENSSL_sk_sort(ossl_check_CMS_SignerInfo_sk_type(sk)) +#define sk_CMS_SignerInfo_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_CMS_SignerInfo_sk_type(sk)) +#define sk_CMS_SignerInfo_dup(sk) ((STACK_OF(CMS_SignerInfo) *)OPENSSL_sk_dup(ossl_check_const_CMS_SignerInfo_sk_type(sk))) +#define sk_CMS_SignerInfo_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(CMS_SignerInfo) *)OPENSSL_sk_deep_copy(ossl_check_const_CMS_SignerInfo_sk_type(sk), ossl_check_CMS_SignerInfo_copyfunc_type(copyfunc), ossl_check_CMS_SignerInfo_freefunc_type(freefunc))) +#define sk_CMS_SignerInfo_set_cmp_func(sk, cmp) ((sk_CMS_SignerInfo_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_SignerInfo_sk_type(sk), ossl_check_CMS_SignerInfo_compfunc_type(cmp))) +SKM_DEFINE_STACK_OF_INTERNAL(CMS_RecipientEncryptedKey, CMS_RecipientEncryptedKey, CMS_RecipientEncryptedKey) +#define sk_CMS_RecipientEncryptedKey_num(sk) OPENSSL_sk_num(ossl_check_const_CMS_RecipientEncryptedKey_sk_type(sk)) +#define sk_CMS_RecipientEncryptedKey_value(sk, idx) ((CMS_RecipientEncryptedKey *)OPENSSL_sk_value(ossl_check_const_CMS_RecipientEncryptedKey_sk_type(sk), (idx))) +#define sk_CMS_RecipientEncryptedKey_new(cmp) ((STACK_OF(CMS_RecipientEncryptedKey) *)OPENSSL_sk_new(ossl_check_CMS_RecipientEncryptedKey_compfunc_type(cmp))) +#define sk_CMS_RecipientEncryptedKey_new_null() ((STACK_OF(CMS_RecipientEncryptedKey) *)OPENSSL_sk_new_null()) +#define sk_CMS_RecipientEncryptedKey_new_reserve(cmp, n) ((STACK_OF(CMS_RecipientEncryptedKey) *)OPENSSL_sk_new_reserve(ossl_check_CMS_RecipientEncryptedKey_compfunc_type(cmp), (n))) +#define sk_CMS_RecipientEncryptedKey_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), (n)) +#define sk_CMS_RecipientEncryptedKey_free(sk) OPENSSL_sk_free(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk)) +#define sk_CMS_RecipientEncryptedKey_zero(sk) OPENSSL_sk_zero(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk)) +#define sk_CMS_RecipientEncryptedKey_delete(sk, i) ((CMS_RecipientEncryptedKey *)OPENSSL_sk_delete(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), (i))) +#define sk_CMS_RecipientEncryptedKey_delete_ptr(sk, ptr) ((CMS_RecipientEncryptedKey *)OPENSSL_sk_delete_ptr(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), ossl_check_CMS_RecipientEncryptedKey_type(ptr))) +#define sk_CMS_RecipientEncryptedKey_push(sk, ptr) OPENSSL_sk_push(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), ossl_check_CMS_RecipientEncryptedKey_type(ptr)) +#define sk_CMS_RecipientEncryptedKey_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), ossl_check_CMS_RecipientEncryptedKey_type(ptr)) +#define sk_CMS_RecipientEncryptedKey_pop(sk) ((CMS_RecipientEncryptedKey *)OPENSSL_sk_pop(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk))) +#define sk_CMS_RecipientEncryptedKey_shift(sk) ((CMS_RecipientEncryptedKey *)OPENSSL_sk_shift(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk))) +#define sk_CMS_RecipientEncryptedKey_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk),ossl_check_CMS_RecipientEncryptedKey_freefunc_type(freefunc)) +#define sk_CMS_RecipientEncryptedKey_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), ossl_check_CMS_RecipientEncryptedKey_type(ptr), (idx)) +#define sk_CMS_RecipientEncryptedKey_set(sk, idx, ptr) ((CMS_RecipientEncryptedKey *)OPENSSL_sk_set(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), (idx), ossl_check_CMS_RecipientEncryptedKey_type(ptr))) +#define sk_CMS_RecipientEncryptedKey_find(sk, ptr) OPENSSL_sk_find(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), ossl_check_CMS_RecipientEncryptedKey_type(ptr)) +#define sk_CMS_RecipientEncryptedKey_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), ossl_check_CMS_RecipientEncryptedKey_type(ptr)) +#define sk_CMS_RecipientEncryptedKey_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), ossl_check_CMS_RecipientEncryptedKey_type(ptr), pnum) +#define sk_CMS_RecipientEncryptedKey_sort(sk) OPENSSL_sk_sort(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk)) +#define sk_CMS_RecipientEncryptedKey_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_CMS_RecipientEncryptedKey_sk_type(sk)) +#define sk_CMS_RecipientEncryptedKey_dup(sk) ((STACK_OF(CMS_RecipientEncryptedKey) *)OPENSSL_sk_dup(ossl_check_const_CMS_RecipientEncryptedKey_sk_type(sk))) +#define sk_CMS_RecipientEncryptedKey_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(CMS_RecipientEncryptedKey) *)OPENSSL_sk_deep_copy(ossl_check_const_CMS_RecipientEncryptedKey_sk_type(sk), ossl_check_CMS_RecipientEncryptedKey_copyfunc_type(copyfunc), ossl_check_CMS_RecipientEncryptedKey_freefunc_type(freefunc))) +#define sk_CMS_RecipientEncryptedKey_set_cmp_func(sk, cmp) ((sk_CMS_RecipientEncryptedKey_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RecipientEncryptedKey_sk_type(sk), ossl_check_CMS_RecipientEncryptedKey_compfunc_type(cmp))) +SKM_DEFINE_STACK_OF_INTERNAL(CMS_RecipientInfo, CMS_RecipientInfo, CMS_RecipientInfo) +#define sk_CMS_RecipientInfo_num(sk) OPENSSL_sk_num(ossl_check_const_CMS_RecipientInfo_sk_type(sk)) +#define sk_CMS_RecipientInfo_value(sk, idx) ((CMS_RecipientInfo *)OPENSSL_sk_value(ossl_check_const_CMS_RecipientInfo_sk_type(sk), (idx))) +#define sk_CMS_RecipientInfo_new(cmp) ((STACK_OF(CMS_RecipientInfo) *)OPENSSL_sk_new(ossl_check_CMS_RecipientInfo_compfunc_type(cmp))) +#define sk_CMS_RecipientInfo_new_null() ((STACK_OF(CMS_RecipientInfo) *)OPENSSL_sk_new_null()) +#define sk_CMS_RecipientInfo_new_reserve(cmp, n) ((STACK_OF(CMS_RecipientInfo) *)OPENSSL_sk_new_reserve(ossl_check_CMS_RecipientInfo_compfunc_type(cmp), (n))) +#define sk_CMS_RecipientInfo_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_CMS_RecipientInfo_sk_type(sk), (n)) +#define sk_CMS_RecipientInfo_free(sk) OPENSSL_sk_free(ossl_check_CMS_RecipientInfo_sk_type(sk)) +#define sk_CMS_RecipientInfo_zero(sk) OPENSSL_sk_zero(ossl_check_CMS_RecipientInfo_sk_type(sk)) +#define sk_CMS_RecipientInfo_delete(sk, i) ((CMS_RecipientInfo *)OPENSSL_sk_delete(ossl_check_CMS_RecipientInfo_sk_type(sk), (i))) +#define sk_CMS_RecipientInfo_delete_ptr(sk, ptr) ((CMS_RecipientInfo *)OPENSSL_sk_delete_ptr(ossl_check_CMS_RecipientInfo_sk_type(sk), ossl_check_CMS_RecipientInfo_type(ptr))) +#define sk_CMS_RecipientInfo_push(sk, ptr) OPENSSL_sk_push(ossl_check_CMS_RecipientInfo_sk_type(sk), ossl_check_CMS_RecipientInfo_type(ptr)) +#define sk_CMS_RecipientInfo_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_CMS_RecipientInfo_sk_type(sk), ossl_check_CMS_RecipientInfo_type(ptr)) +#define sk_CMS_RecipientInfo_pop(sk) ((CMS_RecipientInfo *)OPENSSL_sk_pop(ossl_check_CMS_RecipientInfo_sk_type(sk))) +#define sk_CMS_RecipientInfo_shift(sk) ((CMS_RecipientInfo *)OPENSSL_sk_shift(ossl_check_CMS_RecipientInfo_sk_type(sk))) +#define sk_CMS_RecipientInfo_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_CMS_RecipientInfo_sk_type(sk),ossl_check_CMS_RecipientInfo_freefunc_type(freefunc)) +#define sk_CMS_RecipientInfo_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_CMS_RecipientInfo_sk_type(sk), ossl_check_CMS_RecipientInfo_type(ptr), (idx)) +#define sk_CMS_RecipientInfo_set(sk, idx, ptr) ((CMS_RecipientInfo *)OPENSSL_sk_set(ossl_check_CMS_RecipientInfo_sk_type(sk), (idx), ossl_check_CMS_RecipientInfo_type(ptr))) +#define sk_CMS_RecipientInfo_find(sk, ptr) OPENSSL_sk_find(ossl_check_CMS_RecipientInfo_sk_type(sk), ossl_check_CMS_RecipientInfo_type(ptr)) +#define sk_CMS_RecipientInfo_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_CMS_RecipientInfo_sk_type(sk), ossl_check_CMS_RecipientInfo_type(ptr)) +#define sk_CMS_RecipientInfo_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_CMS_RecipientInfo_sk_type(sk), ossl_check_CMS_RecipientInfo_type(ptr), pnum) +#define sk_CMS_RecipientInfo_sort(sk) OPENSSL_sk_sort(ossl_check_CMS_RecipientInfo_sk_type(sk)) +#define sk_CMS_RecipientInfo_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_CMS_RecipientInfo_sk_type(sk)) +#define sk_CMS_RecipientInfo_dup(sk) ((STACK_OF(CMS_RecipientInfo) *)OPENSSL_sk_dup(ossl_check_const_CMS_RecipientInfo_sk_type(sk))) +#define sk_CMS_RecipientInfo_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(CMS_RecipientInfo) *)OPENSSL_sk_deep_copy(ossl_check_const_CMS_RecipientInfo_sk_type(sk), ossl_check_CMS_RecipientInfo_copyfunc_type(copyfunc), ossl_check_CMS_RecipientInfo_freefunc_type(freefunc))) +#define sk_CMS_RecipientInfo_set_cmp_func(sk, cmp) ((sk_CMS_RecipientInfo_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RecipientInfo_sk_type(sk), ossl_check_CMS_RecipientInfo_compfunc_type(cmp))) +SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice, CMS_RevocationInfoChoice) +#define sk_CMS_RevocationInfoChoice_num(sk) OPENSSL_sk_num(ossl_check_const_CMS_RevocationInfoChoice_sk_type(sk)) +#define sk_CMS_RevocationInfoChoice_value(sk, idx) ((CMS_RevocationInfoChoice *)OPENSSL_sk_value(ossl_check_const_CMS_RevocationInfoChoice_sk_type(sk), (idx))) +#define sk_CMS_RevocationInfoChoice_new(cmp) ((STACK_OF(CMS_RevocationInfoChoice) *)OPENSSL_sk_new(ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp))) +#define sk_CMS_RevocationInfoChoice_new_null() ((STACK_OF(CMS_RevocationInfoChoice) *)OPENSSL_sk_new_null()) +#define sk_CMS_RevocationInfoChoice_new_reserve(cmp, n) ((STACK_OF(CMS_RevocationInfoChoice) *)OPENSSL_sk_new_reserve(ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp), (n))) +#define sk_CMS_RevocationInfoChoice_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), (n)) +#define sk_CMS_RevocationInfoChoice_free(sk) OPENSSL_sk_free(ossl_check_CMS_RevocationInfoChoice_sk_type(sk)) +#define sk_CMS_RevocationInfoChoice_zero(sk) OPENSSL_sk_zero(ossl_check_CMS_RevocationInfoChoice_sk_type(sk)) +#define sk_CMS_RevocationInfoChoice_delete(sk, i) ((CMS_RevocationInfoChoice *)OPENSSL_sk_delete(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), (i))) +#define sk_CMS_RevocationInfoChoice_delete_ptr(sk, ptr) ((CMS_RevocationInfoChoice *)OPENSSL_sk_delete_ptr(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_type(ptr))) +#define sk_CMS_RevocationInfoChoice_push(sk, ptr) OPENSSL_sk_push(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_type(ptr)) +#define sk_CMS_RevocationInfoChoice_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_type(ptr)) +#define sk_CMS_RevocationInfoChoice_pop(sk) ((CMS_RevocationInfoChoice *)OPENSSL_sk_pop(ossl_check_CMS_RevocationInfoChoice_sk_type(sk))) +#define sk_CMS_RevocationInfoChoice_shift(sk) ((CMS_RevocationInfoChoice *)OPENSSL_sk_shift(ossl_check_CMS_RevocationInfoChoice_sk_type(sk))) +#define sk_CMS_RevocationInfoChoice_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_CMS_RevocationInfoChoice_sk_type(sk),ossl_check_CMS_RevocationInfoChoice_freefunc_type(freefunc)) +#define sk_CMS_RevocationInfoChoice_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_type(ptr), (idx)) +#define sk_CMS_RevocationInfoChoice_set(sk, idx, ptr) ((CMS_RevocationInfoChoice *)OPENSSL_sk_set(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), (idx), ossl_check_CMS_RevocationInfoChoice_type(ptr))) +#define sk_CMS_RevocationInfoChoice_find(sk, ptr) OPENSSL_sk_find(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_type(ptr)) +#define sk_CMS_RevocationInfoChoice_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_type(ptr)) +#define sk_CMS_RevocationInfoChoice_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_type(ptr), pnum) +#define sk_CMS_RevocationInfoChoice_sort(sk) OPENSSL_sk_sort(ossl_check_CMS_RevocationInfoChoice_sk_type(sk)) +#define sk_CMS_RevocationInfoChoice_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_CMS_RevocationInfoChoice_sk_type(sk)) +#define sk_CMS_RevocationInfoChoice_dup(sk) ((STACK_OF(CMS_RevocationInfoChoice) *)OPENSSL_sk_dup(ossl_check_const_CMS_RevocationInfoChoice_sk_type(sk))) +#define sk_CMS_RevocationInfoChoice_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(CMS_RevocationInfoChoice) *)OPENSSL_sk_deep_copy(ossl_check_const_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_copyfunc_type(copyfunc), ossl_check_CMS_RevocationInfoChoice_freefunc_type(freefunc))) +#define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp))) + + +DECLARE_ASN1_ITEM(CMS_EnvelopedData) +DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData) +DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) +DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) +DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) + +DECLARE_ASN1_DUP_FUNCTION(CMS_EnvelopedData) + +CMS_ContentInfo *CMS_ContentInfo_new_ex(OSSL_LIB_CTX *libctx, const char *propq); + +# define CMS_SIGNERINFO_ISSUER_SERIAL 0 +# define CMS_SIGNERINFO_KEYIDENTIFIER 1 + +# define CMS_RECIPINFO_NONE -1 +# define CMS_RECIPINFO_TRANS 0 +# define CMS_RECIPINFO_AGREE 1 +# define CMS_RECIPINFO_KEK 2 +# define CMS_RECIPINFO_PASS 3 +# define CMS_RECIPINFO_OTHER 4 + +/* S/MIME related flags */ + +# define CMS_TEXT 0x1 +# define CMS_NOCERTS 0x2 +# define CMS_NO_CONTENT_VERIFY 0x4 +# define CMS_NO_ATTR_VERIFY 0x8 +# define CMS_NOSIGS \ + (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY) +# define CMS_NOINTERN 0x10 +# define CMS_NO_SIGNER_CERT_VERIFY 0x20 +# define CMS_NOVERIFY 0x20 +# define CMS_DETACHED 0x40 +# define CMS_BINARY 0x80 +# define CMS_NOATTR 0x100 +# define CMS_NOSMIMECAP 0x200 +# define CMS_NOOLDMIMETYPE 0x400 +# define CMS_CRLFEOL 0x800 +# define CMS_STREAM 0x1000 +# define CMS_NOCRL 0x2000 +# define CMS_PARTIAL 0x4000 +# define CMS_REUSE_DIGEST 0x8000 +# define CMS_USE_KEYID 0x10000 +# define CMS_DEBUG_DECRYPT 0x20000 +# define CMS_KEY_PARAM 0x40000 +# define CMS_ASCIICRLF 0x80000 +# define CMS_CADES 0x100000 +# define CMS_USE_ORIGINATOR_KEYID 0x200000 +# define CMS_NO_SIGNING_TIME 0x400000 + +const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms); + +BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont); +int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio); + +ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); +int CMS_is_detached(CMS_ContentInfo *cms); +int CMS_set_detached(CMS_ContentInfo *cms, int detached); + +# ifdef OPENSSL_PEM_H +DECLARE_PEM_rw(CMS, CMS_ContentInfo) +# endif +int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms); +CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); +int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); + +BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); +int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); +int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, + int flags); +CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); +CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, int flags, BIO **bcont, CMS_ContentInfo **ci); +int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); + +int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, + unsigned int flags); +int CMS_final_digest(CMS_ContentInfo *cms, + const unsigned char *md, unsigned int mdlen, BIO *dcont, + unsigned int flags); + +CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, BIO *data, + unsigned int flags); +CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, BIO *data, + unsigned int flags, OSSL_LIB_CTX *libctx, + const char *propq); + +CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, + X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, unsigned int flags); + +int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); +CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); +CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags, + OSSL_LIB_CTX *libctx, const char *propq); + +int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, + unsigned int flags); +CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md, + unsigned int flags, OSSL_LIB_CTX *libctx, + const char *propq); + +int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, + const unsigned char *key, size_t keylen, + BIO *dcont, BIO *out, unsigned int flags); +CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, + const unsigned char *key, + size_t keylen, unsigned int flags); +CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher, + const unsigned char *key, + size_t keylen, unsigned int flags, + OSSL_LIB_CTX *libctx, + const char *propq); + +int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, + const unsigned char *key, size_t keylen); + +int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); + +int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, + STACK_OF(X509) *certs, + X509_STORE *store, unsigned int flags); + +STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); + +CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, + const EVP_CIPHER *cipher, unsigned int flags); +CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in, + const EVP_CIPHER *cipher, unsigned int flags, + OSSL_LIB_CTX *libctx, const char *propq); + +int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, + BIO *dcont, BIO *out, unsigned int flags); + +int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); +int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk, + X509 *cert, X509 *peer); +int CMS_decrypt_set1_key(CMS_ContentInfo *cms, + unsigned char *key, size_t keylen, + const unsigned char *id, size_t idlen); +int CMS_decrypt_set1_password(CMS_ContentInfo *cms, + unsigned char *pass, ossl_ssize_t passlen); + +STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); +int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); +EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri); +CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher); +CMS_ContentInfo * +CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx, + const char *propq); +CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); +CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher, + OSSL_LIB_CTX *libctx, + const char *propq); +BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data, + EVP_PKEY *pkey, X509 *cert, + ASN1_OCTET_STRING *secret, unsigned int flags, + OSSL_LIB_CTX *libctx, const char *propq); + +CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, + X509 *recip, unsigned int flags); +CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip, + EVP_PKEY *originatorPrivKey, X509 * originator, unsigned int flags); +int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); +int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); +int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, + EVP_PKEY **pk, X509 **recip, + X509_ALGOR **palg); +int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); + +CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen, + ASN1_GENERALIZEDTIME *date, + ASN1_OBJECT *otherTypeId, + ASN1_TYPE *otherType); + +int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pid, + ASN1_GENERALIZEDTIME **pdate, + ASN1_OBJECT **potherid, + ASN1_TYPE **pothertype); + +int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, + unsigned char *key, size_t keylen); + +int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, + const unsigned char *id, size_t idlen); + +int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, + unsigned char *pass, + ossl_ssize_t passlen); + +CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, + int iter, int wrap_nid, + int pbe_nid, + unsigned char *pass, + ossl_ssize_t passlen, + const EVP_CIPHER *kekciph); + +int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +int CMS_RecipientInfo_encrypt(const CMS_ContentInfo *cms, CMS_RecipientInfo *ri); + +int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); + +int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); +const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); + +CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms); +int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); +int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); +STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); + +CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms); +int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); +STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); + +int CMS_SignedData_init(CMS_ContentInfo *cms); +CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, + X509 *signer, EVP_PKEY *pk, const EVP_MD *md, + unsigned int flags); +EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si); +EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si); +STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); + +void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); +int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); +int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + unsigned int flags); +void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, + X509 **signer, X509_ALGOR **pdig, + X509_ALGOR **psig); +ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); +int CMS_SignerInfo_sign(CMS_SignerInfo *si); +int CMS_SignerInfo_verify(CMS_SignerInfo *si); +int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); +BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data, + STACK_OF(X509) *scerts, X509_STORE *store, + STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls, + unsigned int flags, + OSSL_LIB_CTX *libctx, const char *propq); + +int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); +int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, + int algnid, int keysize); +int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); + +int CMS_signed_get_attr_count(const CMS_SignerInfo *si); +int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_signed_get0_data_by_OBJ(const CMS_SignerInfo *si, + const ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); +int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int lastpos); +X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); +CMS_ReceiptRequest *CMS_ReceiptRequest_create0( + unsigned char *id, int idlen, int allorfirst, + STACK_OF(GENERAL_NAMES) *receiptList, + STACK_OF(GENERAL_NAMES) *receiptsTo); +CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex( + unsigned char *id, int idlen, int allorfirst, + STACK_OF(GENERAL_NAMES) *receiptList, + STACK_OF(GENERAL_NAMES) *receiptsTo, + OSSL_LIB_CTX *libctx); + +int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); +void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, + ASN1_STRING **pcid, + int *pallorfirst, + STACK_OF(GENERAL_NAMES) **plist, + STACK_OF(GENERAL_NAMES) **prto); +int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pukm); +STACK_OF(CMS_RecipientEncryptedKey) +*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri); + +int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, + X509_ALGOR **pubalg, + ASN1_BIT_STRING **pubkey, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); + +int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert); + +int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek, + ASN1_OCTET_STRING **keyid, + ASN1_GENERALIZEDTIME **tm, + CMS_OtherKeyAttribute **other, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, + X509 *cert); +int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk); +int CMS_RecipientInfo_kari_set0_pkey_and_peer(CMS_RecipientInfo *ri, EVP_PKEY *pk, X509 *peer); +EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri); +int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, + CMS_RecipientInfo *ri, + CMS_RecipientEncryptedKey *rek); + +int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, + ASN1_OCTET_STRING *ukm, int keylen); + +/* Backward compatibility for spelling errors. */ +# define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM +# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \ + CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/comp.h b/contrib/openssl-cmake/common/include/openssl/comp.h new file mode 100644 index 000000000000..90e39511fe8d --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/comp.h @@ -0,0 +1,98 @@ +/* + * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + + +#ifndef OPENSSL_COMP_H +# define OPENSSL_COMP_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_COMP_H +# endif + +# include + +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + + + +# ifndef OPENSSL_NO_COMP + +COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); +const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx); +int COMP_CTX_get_type(const COMP_CTX* comp); +int COMP_get_type(const COMP_METHOD *meth); +const char *COMP_get_name(const COMP_METHOD *meth); +void COMP_CTX_free(COMP_CTX *ctx); + +int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); +int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); + +COMP_METHOD *COMP_zlib(void); +COMP_METHOD *COMP_zlib_oneshot(void); +COMP_METHOD *COMP_brotli(void); +COMP_METHOD *COMP_brotli_oneshot(void); +COMP_METHOD *COMP_zstd(void); +COMP_METHOD *COMP_zstd_oneshot(void); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define COMP_zlib_cleanup() while(0) continue +# endif + +# ifdef OPENSSL_BIO_H +const BIO_METHOD *BIO_f_zlib(void); +const BIO_METHOD *BIO_f_brotli(void); +const BIO_METHOD *BIO_f_zstd(void); +# endif + +# endif + +typedef struct ssl_comp_st SSL_COMP; + +SKM_DEFINE_STACK_OF_INTERNAL(SSL_COMP, SSL_COMP, SSL_COMP) +#define sk_SSL_COMP_num(sk) OPENSSL_sk_num(ossl_check_const_SSL_COMP_sk_type(sk)) +#define sk_SSL_COMP_value(sk, idx) ((SSL_COMP *)OPENSSL_sk_value(ossl_check_const_SSL_COMP_sk_type(sk), (idx))) +#define sk_SSL_COMP_new(cmp) ((STACK_OF(SSL_COMP) *)OPENSSL_sk_new(ossl_check_SSL_COMP_compfunc_type(cmp))) +#define sk_SSL_COMP_new_null() ((STACK_OF(SSL_COMP) *)OPENSSL_sk_new_null()) +#define sk_SSL_COMP_new_reserve(cmp, n) ((STACK_OF(SSL_COMP) *)OPENSSL_sk_new_reserve(ossl_check_SSL_COMP_compfunc_type(cmp), (n))) +#define sk_SSL_COMP_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_SSL_COMP_sk_type(sk), (n)) +#define sk_SSL_COMP_free(sk) OPENSSL_sk_free(ossl_check_SSL_COMP_sk_type(sk)) +#define sk_SSL_COMP_zero(sk) OPENSSL_sk_zero(ossl_check_SSL_COMP_sk_type(sk)) +#define sk_SSL_COMP_delete(sk, i) ((SSL_COMP *)OPENSSL_sk_delete(ossl_check_SSL_COMP_sk_type(sk), (i))) +#define sk_SSL_COMP_delete_ptr(sk, ptr) ((SSL_COMP *)OPENSSL_sk_delete_ptr(ossl_check_SSL_COMP_sk_type(sk), ossl_check_SSL_COMP_type(ptr))) +#define sk_SSL_COMP_push(sk, ptr) OPENSSL_sk_push(ossl_check_SSL_COMP_sk_type(sk), ossl_check_SSL_COMP_type(ptr)) +#define sk_SSL_COMP_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_SSL_COMP_sk_type(sk), ossl_check_SSL_COMP_type(ptr)) +#define sk_SSL_COMP_pop(sk) ((SSL_COMP *)OPENSSL_sk_pop(ossl_check_SSL_COMP_sk_type(sk))) +#define sk_SSL_COMP_shift(sk) ((SSL_COMP *)OPENSSL_sk_shift(ossl_check_SSL_COMP_sk_type(sk))) +#define sk_SSL_COMP_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_SSL_COMP_sk_type(sk),ossl_check_SSL_COMP_freefunc_type(freefunc)) +#define sk_SSL_COMP_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_SSL_COMP_sk_type(sk), ossl_check_SSL_COMP_type(ptr), (idx)) +#define sk_SSL_COMP_set(sk, idx, ptr) ((SSL_COMP *)OPENSSL_sk_set(ossl_check_SSL_COMP_sk_type(sk), (idx), ossl_check_SSL_COMP_type(ptr))) +#define sk_SSL_COMP_find(sk, ptr) OPENSSL_sk_find(ossl_check_SSL_COMP_sk_type(sk), ossl_check_SSL_COMP_type(ptr)) +#define sk_SSL_COMP_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_SSL_COMP_sk_type(sk), ossl_check_SSL_COMP_type(ptr)) +#define sk_SSL_COMP_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_SSL_COMP_sk_type(sk), ossl_check_SSL_COMP_type(ptr), pnum) +#define sk_SSL_COMP_sort(sk) OPENSSL_sk_sort(ossl_check_SSL_COMP_sk_type(sk)) +#define sk_SSL_COMP_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_SSL_COMP_sk_type(sk)) +#define sk_SSL_COMP_dup(sk) ((STACK_OF(SSL_COMP) *)OPENSSL_sk_dup(ossl_check_const_SSL_COMP_sk_type(sk))) +#define sk_SSL_COMP_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(SSL_COMP) *)OPENSSL_sk_deep_copy(ossl_check_const_SSL_COMP_sk_type(sk), ossl_check_SSL_COMP_copyfunc_type(copyfunc), ossl_check_SSL_COMP_freefunc_type(freefunc))) +#define sk_SSL_COMP_set_cmp_func(sk, cmp) ((sk_SSL_COMP_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_SSL_COMP_sk_type(sk), ossl_check_SSL_COMP_compfunc_type(cmp))) + + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/conf.h b/contrib/openssl-cmake/common/include/openssl/conf.h new file mode 100644 index 000000000000..38576290bf64 --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/conf.h @@ -0,0 +1,214 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/conf.h.in + * + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + + +#ifndef OPENSSL_CONF_H +# define OPENSSL_CONF_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CONF_H +# endif + +# include +# include +# include +# include +# include +# include +# ifndef OPENSSL_NO_STDIO +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct { + char *section; + char *name; + char *value; +} CONF_VALUE; + +SKM_DEFINE_STACK_OF_INTERNAL(CONF_VALUE, CONF_VALUE, CONF_VALUE) +#define sk_CONF_VALUE_num(sk) OPENSSL_sk_num(ossl_check_const_CONF_VALUE_sk_type(sk)) +#define sk_CONF_VALUE_value(sk, idx) ((CONF_VALUE *)OPENSSL_sk_value(ossl_check_const_CONF_VALUE_sk_type(sk), (idx))) +#define sk_CONF_VALUE_new(cmp) ((STACK_OF(CONF_VALUE) *)OPENSSL_sk_new(ossl_check_CONF_VALUE_compfunc_type(cmp))) +#define sk_CONF_VALUE_new_null() ((STACK_OF(CONF_VALUE) *)OPENSSL_sk_new_null()) +#define sk_CONF_VALUE_new_reserve(cmp, n) ((STACK_OF(CONF_VALUE) *)OPENSSL_sk_new_reserve(ossl_check_CONF_VALUE_compfunc_type(cmp), (n))) +#define sk_CONF_VALUE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_CONF_VALUE_sk_type(sk), (n)) +#define sk_CONF_VALUE_free(sk) OPENSSL_sk_free(ossl_check_CONF_VALUE_sk_type(sk)) +#define sk_CONF_VALUE_zero(sk) OPENSSL_sk_zero(ossl_check_CONF_VALUE_sk_type(sk)) +#define sk_CONF_VALUE_delete(sk, i) ((CONF_VALUE *)OPENSSL_sk_delete(ossl_check_CONF_VALUE_sk_type(sk), (i))) +#define sk_CONF_VALUE_delete_ptr(sk, ptr) ((CONF_VALUE *)OPENSSL_sk_delete_ptr(ossl_check_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_type(ptr))) +#define sk_CONF_VALUE_push(sk, ptr) OPENSSL_sk_push(ossl_check_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_type(ptr)) +#define sk_CONF_VALUE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_type(ptr)) +#define sk_CONF_VALUE_pop(sk) ((CONF_VALUE *)OPENSSL_sk_pop(ossl_check_CONF_VALUE_sk_type(sk))) +#define sk_CONF_VALUE_shift(sk) ((CONF_VALUE *)OPENSSL_sk_shift(ossl_check_CONF_VALUE_sk_type(sk))) +#define sk_CONF_VALUE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_CONF_VALUE_sk_type(sk),ossl_check_CONF_VALUE_freefunc_type(freefunc)) +#define sk_CONF_VALUE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_type(ptr), (idx)) +#define sk_CONF_VALUE_set(sk, idx, ptr) ((CONF_VALUE *)OPENSSL_sk_set(ossl_check_CONF_VALUE_sk_type(sk), (idx), ossl_check_CONF_VALUE_type(ptr))) +#define sk_CONF_VALUE_find(sk, ptr) OPENSSL_sk_find(ossl_check_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_type(ptr)) +#define sk_CONF_VALUE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_type(ptr)) +#define sk_CONF_VALUE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_type(ptr), pnum) +#define sk_CONF_VALUE_sort(sk) OPENSSL_sk_sort(ossl_check_CONF_VALUE_sk_type(sk)) +#define sk_CONF_VALUE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_CONF_VALUE_sk_type(sk)) +#define sk_CONF_VALUE_dup(sk) ((STACK_OF(CONF_VALUE) *)OPENSSL_sk_dup(ossl_check_const_CONF_VALUE_sk_type(sk))) +#define sk_CONF_VALUE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(CONF_VALUE) *)OPENSSL_sk_deep_copy(ossl_check_const_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_copyfunc_type(copyfunc), ossl_check_CONF_VALUE_freefunc_type(freefunc))) +#define sk_CONF_VALUE_set_cmp_func(sk, cmp) ((sk_CONF_VALUE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_compfunc_type(cmp))) +DEFINE_LHASH_OF_INTERNAL(CONF_VALUE); +#define lh_CONF_VALUE_new(hfn, cmp) ((LHASH_OF(CONF_VALUE) *)OPENSSL_LH_set_thunks(OPENSSL_LH_new(ossl_check_CONF_VALUE_lh_hashfunc_type(hfn), ossl_check_CONF_VALUE_lh_compfunc_type(cmp)), lh_CONF_VALUE_hash_thunk, lh_CONF_VALUE_comp_thunk, lh_CONF_VALUE_doall_thunk, lh_CONF_VALUE_doall_arg_thunk)) +#define lh_CONF_VALUE_free(lh) OPENSSL_LH_free(ossl_check_CONF_VALUE_lh_type(lh)) +#define lh_CONF_VALUE_flush(lh) OPENSSL_LH_flush(ossl_check_CONF_VALUE_lh_type(lh)) +#define lh_CONF_VALUE_insert(lh, ptr) ((CONF_VALUE *)OPENSSL_LH_insert(ossl_check_CONF_VALUE_lh_type(lh), ossl_check_CONF_VALUE_lh_plain_type(ptr))) +#define lh_CONF_VALUE_delete(lh, ptr) ((CONF_VALUE *)OPENSSL_LH_delete(ossl_check_CONF_VALUE_lh_type(lh), ossl_check_const_CONF_VALUE_lh_plain_type(ptr))) +#define lh_CONF_VALUE_retrieve(lh, ptr) ((CONF_VALUE *)OPENSSL_LH_retrieve(ossl_check_CONF_VALUE_lh_type(lh), ossl_check_const_CONF_VALUE_lh_plain_type(ptr))) +#define lh_CONF_VALUE_error(lh) OPENSSL_LH_error(ossl_check_CONF_VALUE_lh_type(lh)) +#define lh_CONF_VALUE_num_items(lh) OPENSSL_LH_num_items(ossl_check_CONF_VALUE_lh_type(lh)) +#define lh_CONF_VALUE_node_stats_bio(lh, out) OPENSSL_LH_node_stats_bio(ossl_check_const_CONF_VALUE_lh_type(lh), out) +#define lh_CONF_VALUE_node_usage_stats_bio(lh, out) OPENSSL_LH_node_usage_stats_bio(ossl_check_const_CONF_VALUE_lh_type(lh), out) +#define lh_CONF_VALUE_stats_bio(lh, out) OPENSSL_LH_stats_bio(ossl_check_const_CONF_VALUE_lh_type(lh), out) +#define lh_CONF_VALUE_get_down_load(lh) OPENSSL_LH_get_down_load(ossl_check_CONF_VALUE_lh_type(lh)) +#define lh_CONF_VALUE_set_down_load(lh, dl) OPENSSL_LH_set_down_load(ossl_check_CONF_VALUE_lh_type(lh), dl) +#define lh_CONF_VALUE_doall(lh, dfn) OPENSSL_LH_doall(ossl_check_CONF_VALUE_lh_type(lh), ossl_check_CONF_VALUE_lh_doallfunc_type(dfn)) + + +struct conf_st; +struct conf_method_st; +typedef struct conf_method_st CONF_METHOD; + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# include +# endif + +/* Module definitions */ +typedef struct conf_imodule_st CONF_IMODULE; +typedef struct conf_module_st CONF_MODULE; + +STACK_OF(CONF_MODULE); +STACK_OF(CONF_IMODULE); + +/* DSO module function typedefs */ +typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf); +typedef void conf_finish_func (CONF_IMODULE *md); + +# define CONF_MFLAGS_IGNORE_ERRORS 0x1 +# define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 +# define CONF_MFLAGS_SILENT 0x4 +# define CONF_MFLAGS_NO_DSO 0x8 +# define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 +# define CONF_MFLAGS_DEFAULT_SECTION 0x20 + +int CONF_set_default_method(CONF_METHOD *meth); +void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash); +LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, + long *eline); +# ifndef OPENSSL_NO_STDIO +LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, + long *eline); +# endif +LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, + long *eline); +STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, + const char *section); +char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +void CONF_free(LHASH_OF(CONF_VALUE) *conf); +#ifndef OPENSSL_NO_STDIO +int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); +#endif +int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +OSSL_DEPRECATEDIN_1_1_0 void OPENSSL_config(const char *config_name); +#endif + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define OPENSSL_no_config() \ + OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL) +#endif + +/* + * New conf code. The semantics are different from the functions above. If + * that wasn't the case, the above functions would have been replaced + */ + +CONF *NCONF_new_ex(OSSL_LIB_CTX *libctx, CONF_METHOD *meth); +OSSL_LIB_CTX *NCONF_get0_libctx(const CONF *conf); +CONF *NCONF_new(CONF_METHOD *meth); +CONF_METHOD *NCONF_default(void); +#ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 CONF_METHOD *NCONF_WIN32(void); +#endif +void NCONF_free(CONF *conf); +void NCONF_free_data(CONF *conf); + +int NCONF_load(CONF *conf, const char *file, long *eline); +# ifndef OPENSSL_NO_STDIO +int NCONF_load_fp(CONF *conf, FILE *fp, long *eline); +# endif +int NCONF_load_bio(CONF *conf, BIO *bp, long *eline); +STACK_OF(OPENSSL_CSTRING) *NCONF_get_section_names(const CONF *conf); +STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, + const char *section); +char *NCONF_get_string(const CONF *conf, const char *group, const char *name); +int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, + long *result); +#ifndef OPENSSL_NO_STDIO +int NCONF_dump_fp(const CONF *conf, FILE *out); +#endif +int NCONF_dump_bio(const CONF *conf, BIO *out); + +#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) + +/* Module functions */ + +int CONF_modules_load(const CONF *cnf, const char *appname, + unsigned long flags); +int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename, + const char *appname, unsigned long flags); +int CONF_modules_load_file(const char *filename, const char *appname, + unsigned long flags); +void CONF_modules_unload(int all); +void CONF_modules_finish(void); +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define CONF_modules_free() while(0) continue +#endif +int CONF_module_add(const char *name, conf_init_func *ifunc, + conf_finish_func *ffunc); + +const char *CONF_imodule_get_name(const CONF_IMODULE *md); +const char *CONF_imodule_get_value(const CONF_IMODULE *md); +void *CONF_imodule_get_usr_data(const CONF_IMODULE *md); +void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data); +CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md); +unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md); +void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags); +void *CONF_module_get_usr_data(CONF_MODULE *pmod); +void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data); + +char *CONF_get1_default_config_file(void); + +int CONF_parse_list(const char *list, int sep, int nospc, + int (*list_cb) (const char *elem, int len, void *usr), + void *arg); + +void OPENSSL_load_builtin_modules(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/configuration.h b/contrib/openssl-cmake/common/include/openssl/configuration.h new file mode 100644 index 000000000000..30076cd6b66f --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/configuration.h @@ -0,0 +1,185 @@ +/* + * WARNING: do not edit! + * Generated by configdata.pm from Configurations/common0.tmpl, Configurations/unix-Makefile.tmpl + * via Makefile.in + * + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CONFIGURATION_H +# define OPENSSL_CONFIGURATION_H +# pragma once + +# ifdef __cplusplus +extern "C" { +# endif + +# ifdef OPENSSL_ALGORITHM_DEFINES +# error OPENSSL_ALGORITHM_DEFINES no longer supported +# endif + +/* + * OpenSSL was configured with the following options: + */ + +# define OPENSSL_CONFIGURED_API 30500 +# ifndef OPENSSL_RAND_SEED_OS +# define OPENSSL_RAND_SEED_OS +# endif +# ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +# endif +# ifndef OPENSSL_NO_ACVP_TESTS +# define OPENSSL_NO_ACVP_TESTS +# endif +# ifndef OPENSSL_NO_ASAN +# define OPENSSL_NO_ASAN +# endif +# ifndef OPENSSL_NO_BROTLI +# define OPENSSL_NO_BROTLI +# endif +# ifndef OPENSSL_NO_BROTLI_DYNAMIC +# define OPENSSL_NO_BROTLI_DYNAMIC +# endif +# ifndef OPENSSL_NO_CRYPTO_MDEBUG +# define OPENSSL_NO_CRYPTO_MDEBUG +# endif +# ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +# endif +# ifndef OPENSSL_NO_DEMOS +# define OPENSSL_NO_DEMOS +# endif +# ifndef OPENSSL_NO_DEVCRYPTOENG +# define OPENSSL_NO_DEVCRYPTOENG +# endif +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 +# endif +# ifndef OPENSSL_NO_EGD +# define OPENSSL_NO_EGD +# endif +# ifndef OPENSSL_NO_EXTERNAL_TESTS +# define OPENSSL_NO_EXTERNAL_TESTS +# endif +# ifndef OPENSSL_NO_FIPS_JITTER +# define OPENSSL_NO_FIPS_JITTER +# endif +# ifndef OPENSSL_NO_FIPS_POST +# define OPENSSL_NO_FIPS_POST +# endif +# ifndef OPENSSL_NO_FIPS_SECURITYCHECKS +# define OPENSSL_NO_FIPS_SECURITYCHECKS +# endif +# ifndef OPENSSL_NO_FUZZ_AFL +# define OPENSSL_NO_FUZZ_AFL +# endif +# ifndef OPENSSL_NO_FUZZ_LIBFUZZER +# define OPENSSL_NO_FUZZ_LIBFUZZER +# endif +# ifndef OPENSSL_NO_H3DEMO +# define OPENSSL_NO_H3DEMO +# endif +# ifndef OPENSSL_NO_HQINTEROP +# define OPENSSL_NO_HQINTEROP +# endif +# ifndef OPENSSL_NO_JITTER +# define OPENSSL_NO_JITTER +# endif +# ifndef OPENSSL_NO_KTLS +# define OPENSSL_NO_KTLS +# endif +# ifndef OPENSSL_NO_MD2 +# define OPENSSL_NO_MD2 +# endif +# ifndef OPENSSL_NO_MSAN +# define OPENSSL_NO_MSAN +# endif +# ifndef OPENSSL_NO_PIE +# define OPENSSL_NO_PIE +# endif +# ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +# endif +# ifndef OPENSSL_NO_SCTP +# define OPENSSL_NO_SCTP +# endif +# ifndef OPENSSL_NO_SSL3 +# define OPENSSL_NO_SSL3 +# endif +# ifndef OPENSSL_NO_SSL3_METHOD +# define OPENSSL_NO_SSL3_METHOD +# endif +# ifndef OPENSSL_NO_SSLKEYLOG +# define OPENSSL_NO_SSLKEYLOG +# endif +# ifndef OPENSSL_NO_TFO +# define OPENSSL_NO_TFO +# endif +# ifndef OPENSSL_NO_TRACE +# define OPENSSL_NO_TRACE +# endif +# ifndef OPENSSL_NO_UBSAN +# define OPENSSL_NO_UBSAN +# endif +# ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST +# endif +# ifndef OPENSSL_NO_UPLINK +# define OPENSSL_NO_UPLINK +# endif +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS +# define OPENSSL_NO_WEAK_SSL_CIPHERS +# endif +# ifndef OPENSSL_NO_WINSTORE +# define OPENSSL_NO_WINSTORE +# endif +# ifndef OPENSSL_NO_ZLIB +# define OPENSSL_NO_ZLIB +# endif +# ifndef OPENSSL_NO_ZLIB_DYNAMIC +# define OPENSSL_NO_ZLIB_DYNAMIC +# endif +# ifndef OPENSSL_NO_ZSTD +# define OPENSSL_NO_ZSTD +# endif +# ifndef OPENSSL_NO_ZSTD_DYNAMIC +# define OPENSSL_NO_ZSTD_DYNAMIC +# endif +# ifndef OPENSSL_NO_STATIC_ENGINE +# define OPENSSL_NO_STATIC_ENGINE +# endif + + +/* Generate 80386 code? */ +# undef I386_ONLY + +/* + * The following are cipher-specific, but are part of the public API. + */ +# if !defined(OPENSSL_SYS_UEFI) +# undef BN_LLONG +/* Only one for the following should be defined */ +# define SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# undef THIRTY_TWO_BIT +# endif + +# define RC4_INT unsigned int + +# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB)) +# define OPENSSL_NO_COMP_ALG +# else +# undef OPENSSL_NO_COMP_ALG +# endif + +# ifdef __cplusplus +} +# endif + +#endif /* OPENSSL_CONFIGURATION_H */ diff --git a/contrib/openssl-cmake/common/include/openssl/core_names.h b/contrib/openssl-cmake/common/include/openssl/core_names.h new file mode 100644 index 000000000000..e93e79a52bc9 --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/core_names.h @@ -0,0 +1,575 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/core_names.h.in + * + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + +#ifndef OPENSSL_CORE_NAMES_H +# define OPENSSL_CORE_NAMES_H +# pragma once + +# ifdef __cplusplus +extern "C" { +# endif + +/* OSSL_CIPHER_PARAM_CTS_MODE Values */ +# define OSSL_CIPHER_CTS_MODE_CS1 "CS1" +# define OSSL_CIPHER_CTS_MODE_CS2 "CS2" +# define OSSL_CIPHER_CTS_MODE_CS3 "CS3" + +/* Known CIPHER names (not a complete list) */ +# define OSSL_CIPHER_NAME_AES_128_GCM_SIV "AES-128-GCM-SIV" +# define OSSL_CIPHER_NAME_AES_192_GCM_SIV "AES-192-GCM-SIV" +# define OSSL_CIPHER_NAME_AES_256_GCM_SIV "AES-256-GCM-SIV" + +/* Known DIGEST names (not a complete list) */ +# define OSSL_DIGEST_NAME_MD5 "MD5" +# define OSSL_DIGEST_NAME_MD5_SHA1 "MD5-SHA1" +# define OSSL_DIGEST_NAME_SHA1 "SHA1" +# define OSSL_DIGEST_NAME_SHA2_224 "SHA2-224" +# define OSSL_DIGEST_NAME_SHA2_256 "SHA2-256" +# define OSSL_DIGEST_NAME_SHA2_256_192 "SHA2-256/192" +# define OSSL_DIGEST_NAME_SHA2_384 "SHA2-384" +# define OSSL_DIGEST_NAME_SHA2_512 "SHA2-512" +# define OSSL_DIGEST_NAME_SHA2_512_224 "SHA2-512/224" +# define OSSL_DIGEST_NAME_SHA2_512_256 "SHA2-512/256" +# define OSSL_DIGEST_NAME_MD2 "MD2" +# define OSSL_DIGEST_NAME_MD4 "MD4" +# define OSSL_DIGEST_NAME_MDC2 "MDC2" +# define OSSL_DIGEST_NAME_RIPEMD160 "RIPEMD160" +# define OSSL_DIGEST_NAME_SHA3_224 "SHA3-224" +# define OSSL_DIGEST_NAME_SHA3_256 "SHA3-256" +# define OSSL_DIGEST_NAME_SHA3_384 "SHA3-384" +# define OSSL_DIGEST_NAME_SHA3_512 "SHA3-512" +# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128" +# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256" +# define OSSL_DIGEST_NAME_SM3 "SM3" + +/* Known MAC names */ +# define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC" +# define OSSL_MAC_NAME_BLAKE2SMAC "BLAKE2SMAC" +# define OSSL_MAC_NAME_CMAC "CMAC" +# define OSSL_MAC_NAME_GMAC "GMAC" +# define OSSL_MAC_NAME_HMAC "HMAC" +# define OSSL_MAC_NAME_KMAC128 "KMAC128" +# define OSSL_MAC_NAME_KMAC256 "KMAC256" +# define OSSL_MAC_NAME_POLY1305 "POLY1305" +# define OSSL_MAC_NAME_SIPHASH "SIPHASH" + +/* Known KDF names */ +# define OSSL_KDF_NAME_HKDF "HKDF" +# define OSSL_KDF_NAME_TLS1_3_KDF "TLS13-KDF" +# define OSSL_KDF_NAME_PBKDF1 "PBKDF1" +# define OSSL_KDF_NAME_PBKDF2 "PBKDF2" +# define OSSL_KDF_NAME_SCRYPT "SCRYPT" +# define OSSL_KDF_NAME_SSHKDF "SSHKDF" +# define OSSL_KDF_NAME_SSKDF "SSKDF" +# define OSSL_KDF_NAME_TLS1_PRF "TLS1-PRF" +# define OSSL_KDF_NAME_X942KDF_ASN1 "X942KDF-ASN1" +# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT" +# define OSSL_KDF_NAME_X963KDF "X963KDF" +# define OSSL_KDF_NAME_KBKDF "KBKDF" +# define OSSL_KDF_NAME_KRB5KDF "KRB5KDF" +# define OSSL_KDF_NAME_HMACDRBGKDF "HMAC-DRBG-KDF" + +/* RSA padding modes */ +# define OSSL_PKEY_RSA_PAD_MODE_NONE "none" +# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1" +# define OSSL_PKEY_RSA_PAD_MODE_OAEP "oaep" +# define OSSL_PKEY_RSA_PAD_MODE_X931 "x931" +# define OSSL_PKEY_RSA_PAD_MODE_PSS "pss" + +/* RSA pss padding salt length */ +# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest" +# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX "max" +# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO "auto" +# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax" + +/* OSSL_PKEY_PARAM_EC_ENCODING values */ +# define OSSL_PKEY_EC_ENCODING_EXPLICIT "explicit" +# define OSSL_PKEY_EC_ENCODING_GROUP "named_curve" + +# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed" +# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED "compressed" +# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID "hybrid" + +# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT "default" +# define OSSL_PKEY_EC_GROUP_CHECK_NAMED "named" +# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST "named-nist" + +/* PROV_SKEY well known key types */ +# define OSSL_SKEY_TYPE_GENERIC "GENERIC-SECRET" +# define OSSL_SKEY_TYPE_AES "AES" + +/* OSSL_KEM_PARAM_OPERATION values */ +#define OSSL_KEM_PARAM_OPERATION_RSASVE "RSASVE" +#define OSSL_KEM_PARAM_OPERATION_DHKEM "DHKEM" + +/* Provider configuration variables */ +#define OSSL_PKEY_RETAIN_SEED "pkey_retain_seed" + +/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */ +# define OSSL_ALG_PARAM_ALGORITHM_ID "algorithm-id" +# define OSSL_ALG_PARAM_ALGORITHM_ID_PARAMS "algorithm-id-params" +# define OSSL_ALG_PARAM_CIPHER "cipher" +# define OSSL_ALG_PARAM_DIGEST "digest" +# define OSSL_ALG_PARAM_ENGINE "engine" +# define OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR "fips-indicator" +# define OSSL_ALG_PARAM_MAC "mac" +# define OSSL_ALG_PARAM_PROPERTIES "properties" +# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST +# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE +# define OSSL_ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR +# define OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK OSSL_PKEY_PARAM_FIPS_KEY_CHECK +# define OSSL_ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED OSSL_PROV_PARAM_RSA_PKCS15_PAD_DISABLED +# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection" +# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST +# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES +# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST +# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props" +# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" +# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE +# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES +# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" +# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" +# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg" +# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id" +# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem" +# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls" +# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls" +# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls" +# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls" +# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name" +# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal" +# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits" +# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point" +# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name" +# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid" +# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name" +# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype" +# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid" +# define OSSL_CAPABILITY_TLS_SIGALG_MAX_DTLS "tls-max-dtls" +# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls" +# define OSSL_CAPABILITY_TLS_SIGALG_MIN_DTLS "tls-min-dtls" +# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls" +# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name" +# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid" +# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits" +# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name" +# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid" +# define OSSL_CIPHER_PARAM_AEAD "aead" +# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN +# define OSSL_CIPHER_PARAM_AEAD_IV_GENERATED "iv-generated" +# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey" +# define OSSL_CIPHER_PARAM_AEAD_TAG "tag" +# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen" +# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad" +# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad" +# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen" +# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed" +# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv" +# define OSSL_CIPHER_PARAM_ALGORITHM_ID OSSL_ALG_PARAM_ALGORITHM_ID +# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS OSSL_ALG_PARAM_ALGORITHM_ID_PARAMS +# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS_OLD "alg_id_param" +# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" +# define OSSL_CIPHER_PARAM_CTS "cts" +# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode" +# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv" +# define OSSL_CIPHER_PARAM_DECRYPT_ONLY "decrypt-only" +# define OSSL_CIPHER_PARAM_FIPS_APPROVED_INDICATOR OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR +# define OSSL_CIPHER_PARAM_FIPS_ENCRYPT_CHECK "encrypt-check" +# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey" +# define OSSL_CIPHER_PARAM_IV "iv" +# define OSSL_CIPHER_PARAM_IVLEN "ivlen" +# define OSSL_CIPHER_PARAM_KEYLEN "keylen" +# define OSSL_CIPHER_PARAM_MODE "mode" +# define OSSL_CIPHER_PARAM_NUM "num" +# define OSSL_CIPHER_PARAM_PADDING "padding" +# define OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG "pipeline-tag" +# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey" +# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits" +# define OSSL_CIPHER_PARAM_ROUNDS "rounds" +# define OSSL_CIPHER_PARAM_SPEED "speed" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag" +# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac" +# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size" +# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version" +# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv" +# define OSSL_CIPHER_PARAM_USE_BITS "use-bits" +# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard" +# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent" +# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize" +# define OSSL_DIGEST_PARAM_MICALG "micalg" +# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type" +# define OSSL_DIGEST_PARAM_SIZE "size" +# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms" +# define OSSL_DIGEST_PARAM_XOF "xof" +# define OSSL_DIGEST_PARAM_XOFLEN "xoflen" +# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER +# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST +# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required" +# define OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR +# define OSSL_DRBG_PARAM_FIPS_DIGEST_CHECK OSSL_PKEY_PARAM_FIPS_DIGEST_CHECK +# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC +# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen" +# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen" +# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length" +# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen" +# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen" +# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen" +# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length" +# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen" +# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance" +# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data" +# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter" +# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests" +# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time" +# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval" +# define OSSL_DRBG_PARAM_SIZE "size" +# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function" +# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER +# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level" +# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters" +# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" +# define OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR +# define OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK OSSL_PKEY_PARAM_FIPS_DIGEST_CHECK +# define OSSL_EXCHANGE_PARAM_FIPS_ECDH_COFACTOR_CHECK OSSL_PROV_PARAM_ECDH_COFACTOR_CHECK +# define OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK OSSL_PKEY_PARAM_FIPS_KEY_CHECK +# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest" +# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props" +# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen" +# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type" +# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm" +# define OSSL_EXCHANGE_PARAM_PAD "pad" +# define OSSL_GEN_PARAM_ITERATION "iteration" +# define OSSL_GEN_PARAM_POTENTIAL "potential" +# define OSSL_KDF_PARAM_ARGON2_AD "ad" +# define OSSL_KDF_PARAM_ARGON2_LANES "lanes" +# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost" +# define OSSL_KDF_PARAM_ARGON2_VERSION "version" +# define OSSL_KDF_PARAM_CEK_ALG "cekalg" +# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER +# define OSSL_KDF_PARAM_CONSTANT "constant" +# define OSSL_KDF_PARAM_DATA "data" +# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST +# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean" +# define OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR +# define OSSL_KDF_PARAM_FIPS_DIGEST_CHECK OSSL_PKEY_PARAM_FIPS_DIGEST_CHECK +# define OSSL_KDF_PARAM_FIPS_EMS_CHECK "ems_check" +# define OSSL_KDF_PARAM_FIPS_KEY_CHECK OSSL_PKEY_PARAM_FIPS_KEY_CHECK +# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy" +# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce" +# define OSSL_KDF_PARAM_INFO "info" +# define OSSL_KDF_PARAM_ITER "iter" +# define OSSL_KDF_PARAM_KBKDF_R "r" +# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l" +# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator" +# define OSSL_KDF_PARAM_KEY "key" +# define OSSL_KDF_PARAM_LABEL "label" +# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC +# define OSSL_KDF_PARAM_MAC_SIZE "maclen" +# define OSSL_KDF_PARAM_MODE "mode" +# define OSSL_KDF_PARAM_PASSWORD "pass" +# define OSSL_KDF_PARAM_PKCS12_ID "id" +# define OSSL_KDF_PARAM_PKCS5 "pkcs5" +# define OSSL_KDF_PARAM_PREFIX "prefix" +# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +# define OSSL_KDF_PARAM_SALT "salt" +# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" +# define OSSL_KDF_PARAM_SCRYPT_N "n" +# define OSSL_KDF_PARAM_SCRYPT_P "p" +# define OSSL_KDF_PARAM_SCRYPT_R "r" +# define OSSL_KDF_PARAM_SECRET "secret" +# define OSSL_KDF_PARAM_SEED "seed" +# define OSSL_KDF_PARAM_SIZE "size" +# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" +# define OSSL_KDF_PARAM_SSHKDF_TYPE "type" +# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" +# define OSSL_KDF_PARAM_THREADS "threads" +# define OSSL_KDF_PARAM_UKM "ukm" +# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info" +# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info" +# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info" +# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo" +# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo" +# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits" +# define OSSL_KEM_PARAM_FIPS_APPROVED_INDICATOR OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR +# define OSSL_KEM_PARAM_FIPS_KEY_CHECK OSSL_PKEY_PARAM_FIPS_KEY_CHECK +# define OSSL_KEM_PARAM_IKME "ikme" +# define OSSL_KEM_PARAM_OPERATION "operation" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_HS_PADDING "hs_padding" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm" +# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len" +# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size" +# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER +# define OSSL_MAC_PARAM_CUSTOM "custom" +# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds" +# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST +# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit" +# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" +# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds" +# define OSSL_MAC_PARAM_FIPS_APPROVED_INDICATOR OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR +# define OSSL_MAC_PARAM_FIPS_KEY_CHECK OSSL_PKEY_PARAM_FIPS_KEY_CHECK +# define OSSL_MAC_PARAM_FIPS_NO_SHORT_MAC OSSL_PROV_PARAM_NO_SHORT_MAC +# define OSSL_MAC_PARAM_IV "iv" +# define OSSL_MAC_PARAM_KEY "key" +# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +# define OSSL_MAC_PARAM_SALT "salt" +# define OSSL_MAC_PARAM_SIZE "size" +# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size" +# define OSSL_MAC_PARAM_XOF "xof" +# define OSSL_OBJECT_PARAM_DATA "data" +# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure" +# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type" +# define OSSL_OBJECT_PARAM_DESC "desc" +# define OSSL_OBJECT_PARAM_INPUT_TYPE "input-type" +# define OSSL_OBJECT_PARAM_REFERENCE "reference" +# define OSSL_OBJECT_PARAM_TYPE "type" +# define OSSL_PASSPHRASE_PARAM_INFO "info" +# define OSSL_PKEY_PARAM_ALGORITHM_ID OSSL_ALG_PARAM_ALGORITHM_ID +# define OSSL_PKEY_PARAM_ALGORITHM_ID_PARAMS OSSL_ALG_PARAM_ALGORITHM_ID_PARAMS +# define OSSL_PKEY_PARAM_BITS "bits" +# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER +# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest" +# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm" +# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator" +# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len" +# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST +# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size" +# define OSSL_PKEY_PARAM_DIST_ID "distid" +# define OSSL_PKEY_PARAM_EC_A "a" +# define OSSL_PKEY_PARAM_EC_B "b" +# define OSSL_PKEY_PARAM_EC_CHAR2_M "m" +# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1" +# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2" +# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3" +# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp" +# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type" +# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor" +# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit" +# define OSSL_PKEY_PARAM_EC_ENCODING "encoding" +# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type" +# define OSSL_PKEY_PARAM_EC_GENERATOR "generator" +# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check" +# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public" +# define OSSL_PKEY_PARAM_EC_ORDER "order" +# define OSSL_PKEY_PARAM_EC_P "p" +# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format" +# define OSSL_PKEY_PARAM_EC_PUB_X "qx" +# define OSSL_PKEY_PARAM_EC_PUB_Y "qy" +# define OSSL_PKEY_PARAM_EC_SEED "seed" +# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key" +# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE +# define OSSL_PKEY_PARAM_FFC_COFACTOR "j" +# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST +# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES +# define OSSL_PKEY_PARAM_FFC_G "g" +# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex" +# define OSSL_PKEY_PARAM_FFC_H "hindex" +# define OSSL_PKEY_PARAM_FFC_P "p" +# define OSSL_PKEY_PARAM_FFC_PBITS "pbits" +# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter" +# define OSSL_PKEY_PARAM_FFC_Q "q" +# define OSSL_PKEY_PARAM_FFC_QBITS "qbits" +# define OSSL_PKEY_PARAM_FFC_SEED "seed" +# define OSSL_PKEY_PARAM_FFC_TYPE "type" +# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g" +# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy" +# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq" +# define OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR +# define OSSL_PKEY_PARAM_FIPS_DIGEST_CHECK "digest-check" +# define OSSL_PKEY_PARAM_FIPS_KEY_CHECK "key-check" +# define OSSL_PKEY_PARAM_FIPS_SIGN_CHECK "sign-check" +# define OSSL_PKEY_PARAM_GROUP_NAME "group" +# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection" +# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest" +# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf" +# define OSSL_PKEY_PARAM_MAX_SIZE "max-size" +# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest" +# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties" +# define OSSL_PKEY_PARAM_ML_DSA_INPUT_FORMATS "ml-dsa.input_formats" +# define OSSL_PKEY_PARAM_ML_DSA_OUTPUT_FORMATS "ml-dsa.output_formats" +# define OSSL_PKEY_PARAM_ML_DSA_PREFER_SEED "ml-dsa.prefer_seed" +# define OSSL_PKEY_PARAM_ML_DSA_RETAIN_SEED "ml-dsa.retain_seed" +# define OSSL_PKEY_PARAM_ML_DSA_SEED "seed" +# define OSSL_PKEY_PARAM_ML_KEM_IMPORT_PCT_TYPE "ml-kem.import_pct_type" +# define OSSL_PKEY_PARAM_ML_KEM_INPUT_FORMATS "ml-kem.input_formats" +# define OSSL_PKEY_PARAM_ML_KEM_OUTPUT_FORMATS "ml-kem.output_formats" +# define OSSL_PKEY_PARAM_ML_KEM_PREFER_SEED "ml-kem.prefer_seed" +# define OSSL_PKEY_PARAM_ML_KEM_RETAIN_SEED "ml-kem.retain_seed" +# define OSSL_PKEY_PARAM_ML_KEM_SEED "seed" +# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode" +# define OSSL_PKEY_PARAM_PRIV_KEY "priv" +# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +# define OSSL_PKEY_PARAM_PUB_KEY "pub" +# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9" +# define OSSL_PKEY_PARAM_RSA_D "d" +# define OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ "rsa-derive-from-pq" +# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST +# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES +# define OSSL_PKEY_PARAM_RSA_E "e" +# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent" +# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1" +# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10" +# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2" +# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3" +# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4" +# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5" +# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6" +# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7" +# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8" +# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9" +# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor" +# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1" +# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10" +# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2" +# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3" +# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4" +# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5" +# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6" +# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7" +# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8" +# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9" +# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC +# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST +# define OSSL_PKEY_PARAM_RSA_N "n" +# define OSSL_PKEY_PARAM_RSA_PRIMES "primes" +# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen" +# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1" +# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2" +# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1" +# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2" +# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp" +# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1" +# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2" +# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq" +# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1" +# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2" +# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits" +# define OSSL_PKEY_PARAM_SLH_DSA_SEED "seed" +# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG +# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag" +# define OSSL_PROV_PARAM_BUILDINFO "buildinfo" +# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" +# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name" +# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version" +# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md" +# define OSSL_PROV_PARAM_DSA_SIGN_DISABLED "dsa-sign-disabled" +# define OSSL_PROV_PARAM_ECDH_COFACTOR_CHECK "ecdh-cofactor-check" +# define OSSL_PROV_PARAM_HKDF_DIGEST_CHECK "hkdf-digest-check" +# define OSSL_PROV_PARAM_HKDF_KEY_CHECK "hkdf-key-check" +# define OSSL_PROV_PARAM_HMAC_KEY_CHECK "hmac-key-check" +# define OSSL_PROV_PARAM_KBKDF_KEY_CHECK "kbkdf-key-check" +# define OSSL_PROV_PARAM_KMAC_KEY_CHECK "kmac-key-check" +# define OSSL_PROV_PARAM_NAME "name" +# define OSSL_PROV_PARAM_NO_SHORT_MAC "no-short-mac" +# define OSSL_PROV_PARAM_PBKDF2_LOWER_BOUND_CHECK "pbkdf2-lower-bound-check" +# define OSSL_PROV_PARAM_RSA_PKCS15_PAD_DISABLED "rsa-pkcs15-pad-disabled" +# define OSSL_PROV_PARAM_RSA_PSS_SALTLEN_CHECK "rsa-pss-saltlen-check" +# define OSSL_PROV_PARAM_RSA_SIGN_X931_PAD_DISABLED "rsa-sign-x931-pad-disabled" +# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks" +# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc" +# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase" +# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type" +# define OSSL_PROV_PARAM_SIGNATURE_DIGEST_CHECK "signature-digest-check" +# define OSSL_PROV_PARAM_SSHKDF_DIGEST_CHECK "sshkdf-digest-check" +# define OSSL_PROV_PARAM_SSHKDF_KEY_CHECK "sshkdf-key-check" +# define OSSL_PROV_PARAM_SSKDF_DIGEST_CHECK "sskdf-digest-check" +# define OSSL_PROV_PARAM_SSKDF_KEY_CHECK "sskdf-key-check" +# define OSSL_PROV_PARAM_STATUS "status" +# define OSSL_PROV_PARAM_TDES_ENCRYPT_DISABLED "tdes-encrypt-disabled" +# define OSSL_PROV_PARAM_TLS13_KDF_DIGEST_CHECK "tls13-kdf-digest-check" +# define OSSL_PROV_PARAM_TLS13_KDF_KEY_CHECK "tls13-kdf-key-check" +# define OSSL_PROV_PARAM_TLS1_PRF_DIGEST_CHECK "tls1-prf-digest-check" +# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check" +# define OSSL_PROV_PARAM_TLS1_PRF_KEY_CHECK "tls1-prf-key-check" +# define OSSL_PROV_PARAM_VERSION "version" +# define OSSL_PROV_PARAM_X942KDF_KEY_CHECK "x942kdf-key-check" +# define OSSL_PROV_PARAM_X963KDF_DIGEST_CHECK "x963kdf-digest-check" +# define OSSL_PROV_PARAM_X963KDF_KEY_CHECK "x963kdf-key-check" +# define OSSL_RAND_PARAM_FIPS_APPROVED_INDICATOR OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR +# define OSSL_RAND_PARAM_GENERATE "generate" +# define OSSL_RAND_PARAM_MAX_REQUEST "max_request" +# define OSSL_RAND_PARAM_STATE "state" +# define OSSL_RAND_PARAM_STRENGTH "strength" +# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy" +# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce" +# define OSSL_SIGNATURE_PARAM_ADD_RANDOM "additional-random" +# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID OSSL_PKEY_PARAM_ALGORITHM_ID +# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID_PARAMS OSSL_PKEY_PARAM_ALGORITHM_ID_PARAMS +# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string" +# define OSSL_SIGNATURE_PARAM_DETERMINISTIC "deterministic" +# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST +# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE +# define OSSL_SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR +# define OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK OSSL_PKEY_PARAM_FIPS_DIGEST_CHECK +# define OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK OSSL_PKEY_PARAM_FIPS_KEY_CHECK +# define OSSL_SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK "rsa-pss-saltlen-check" +# define OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK OSSL_PKEY_PARAM_FIPS_SIGN_CHECK +# define OSSL_SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK "sign-x931-pad-check" +# define OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE "verify-message" +# define OSSL_SIGNATURE_PARAM_INSTANCE "instance" +# define OSSL_SIGNATURE_PARAM_KAT "kat" +# define OSSL_SIGNATURE_PARAM_MESSAGE_ENCODING "message-encoding" +# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST +# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES +# define OSSL_SIGNATURE_PARAM_MU "mu" +# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type" +# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE +# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES +# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen" +# define OSSL_SIGNATURE_PARAM_SIGNATURE "signature" +# define OSSL_SIGNATURE_PARAM_TEST_ENTROPY "test-entropy" +# define OSSL_SKEY_PARAM_KEY_LENGTH "key-length" +# define OSSL_SKEY_PARAM_RAW_BYTES "raw-bytes" +# define OSSL_STORE_PARAM_ALIAS "alias" +# define OSSL_STORE_PARAM_DIGEST "digest" +# define OSSL_STORE_PARAM_EXPECT "expect" +# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" +# define OSSL_STORE_PARAM_INPUT_TYPE "input-type" +# define OSSL_STORE_PARAM_ISSUER "name" +# define OSSL_STORE_PARAM_PROPERTIES "properties" +# define OSSL_STORE_PARAM_SERIAL "serial" +# define OSSL_STORE_PARAM_SUBJECT "subject" + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/crmf.h b/contrib/openssl-cmake/common/include/openssl/crmf.h new file mode 100644 index 000000000000..4bf550fd47da --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/crmf.h @@ -0,0 +1,278 @@ +/*- + * WARNING: do not edit! + * Generated by Makefile from include/openssl/crmf.h.in + * + * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Nokia 2007-2019 + * Copyright Siemens AG 2015-2019 + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * CRMF (RFC 4211) implementation by M. Peylo, M. Viljanen, and D. von Oheimb. + */ + + + +#ifndef OPENSSL_CRMF_H +# define OPENSSL_CRMF_H + +# include + +# ifndef OPENSSL_NO_CRMF +# include +# include +# include +# include /* for GENERAL_NAME etc. */ +# include + +/* explicit #includes not strictly needed since implied by the above: */ +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# define OSSL_CRMF_POPOPRIVKEY_THISMESSAGE 0 +# define OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE 1 +# define OSSL_CRMF_POPOPRIVKEY_DHMAC 2 +# define OSSL_CRMF_POPOPRIVKEY_AGREEMAC 3 +# define OSSL_CRMF_POPOPRIVKEY_ENCRYPTEDKEY 4 + +# define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT 0 +# define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP 1 +typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE) + +typedef struct ossl_crmf_encryptedkey_st OSSL_CRMF_ENCRYPTEDKEY; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDKEY) + +typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG) +DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG) +SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CRMF_MSG, OSSL_CRMF_MSG, OSSL_CRMF_MSG) +#define sk_OSSL_CRMF_MSG_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CRMF_MSG_sk_type(sk)) +#define sk_OSSL_CRMF_MSG_value(sk, idx) ((OSSL_CRMF_MSG *)OPENSSL_sk_value(ossl_check_const_OSSL_CRMF_MSG_sk_type(sk), (idx))) +#define sk_OSSL_CRMF_MSG_new(cmp) ((STACK_OF(OSSL_CRMF_MSG) *)OPENSSL_sk_new(ossl_check_OSSL_CRMF_MSG_compfunc_type(cmp))) +#define sk_OSSL_CRMF_MSG_new_null() ((STACK_OF(OSSL_CRMF_MSG) *)OPENSSL_sk_new_null()) +#define sk_OSSL_CRMF_MSG_new_reserve(cmp, n) ((STACK_OF(OSSL_CRMF_MSG) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_CRMF_MSG_compfunc_type(cmp), (n))) +#define sk_OSSL_CRMF_MSG_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_CRMF_MSG_sk_type(sk), (n)) +#define sk_OSSL_CRMF_MSG_free(sk) OPENSSL_sk_free(ossl_check_OSSL_CRMF_MSG_sk_type(sk)) +#define sk_OSSL_CRMF_MSG_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_CRMF_MSG_sk_type(sk)) +#define sk_OSSL_CRMF_MSG_delete(sk, i) ((OSSL_CRMF_MSG *)OPENSSL_sk_delete(ossl_check_OSSL_CRMF_MSG_sk_type(sk), (i))) +#define sk_OSSL_CRMF_MSG_delete_ptr(sk, ptr) ((OSSL_CRMF_MSG *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_CRMF_MSG_sk_type(sk), ossl_check_OSSL_CRMF_MSG_type(ptr))) +#define sk_OSSL_CRMF_MSG_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_CRMF_MSG_sk_type(sk), ossl_check_OSSL_CRMF_MSG_type(ptr)) +#define sk_OSSL_CRMF_MSG_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_CRMF_MSG_sk_type(sk), ossl_check_OSSL_CRMF_MSG_type(ptr)) +#define sk_OSSL_CRMF_MSG_pop(sk) ((OSSL_CRMF_MSG *)OPENSSL_sk_pop(ossl_check_OSSL_CRMF_MSG_sk_type(sk))) +#define sk_OSSL_CRMF_MSG_shift(sk) ((OSSL_CRMF_MSG *)OPENSSL_sk_shift(ossl_check_OSSL_CRMF_MSG_sk_type(sk))) +#define sk_OSSL_CRMF_MSG_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_CRMF_MSG_sk_type(sk),ossl_check_OSSL_CRMF_MSG_freefunc_type(freefunc)) +#define sk_OSSL_CRMF_MSG_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_CRMF_MSG_sk_type(sk), ossl_check_OSSL_CRMF_MSG_type(ptr), (idx)) +#define sk_OSSL_CRMF_MSG_set(sk, idx, ptr) ((OSSL_CRMF_MSG *)OPENSSL_sk_set(ossl_check_OSSL_CRMF_MSG_sk_type(sk), (idx), ossl_check_OSSL_CRMF_MSG_type(ptr))) +#define sk_OSSL_CRMF_MSG_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_CRMF_MSG_sk_type(sk), ossl_check_OSSL_CRMF_MSG_type(ptr)) +#define sk_OSSL_CRMF_MSG_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_CRMF_MSG_sk_type(sk), ossl_check_OSSL_CRMF_MSG_type(ptr)) +#define sk_OSSL_CRMF_MSG_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_CRMF_MSG_sk_type(sk), ossl_check_OSSL_CRMF_MSG_type(ptr), pnum) +#define sk_OSSL_CRMF_MSG_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_CRMF_MSG_sk_type(sk)) +#define sk_OSSL_CRMF_MSG_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_CRMF_MSG_sk_type(sk)) +#define sk_OSSL_CRMF_MSG_dup(sk) ((STACK_OF(OSSL_CRMF_MSG) *)OPENSSL_sk_dup(ossl_check_const_OSSL_CRMF_MSG_sk_type(sk))) +#define sk_OSSL_CRMF_MSG_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CRMF_MSG) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CRMF_MSG_sk_type(sk), ossl_check_OSSL_CRMF_MSG_copyfunc_type(copyfunc), ossl_check_OSSL_CRMF_MSG_freefunc_type(freefunc))) +#define sk_OSSL_CRMF_MSG_set_cmp_func(sk, cmp) ((sk_OSSL_CRMF_MSG_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CRMF_MSG_sk_type(sk), ossl_check_OSSL_CRMF_MSG_compfunc_type(cmp))) + +typedef struct ossl_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE; +void OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(OSSL_CRMF_ATTRIBUTETYPEANDVALUE *v); +DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) +SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, OSSL_CRMF_ATTRIBUTETYPEANDVALUE, OSSL_CRMF_ATTRIBUTETYPEANDVALUE) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk)) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_value(sk, idx) ((OSSL_CRMF_ATTRIBUTETYPEANDVALUE *)OPENSSL_sk_value(ossl_check_const_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk), (idx))) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new(cmp) ((STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *)OPENSSL_sk_new(ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_compfunc_type(cmp))) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new_null() ((STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *)OPENSSL_sk_new_null()) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new_reserve(cmp, n) ((STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_compfunc_type(cmp), (n))) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk), (n)) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(sk) OPENSSL_sk_free(ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk)) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk)) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_delete(sk, i) ((OSSL_CRMF_ATTRIBUTETYPEANDVALUE *)OPENSSL_sk_delete(ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk), (i))) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_delete_ptr(sk, ptr) ((OSSL_CRMF_ATTRIBUTETYPEANDVALUE *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk), ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_type(ptr))) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk), ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_type(ptr)) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk), ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_type(ptr)) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_pop(sk) ((OSSL_CRMF_ATTRIBUTETYPEANDVALUE *)OPENSSL_sk_pop(ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk))) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_shift(sk) ((OSSL_CRMF_ATTRIBUTETYPEANDVALUE *)OPENSSL_sk_shift(ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk))) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk),ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_freefunc_type(freefunc)) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk), ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_type(ptr), (idx)) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_set(sk, idx, ptr) ((OSSL_CRMF_ATTRIBUTETYPEANDVALUE *)OPENSSL_sk_set(ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk), (idx), ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_type(ptr))) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk), ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_type(ptr)) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk), ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_type(ptr)) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk), ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_type(ptr), pnum) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk)) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk)) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_dup(sk) ((STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *)OPENSSL_sk_dup(ossl_check_const_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk))) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk), ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_copyfunc_type(copyfunc), ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_freefunc_type(freefunc))) +#define sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_set_cmp_func(sk, cmp) ((sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_sk_type(sk), ossl_check_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_compfunc_type(cmp))) + + +typedef struct ossl_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER) +typedef struct ossl_crmf_poposigningkey_st OSSL_CRMF_POPOSIGNINGKEY; +typedef struct ossl_crmf_certrequest_st OSSL_CRMF_CERTREQUEST; +typedef struct ossl_crmf_certid_st OSSL_CRMF_CERTID; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTID) +DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID) +SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CRMF_CERTID, OSSL_CRMF_CERTID, OSSL_CRMF_CERTID) +#define sk_OSSL_CRMF_CERTID_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CRMF_CERTID_sk_type(sk)) +#define sk_OSSL_CRMF_CERTID_value(sk, idx) ((OSSL_CRMF_CERTID *)OPENSSL_sk_value(ossl_check_const_OSSL_CRMF_CERTID_sk_type(sk), (idx))) +#define sk_OSSL_CRMF_CERTID_new(cmp) ((STACK_OF(OSSL_CRMF_CERTID) *)OPENSSL_sk_new(ossl_check_OSSL_CRMF_CERTID_compfunc_type(cmp))) +#define sk_OSSL_CRMF_CERTID_new_null() ((STACK_OF(OSSL_CRMF_CERTID) *)OPENSSL_sk_new_null()) +#define sk_OSSL_CRMF_CERTID_new_reserve(cmp, n) ((STACK_OF(OSSL_CRMF_CERTID) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_CRMF_CERTID_compfunc_type(cmp), (n))) +#define sk_OSSL_CRMF_CERTID_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), (n)) +#define sk_OSSL_CRMF_CERTID_free(sk) OPENSSL_sk_free(ossl_check_OSSL_CRMF_CERTID_sk_type(sk)) +#define sk_OSSL_CRMF_CERTID_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_CRMF_CERTID_sk_type(sk)) +#define sk_OSSL_CRMF_CERTID_delete(sk, i) ((OSSL_CRMF_CERTID *)OPENSSL_sk_delete(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), (i))) +#define sk_OSSL_CRMF_CERTID_delete_ptr(sk, ptr) ((OSSL_CRMF_CERTID *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), ossl_check_OSSL_CRMF_CERTID_type(ptr))) +#define sk_OSSL_CRMF_CERTID_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), ossl_check_OSSL_CRMF_CERTID_type(ptr)) +#define sk_OSSL_CRMF_CERTID_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), ossl_check_OSSL_CRMF_CERTID_type(ptr)) +#define sk_OSSL_CRMF_CERTID_pop(sk) ((OSSL_CRMF_CERTID *)OPENSSL_sk_pop(ossl_check_OSSL_CRMF_CERTID_sk_type(sk))) +#define sk_OSSL_CRMF_CERTID_shift(sk) ((OSSL_CRMF_CERTID *)OPENSSL_sk_shift(ossl_check_OSSL_CRMF_CERTID_sk_type(sk))) +#define sk_OSSL_CRMF_CERTID_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_CRMF_CERTID_sk_type(sk),ossl_check_OSSL_CRMF_CERTID_freefunc_type(freefunc)) +#define sk_OSSL_CRMF_CERTID_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), ossl_check_OSSL_CRMF_CERTID_type(ptr), (idx)) +#define sk_OSSL_CRMF_CERTID_set(sk, idx, ptr) ((OSSL_CRMF_CERTID *)OPENSSL_sk_set(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), (idx), ossl_check_OSSL_CRMF_CERTID_type(ptr))) +#define sk_OSSL_CRMF_CERTID_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), ossl_check_OSSL_CRMF_CERTID_type(ptr)) +#define sk_OSSL_CRMF_CERTID_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), ossl_check_OSSL_CRMF_CERTID_type(ptr)) +#define sk_OSSL_CRMF_CERTID_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), ossl_check_OSSL_CRMF_CERTID_type(ptr), pnum) +#define sk_OSSL_CRMF_CERTID_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_CRMF_CERTID_sk_type(sk)) +#define sk_OSSL_CRMF_CERTID_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_CRMF_CERTID_sk_type(sk)) +#define sk_OSSL_CRMF_CERTID_dup(sk) ((STACK_OF(OSSL_CRMF_CERTID) *)OPENSSL_sk_dup(ossl_check_const_OSSL_CRMF_CERTID_sk_type(sk))) +#define sk_OSSL_CRMF_CERTID_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CRMF_CERTID) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CRMF_CERTID_sk_type(sk), ossl_check_OSSL_CRMF_CERTID_copyfunc_type(copyfunc), ossl_check_OSSL_CRMF_CERTID_freefunc_type(freefunc))) +#define sk_OSSL_CRMF_CERTID_set_cmp_func(sk, cmp) ((sk_OSSL_CRMF_CERTID_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), ossl_check_OSSL_CRMF_CERTID_compfunc_type(cmp))) + + +typedef struct ossl_crmf_pkipublicationinfo_st OSSL_CRMF_PKIPUBLICATIONINFO; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO) +typedef struct ossl_crmf_singlepubinfo_st OSSL_CRMF_SINGLEPUBINFO; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO) +typedef struct ossl_crmf_certtemplate_st OSSL_CRMF_CERTTEMPLATE; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE) +DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTTEMPLATE) +typedef STACK_OF(OSSL_CRMF_MSG) OSSL_CRMF_MSGS; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSGS) + +typedef struct ossl_crmf_optionalvalidity_st OSSL_CRMF_OPTIONALVALIDITY; + +/* crmf_pbm.c */ +OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen, + int owfnid, size_t itercnt, + int macnid); +int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, + const OSSL_CRMF_PBMPARAMETER *pbmp, + const unsigned char *msg, size_t msglen, + const unsigned char *sec, size_t seclen, + unsigned char **mac, size_t *maclen); + +/* crmf_lib.c */ +int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg, + const ASN1_UTF8STRING *tok); +ASN1_UTF8STRING +*OSSL_CRMF_MSG_get0_regCtrl_regToken(const OSSL_CRMF_MSG *msg); +int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg, + const ASN1_UTF8STRING *auth); +ASN1_UTF8STRING +*OSSL_CRMF_MSG_get0_regCtrl_authenticator(const OSSL_CRMF_MSG *msg); +int +OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi, + OSSL_CRMF_SINGLEPUBINFO *spi); +# define OSSL_CRMF_PUB_METHOD_DONTCARE 0 +# define OSSL_CRMF_PUB_METHOD_X500 1 +# define OSSL_CRMF_PUB_METHOD_WEB 2 +# define OSSL_CRMF_PUB_METHOD_LDAP 3 +int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi, + int method, GENERAL_NAME *nm); +# define OSSL_CRMF_PUB_ACTION_DONTPUBLISH 0 +# define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1 +int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi, + int action); +int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg, + const OSSL_CRMF_PKIPUBLICATIONINFO *pi); +OSSL_CRMF_PKIPUBLICATIONINFO +*OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo(const OSSL_CRMF_MSG *msg); +int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg, + const X509_PUBKEY *pubkey); +X509_PUBKEY +*OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey(const OSSL_CRMF_MSG *msg); +int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg, + const OSSL_CRMF_CERTID *cid); +OSSL_CRMF_CERTID +*OSSL_CRMF_MSG_get0_regCtrl_oldCertID(const OSSL_CRMF_MSG *msg); +OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer, + const ASN1_INTEGER *serial); + +int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg, + const ASN1_UTF8STRING *utf8pairs); +ASN1_UTF8STRING +*OSSL_CRMF_MSG_get0_regInfo_utf8Pairs(const OSSL_CRMF_MSG *msg); +int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg, + const OSSL_CRMF_CERTREQUEST *cr); +OSSL_CRMF_CERTREQUEST +*OSSL_CRMF_MSG_get0_regInfo_certReq(const OSSL_CRMF_MSG *msg); + +int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm, + ASN1_TIME *notBefore, ASN1_TIME *notAfter); +int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid); +int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm); +int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts); + +int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext); +# define OSSL_CRMF_POPO_NONE -1 +# define OSSL_CRMF_POPO_RAVERIFIED 0 +# define OSSL_CRMF_POPO_SIGNATURE 1 +# define OSSL_CRMF_POPO_KEYENC 2 +# define OSSL_CRMF_POPO_KEYAGREE 3 +int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm, + EVP_PKEY *pkey, const EVP_MD *digest, + OSSL_LIB_CTX *libctx, const char *propq); +int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, + int rid, int acceptRAVerified, + OSSL_LIB_CTX *libctx, const char *propq); +OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm); +X509_PUBKEY +*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl); +const X509_NAME +*OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl); +const X509_NAME +*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl); +const ASN1_INTEGER +*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); +X509_EXTENSIONS +*OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl); +const X509_NAME +*OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); +const ASN1_INTEGER +*OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid); +int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl, + EVP_PKEY *pubkey, + const X509_NAME *subject, + const X509_NAME *issuer, + const ASN1_INTEGER *serial); +X509 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert, + OSSL_LIB_CTX *libctx, const char *propq, + EVP_PKEY *pkey); +X509 *OSSL_CRMF_ENCRYPTEDKEY_get1_encCert(const OSSL_CRMF_ENCRYPTEDKEY *ecert, + OSSL_LIB_CTX *libctx, const char *propq, + EVP_PKEY *pkey, unsigned int flags); +unsigned char +*OSSL_CRMF_ENCRYPTEDVALUE_decrypt(const OSSL_CRMF_ENCRYPTEDVALUE *enc, + OSSL_LIB_CTX *libctx, const char *propq, + EVP_PKEY *pkey, int *outlen); +EVP_PKEY *OSSL_CRMF_ENCRYPTEDKEY_get1_pkey(const OSSL_CRMF_ENCRYPTEDKEY *encryptedKey, + X509_STORE *ts, STACK_OF(X509) *extra, EVP_PKEY *pkey, + X509 *cert, ASN1_OCTET_STRING *secret, + OSSL_LIB_CTX *libctx, const char *propq); +int OSSL_CRMF_MSG_centralkeygen_requested(const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr); +# ifndef OPENSSL_NO_CMS +OSSL_CRMF_ENCRYPTEDKEY *OSSL_CRMF_ENCRYPTEDKEY_init_envdata(CMS_EnvelopedData *envdata); +# endif + +# ifdef __cplusplus +} +# endif +# endif /* !defined(OPENSSL_NO_CRMF) */ +#endif /* !defined(OPENSSL_CRMF_H) */ diff --git a/contrib/openssl-cmake/common/include/openssl/crypto.h b/contrib/openssl-cmake/common/include/openssl/crypto.h new file mode 100644 index 000000000000..fd2cfd3e5a9a --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/crypto.h @@ -0,0 +1,583 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/crypto.h.in + * + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + + +#ifndef OPENSSL_CRYPTO_H +# define OPENSSL_CRYPTO_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CRYPTO_H +# endif + +# include +# include + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif + +# include +# include +# include +# include +# include +# include + +# ifdef CHARSET_EBCDIC +# include +# endif + +/* + * Resolve problems on some operating systems with symbol names that clash + * one way or another + */ +# include + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define SSLeay OpenSSL_version_num +# define SSLeay_version OpenSSL_version +# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER +# define SSLEAY_VERSION OPENSSL_VERSION +# define SSLEAY_CFLAGS OPENSSL_CFLAGS +# define SSLEAY_BUILT_ON OPENSSL_BUILT_ON +# define SSLEAY_PLATFORM OPENSSL_PLATFORM +# define SSLEAY_DIR OPENSSL_DIR + +/* + * Old type for allocating dynamic locks. No longer used. Use the new thread + * API instead. + */ +typedef struct { + int dummy; +} CRYPTO_dynlock; + +# endif /* OPENSSL_NO_DEPRECATED_1_1_0 */ + +typedef void CRYPTO_RWLOCK; + +CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); +__owur int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock); +__owur int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock); +int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock); +void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock); + +int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); +int CRYPTO_atomic_add64(uint64_t *val, uint64_t op, uint64_t *ret, + CRYPTO_RWLOCK *lock); +int CRYPTO_atomic_and(uint64_t *val, uint64_t op, uint64_t *ret, + CRYPTO_RWLOCK *lock); +int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret, + CRYPTO_RWLOCK *lock); +int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock); +int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock); +int CRYPTO_atomic_store(uint64_t *dst, uint64_t val, CRYPTO_RWLOCK *lock); + +/* No longer needed, so this is a no-op */ +#define OPENSSL_malloc_init() while(0) continue + +# define OPENSSL_malloc(num) \ + CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_zalloc(num) \ + CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_aligned_alloc(num, alignment, freeptr) \ + CRYPTO_aligned_alloc(num, alignment, freeptr, \ + OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_realloc(addr, num) \ + CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_clear_realloc(addr, old_num, num) \ + CRYPTO_clear_realloc(addr, old_num, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_clear_free(addr, num) \ + CRYPTO_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_free(addr) \ + CRYPTO_free(addr, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_memdup(str, s) \ + CRYPTO_memdup((str), s, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_strdup(str) \ + CRYPTO_strdup(str, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_strndup(str, n) \ + CRYPTO_strndup(str, n, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_malloc(num) \ + CRYPTO_secure_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_zalloc(num) \ + CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_free(addr) \ + CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_clear_free(addr, num) \ + CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_actual_size(ptr) \ + CRYPTO_secure_actual_size(ptr) + +size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz); +size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz); +size_t OPENSSL_strnlen(const char *str, size_t maxlen); +int OPENSSL_strtoul(const char *str, char **endptr, int base, unsigned long *num); +int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlength, + const unsigned char *buf, size_t buflen, + const char sep); +char *OPENSSL_buf2hexstr(const unsigned char *buf, long buflen); +int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, size_t *buflen, + const char *str, const char sep); +unsigned char *OPENSSL_hexstr2buf(const char *str, long *buflen); +int OPENSSL_hexchar2int(unsigned char c); +int OPENSSL_strcasecmp(const char *s1, const char *s2); +int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n); + +# define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type)) + +/* + * These functions return the values of OPENSSL_VERSION_MAJOR, + * OPENSSL_VERSION_MINOR, OPENSSL_VERSION_PATCH, OPENSSL_VERSION_PRE_RELEASE + * and OPENSSL_VERSION_BUILD_METADATA, respectively. + */ +unsigned int OPENSSL_version_major(void); +unsigned int OPENSSL_version_minor(void); +unsigned int OPENSSL_version_patch(void); +const char *OPENSSL_version_pre_release(void); +const char *OPENSSL_version_build_metadata(void); + +unsigned long OpenSSL_version_num(void); +const char *OpenSSL_version(int type); +# define OPENSSL_VERSION 0 +# define OPENSSL_CFLAGS 1 +# define OPENSSL_BUILT_ON 2 +# define OPENSSL_PLATFORM 3 +# define OPENSSL_DIR 4 +# define OPENSSL_ENGINES_DIR 5 +# define OPENSSL_VERSION_STRING 6 +# define OPENSSL_FULL_VERSION_STRING 7 +# define OPENSSL_MODULES_DIR 8 +# define OPENSSL_CPU_INFO 9 +# define OPENSSL_WINCTX 10 + +const char *OPENSSL_info(int type); +/* + * The series starts at 1001 to avoid confusion with the OpenSSL_version + * types. + */ +# define OPENSSL_INFO_CONFIG_DIR 1001 +# define OPENSSL_INFO_ENGINES_DIR 1002 +# define OPENSSL_INFO_MODULES_DIR 1003 +# define OPENSSL_INFO_DSO_EXTENSION 1004 +# define OPENSSL_INFO_DIR_FILENAME_SEPARATOR 1005 +# define OPENSSL_INFO_LIST_SEPARATOR 1006 +# define OPENSSL_INFO_SEED_SOURCE 1007 +# define OPENSSL_INFO_CPU_SETTINGS 1008 +# define OPENSSL_INFO_WINDOWS_CONTEXT 1009 + +int OPENSSL_issetugid(void); + +struct crypto_ex_data_st { + OSSL_LIB_CTX *ctx; + STACK_OF(void) *sk; +}; + +SKM_DEFINE_STACK_OF_INTERNAL(void, void, void) +#define sk_void_num(sk) OPENSSL_sk_num(ossl_check_const_void_sk_type(sk)) +#define sk_void_value(sk, idx) ((void *)OPENSSL_sk_value(ossl_check_const_void_sk_type(sk), (idx))) +#define sk_void_new(cmp) ((STACK_OF(void) *)OPENSSL_sk_new(ossl_check_void_compfunc_type(cmp))) +#define sk_void_new_null() ((STACK_OF(void) *)OPENSSL_sk_new_null()) +#define sk_void_new_reserve(cmp, n) ((STACK_OF(void) *)OPENSSL_sk_new_reserve(ossl_check_void_compfunc_type(cmp), (n))) +#define sk_void_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_void_sk_type(sk), (n)) +#define sk_void_free(sk) OPENSSL_sk_free(ossl_check_void_sk_type(sk)) +#define sk_void_zero(sk) OPENSSL_sk_zero(ossl_check_void_sk_type(sk)) +#define sk_void_delete(sk, i) ((void *)OPENSSL_sk_delete(ossl_check_void_sk_type(sk), (i))) +#define sk_void_delete_ptr(sk, ptr) ((void *)OPENSSL_sk_delete_ptr(ossl_check_void_sk_type(sk), ossl_check_void_type(ptr))) +#define sk_void_push(sk, ptr) OPENSSL_sk_push(ossl_check_void_sk_type(sk), ossl_check_void_type(ptr)) +#define sk_void_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_void_sk_type(sk), ossl_check_void_type(ptr)) +#define sk_void_pop(sk) ((void *)OPENSSL_sk_pop(ossl_check_void_sk_type(sk))) +#define sk_void_shift(sk) ((void *)OPENSSL_sk_shift(ossl_check_void_sk_type(sk))) +#define sk_void_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_void_sk_type(sk),ossl_check_void_freefunc_type(freefunc)) +#define sk_void_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_void_sk_type(sk), ossl_check_void_type(ptr), (idx)) +#define sk_void_set(sk, idx, ptr) ((void *)OPENSSL_sk_set(ossl_check_void_sk_type(sk), (idx), ossl_check_void_type(ptr))) +#define sk_void_find(sk, ptr) OPENSSL_sk_find(ossl_check_void_sk_type(sk), ossl_check_void_type(ptr)) +#define sk_void_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_void_sk_type(sk), ossl_check_void_type(ptr)) +#define sk_void_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_void_sk_type(sk), ossl_check_void_type(ptr), pnum) +#define sk_void_sort(sk) OPENSSL_sk_sort(ossl_check_void_sk_type(sk)) +#define sk_void_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_void_sk_type(sk)) +#define sk_void_dup(sk) ((STACK_OF(void) *)OPENSSL_sk_dup(ossl_check_const_void_sk_type(sk))) +#define sk_void_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(void) *)OPENSSL_sk_deep_copy(ossl_check_const_void_sk_type(sk), ossl_check_void_copyfunc_type(copyfunc), ossl_check_void_freefunc_type(freefunc))) +#define sk_void_set_cmp_func(sk, cmp) ((sk_void_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_void_sk_type(sk), ossl_check_void_compfunc_type(cmp))) + + + +/* + * Per class, we have a STACK of function pointers. + */ +# define CRYPTO_EX_INDEX_SSL 0 +# define CRYPTO_EX_INDEX_SSL_CTX 1 +# define CRYPTO_EX_INDEX_SSL_SESSION 2 +# define CRYPTO_EX_INDEX_X509 3 +# define CRYPTO_EX_INDEX_X509_STORE 4 +# define CRYPTO_EX_INDEX_X509_STORE_CTX 5 +# define CRYPTO_EX_INDEX_DH 6 +# define CRYPTO_EX_INDEX_DSA 7 +# define CRYPTO_EX_INDEX_EC_KEY 8 +# define CRYPTO_EX_INDEX_RSA 9 +# define CRYPTO_EX_INDEX_ENGINE 10 +# define CRYPTO_EX_INDEX_UI 11 +# define CRYPTO_EX_INDEX_BIO 12 +# define CRYPTO_EX_INDEX_APP 13 +# define CRYPTO_EX_INDEX_UI_METHOD 14 +# define CRYPTO_EX_INDEX_RAND_DRBG 15 +# define CRYPTO_EX_INDEX_DRBG CRYPTO_EX_INDEX_RAND_DRBG +# define CRYPTO_EX_INDEX_OSSL_LIB_CTX 16 +# define CRYPTO_EX_INDEX_EVP_PKEY 17 +# define CRYPTO_EX_INDEX__COUNT 18 + +typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, + void **from_d, int idx, long argl, void *argp); +__owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); +/* No longer use an index. */ +int CRYPTO_free_ex_index(int class_index, int idx); + +/* + * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a + * given class (invokes whatever per-class callbacks are applicable) + */ +int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); +int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, + const CRYPTO_EX_DATA *from); + +void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); + +/* Allocate a single item in the CRYPTO_EX_DATA variable */ +int CRYPTO_alloc_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad, + int idx); + +/* + * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular + * index (relative to the class type involved) + */ +int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); +void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +/* + * This function cleans up all "ex_data" state. It mustn't be called under + * potential race-conditions. + */ +# define CRYPTO_cleanup_all_ex_data() while(0) continue + +/* + * The old locking functions have been removed completely without compatibility + * macros. This is because the old functions either could not properly report + * errors, or the returned error values were not clearly documented. + * Replacing the locking functions with no-ops would cause race condition + * issues in the affected applications. It is far better for them to fail at + * compile time. + * On the other hand, the locking callbacks are no longer used. Consequently, + * the callback management functions can be safely replaced with no-op macros. + */ +# define CRYPTO_num_locks() (1) +# define CRYPTO_set_locking_callback(func) +# define CRYPTO_get_locking_callback() (NULL) +# define CRYPTO_set_add_lock_callback(func) +# define CRYPTO_get_add_lock_callback() (NULL) + +/* + * These defines where used in combination with the old locking callbacks, + * they are not called anymore, but old code that's not called might still + * use them. + */ +# define CRYPTO_LOCK 1 +# define CRYPTO_UNLOCK 2 +# define CRYPTO_READ 4 +# define CRYPTO_WRITE 8 + +/* This structure is no longer used */ +typedef struct crypto_threadid_st { + int dummy; +} CRYPTO_THREADID; +/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ +# define CRYPTO_THREADID_set_numeric(id, val) +# define CRYPTO_THREADID_set_pointer(id, ptr) +# define CRYPTO_THREADID_set_callback(threadid_func) (0) +# define CRYPTO_THREADID_get_callback() (NULL) +# define CRYPTO_THREADID_current(id) +# define CRYPTO_THREADID_cmp(a, b) (-1) +# define CRYPTO_THREADID_cpy(dest, src) +# define CRYPTO_THREADID_hash(id) (0UL) + +# ifndef OPENSSL_NO_DEPRECATED_1_0_0 +# define CRYPTO_set_id_callback(func) +# define CRYPTO_get_id_callback() (NULL) +# define CRYPTO_thread_id() (0UL) +# endif /* OPENSSL_NO_DEPRECATED_1_0_0 */ + +# define CRYPTO_set_dynlock_create_callback(dyn_create_function) +# define CRYPTO_set_dynlock_lock_callback(dyn_lock_function) +# define CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function) +# define CRYPTO_get_dynlock_create_callback() (NULL) +# define CRYPTO_get_dynlock_lock_callback() (NULL) +# define CRYPTO_get_dynlock_destroy_callback() (NULL) +# endif /* OPENSSL_NO_DEPRECATED_1_1_0 */ + +typedef void *(*CRYPTO_malloc_fn)(size_t num, const char *file, int line); +typedef void *(*CRYPTO_realloc_fn)(void *addr, size_t num, const char *file, + int line); +typedef void (*CRYPTO_free_fn)(void *addr, const char *file, int line); +int CRYPTO_set_mem_functions(CRYPTO_malloc_fn malloc_fn, + CRYPTO_realloc_fn realloc_fn, + CRYPTO_free_fn free_fn); +void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn, + CRYPTO_realloc_fn *realloc_fn, + CRYPTO_free_fn *free_fn); + +OSSL_CRYPTO_ALLOC void *CRYPTO_malloc(size_t num, const char *file, int line); +OSSL_CRYPTO_ALLOC void *CRYPTO_zalloc(size_t num, const char *file, int line); +OSSL_CRYPTO_ALLOC void *CRYPTO_aligned_alloc(size_t num, size_t align, + void **freeptr, const char *file, + int line); +OSSL_CRYPTO_ALLOC void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); +OSSL_CRYPTO_ALLOC char *CRYPTO_strdup(const char *str, const char *file, int line); +OSSL_CRYPTO_ALLOC char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); +void CRYPTO_free(void *ptr, const char *file, int line); +void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line); +void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line); +void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, + const char *file, int line); + +int CRYPTO_secure_malloc_init(size_t sz, size_t minsize); +int CRYPTO_secure_malloc_done(void); +OSSL_CRYPTO_ALLOC void *CRYPTO_secure_malloc(size_t num, const char *file, int line); +OSSL_CRYPTO_ALLOC void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); +void CRYPTO_secure_free(void *ptr, const char *file, int line); +void CRYPTO_secure_clear_free(void *ptr, size_t num, + const char *file, int line); +int CRYPTO_secure_allocated(const void *ptr); +int CRYPTO_secure_malloc_initialized(void); +size_t CRYPTO_secure_actual_size(void *ptr); +size_t CRYPTO_secure_used(void); + +void OPENSSL_cleanse(void *ptr, size_t len); + +# ifndef OPENSSL_NO_CRYPTO_MDEBUG +/* + * The following can be used to detect memory leaks in the library. If + * used, it turns on malloc checking + */ +# define CRYPTO_MEM_CHECK_OFF 0x0 /* Control only */ +# define CRYPTO_MEM_CHECK_ON 0x1 /* Control and mode bit */ +# define CRYPTO_MEM_CHECK_ENABLE 0x2 /* Control and mode bit */ +# define CRYPTO_MEM_CHECK_DISABLE 0x3 /* Control only */ + +/* max allowed length for value of OPENSSL_MALLOC_FAILURES env var. */ +# define CRYPTO_MEM_CHECK_MAX_FS 256 + +void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define OPENSSL_mem_debug_push(info) \ + CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_mem_debug_pop() \ + CRYPTO_mem_debug_pop() +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int CRYPTO_set_mem_debug(int flag); +OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_ctrl(int mode); +OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_debug_push(const char *info, + const char *file, int line); +OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_debug_pop(void); +OSSL_DEPRECATEDIN_3_0 void CRYPTO_mem_debug_malloc(void *addr, size_t num, + int flag, + const char *file, int line); +OSSL_DEPRECATEDIN_3_0 void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, + size_t num, int flag, + const char *file, int line); +OSSL_DEPRECATEDIN_3_0 void CRYPTO_mem_debug_free(void *addr, int flag, + const char *file, int line); +OSSL_DEPRECATEDIN_3_0 +int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), + void *u); +# endif +# ifndef OPENSSL_NO_STDIO +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_leaks_fp(FILE *); +# endif +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_leaks(BIO *bio); +# endif +# endif /* OPENSSL_NO_CRYPTO_MDEBUG */ + +/* die if we have to */ +ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line); +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l)) +# endif +# define OPENSSL_assert(e) \ + (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1)) + +int OPENSSL_isservice(void); + +void OPENSSL_init(void); +# ifdef OPENSSL_SYS_UNIX +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 void OPENSSL_fork_prepare(void); +OSSL_DEPRECATEDIN_3_0 void OPENSSL_fork_parent(void); +OSSL_DEPRECATEDIN_3_0 void OPENSSL_fork_child(void); +# endif +# endif + +struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); +int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); +int OPENSSL_gmtime_diff(int *pday, int *psec, + const struct tm *from, const struct tm *to); + +/* + * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. + * It takes an amount of time dependent on |len|, but independent of the + * contents of |a| and |b|. Unlike memcmp, it cannot be used to put elements + * into a defined order as the return value when a != b is undefined, other + * than to be non-zero. + */ +int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len); + +/* Standard initialisation options */ +# define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L +# define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0x00000002L +# define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L +# define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L +# define OPENSSL_INIT_NO_ADD_ALL_CIPHERS 0x00000010L +# define OPENSSL_INIT_NO_ADD_ALL_DIGESTS 0x00000020L +# define OPENSSL_INIT_LOAD_CONFIG 0x00000040L +# define OPENSSL_INIT_NO_LOAD_CONFIG 0x00000080L +# define OPENSSL_INIT_ASYNC 0x00000100L +# define OPENSSL_INIT_ENGINE_RDRAND 0x00000200L +# define OPENSSL_INIT_ENGINE_DYNAMIC 0x00000400L +# define OPENSSL_INIT_ENGINE_OPENSSL 0x00000800L +# define OPENSSL_INIT_ENGINE_CRYPTODEV 0x00001000L +# define OPENSSL_INIT_ENGINE_CAPI 0x00002000L +# define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L +# define OPENSSL_INIT_ENGINE_AFALG 0x00008000L +/* FREE: 0x00010000L */ +# define OPENSSL_INIT_ATFORK 0x00020000L +/* OPENSSL_INIT_BASE_ONLY 0x00040000L */ +# define OPENSSL_INIT_NO_ATEXIT 0x00080000L +/* OPENSSL_INIT flag range 0x03f00000 reserved for OPENSSL_init_ssl() */ +/* FREE: 0x04000000L */ +/* FREE: 0x08000000L */ +/* FREE: 0x10000000L */ +/* FREE: 0x20000000L */ +/* FREE: 0x40000000L */ +/* FREE: 0x80000000L */ +/* Max OPENSSL_INIT flag value is 0x80000000 */ + +/* openssl and dasync not counted as builtin */ +# define OPENSSL_INIT_ENGINE_ALL_BUILTIN \ + (OPENSSL_INIT_ENGINE_RDRAND | OPENSSL_INIT_ENGINE_DYNAMIC \ + | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \ + OPENSSL_INIT_ENGINE_PADLOCK) + +/* Library initialisation functions */ +void OPENSSL_cleanup(void); +int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +int OPENSSL_atexit(void (*handler)(void)); +void OPENSSL_thread_stop(void); +void OPENSSL_thread_stop_ex(OSSL_LIB_CTX *ctx); + +/* Low-level control of initialization */ +OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); +# ifndef OPENSSL_NO_STDIO +int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings, + const char *config_filename); +void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings, + unsigned long flags); +int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, + const char *config_appname); +# endif +void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings); + +# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) +# if defined(_WIN32) +# if defined(BASETYPES) || defined(_WINDEF_H) +/* application has to include in order to use this */ +typedef DWORD CRYPTO_THREAD_LOCAL; +typedef DWORD CRYPTO_THREAD_ID; + +typedef LONG CRYPTO_ONCE; +# define CRYPTO_ONCE_STATIC_INIT 0 +# endif +# else +# if defined(__TANDEM) && defined(_SPT_MODEL_) +# define SPT_THREAD_SIGNAL 1 +# define SPT_THREAD_AWARE 1 +# include +# else +# include +# endif +typedef pthread_once_t CRYPTO_ONCE; +typedef pthread_key_t CRYPTO_THREAD_LOCAL; +typedef pthread_t CRYPTO_THREAD_ID; + +# define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT +# endif +# endif + +# if !defined(CRYPTO_ONCE_STATIC_INIT) +typedef unsigned int CRYPTO_ONCE; +typedef unsigned int CRYPTO_THREAD_LOCAL; +typedef unsigned int CRYPTO_THREAD_ID; +# define CRYPTO_ONCE_STATIC_INIT 0 +# endif + +int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)); + +int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)); +void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key); +int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val); +int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key); + +CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void); +int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b); + +OSSL_LIB_CTX *OSSL_LIB_CTX_new(void); +OSSL_LIB_CTX *OSSL_LIB_CTX_new_from_dispatch(const OSSL_CORE_HANDLE *handle, + const OSSL_DISPATCH *in); +OSSL_LIB_CTX *OSSL_LIB_CTX_new_child(const OSSL_CORE_HANDLE *handle, + const OSSL_DISPATCH *in); +int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file); +void OSSL_LIB_CTX_free(OSSL_LIB_CTX *); +OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void); +OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx); +int OSSL_LIB_CTX_get_conf_diagnostics(OSSL_LIB_CTX *ctx); +void OSSL_LIB_CTX_set_conf_diagnostics(OSSL_LIB_CTX *ctx, int value); + +void OSSL_sleep(uint64_t millis); + + +void *OSSL_LIB_CTX_get_data(OSSL_LIB_CTX *ctx, int index); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/ct.h b/contrib/openssl-cmake/common/include/openssl/ct.h new file mode 100644 index 000000000000..e6dd1192a4e0 --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/ct.h @@ -0,0 +1,573 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/ct.h.in + * + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + + +#ifndef OPENSSL_CT_H +# define OPENSSL_CT_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CT_H +# endif + +# include + +# ifndef OPENSSL_NO_CT +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + + +/* Minimum RSA key size, from RFC6962 */ +# define SCT_MIN_RSA_BITS 2048 + +/* All hashes are SHA256 in v1 of Certificate Transparency */ +# define CT_V1_HASHLEN SHA256_DIGEST_LENGTH + +SKM_DEFINE_STACK_OF_INTERNAL(SCT, SCT, SCT) +#define sk_SCT_num(sk) OPENSSL_sk_num(ossl_check_const_SCT_sk_type(sk)) +#define sk_SCT_value(sk, idx) ((SCT *)OPENSSL_sk_value(ossl_check_const_SCT_sk_type(sk), (idx))) +#define sk_SCT_new(cmp) ((STACK_OF(SCT) *)OPENSSL_sk_new(ossl_check_SCT_compfunc_type(cmp))) +#define sk_SCT_new_null() ((STACK_OF(SCT) *)OPENSSL_sk_new_null()) +#define sk_SCT_new_reserve(cmp, n) ((STACK_OF(SCT) *)OPENSSL_sk_new_reserve(ossl_check_SCT_compfunc_type(cmp), (n))) +#define sk_SCT_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_SCT_sk_type(sk), (n)) +#define sk_SCT_free(sk) OPENSSL_sk_free(ossl_check_SCT_sk_type(sk)) +#define sk_SCT_zero(sk) OPENSSL_sk_zero(ossl_check_SCT_sk_type(sk)) +#define sk_SCT_delete(sk, i) ((SCT *)OPENSSL_sk_delete(ossl_check_SCT_sk_type(sk), (i))) +#define sk_SCT_delete_ptr(sk, ptr) ((SCT *)OPENSSL_sk_delete_ptr(ossl_check_SCT_sk_type(sk), ossl_check_SCT_type(ptr))) +#define sk_SCT_push(sk, ptr) OPENSSL_sk_push(ossl_check_SCT_sk_type(sk), ossl_check_SCT_type(ptr)) +#define sk_SCT_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_SCT_sk_type(sk), ossl_check_SCT_type(ptr)) +#define sk_SCT_pop(sk) ((SCT *)OPENSSL_sk_pop(ossl_check_SCT_sk_type(sk))) +#define sk_SCT_shift(sk) ((SCT *)OPENSSL_sk_shift(ossl_check_SCT_sk_type(sk))) +#define sk_SCT_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_SCT_sk_type(sk),ossl_check_SCT_freefunc_type(freefunc)) +#define sk_SCT_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_SCT_sk_type(sk), ossl_check_SCT_type(ptr), (idx)) +#define sk_SCT_set(sk, idx, ptr) ((SCT *)OPENSSL_sk_set(ossl_check_SCT_sk_type(sk), (idx), ossl_check_SCT_type(ptr))) +#define sk_SCT_find(sk, ptr) OPENSSL_sk_find(ossl_check_SCT_sk_type(sk), ossl_check_SCT_type(ptr)) +#define sk_SCT_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_SCT_sk_type(sk), ossl_check_SCT_type(ptr)) +#define sk_SCT_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_SCT_sk_type(sk), ossl_check_SCT_type(ptr), pnum) +#define sk_SCT_sort(sk) OPENSSL_sk_sort(ossl_check_SCT_sk_type(sk)) +#define sk_SCT_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_SCT_sk_type(sk)) +#define sk_SCT_dup(sk) ((STACK_OF(SCT) *)OPENSSL_sk_dup(ossl_check_const_SCT_sk_type(sk))) +#define sk_SCT_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(SCT) *)OPENSSL_sk_deep_copy(ossl_check_const_SCT_sk_type(sk), ossl_check_SCT_copyfunc_type(copyfunc), ossl_check_SCT_freefunc_type(freefunc))) +#define sk_SCT_set_cmp_func(sk, cmp) ((sk_SCT_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_SCT_sk_type(sk), ossl_check_SCT_compfunc_type(cmp))) +SKM_DEFINE_STACK_OF_INTERNAL(CTLOG, CTLOG, CTLOG) +#define sk_CTLOG_num(sk) OPENSSL_sk_num(ossl_check_const_CTLOG_sk_type(sk)) +#define sk_CTLOG_value(sk, idx) ((CTLOG *)OPENSSL_sk_value(ossl_check_const_CTLOG_sk_type(sk), (idx))) +#define sk_CTLOG_new(cmp) ((STACK_OF(CTLOG) *)OPENSSL_sk_new(ossl_check_CTLOG_compfunc_type(cmp))) +#define sk_CTLOG_new_null() ((STACK_OF(CTLOG) *)OPENSSL_sk_new_null()) +#define sk_CTLOG_new_reserve(cmp, n) ((STACK_OF(CTLOG) *)OPENSSL_sk_new_reserve(ossl_check_CTLOG_compfunc_type(cmp), (n))) +#define sk_CTLOG_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_CTLOG_sk_type(sk), (n)) +#define sk_CTLOG_free(sk) OPENSSL_sk_free(ossl_check_CTLOG_sk_type(sk)) +#define sk_CTLOG_zero(sk) OPENSSL_sk_zero(ossl_check_CTLOG_sk_type(sk)) +#define sk_CTLOG_delete(sk, i) ((CTLOG *)OPENSSL_sk_delete(ossl_check_CTLOG_sk_type(sk), (i))) +#define sk_CTLOG_delete_ptr(sk, ptr) ((CTLOG *)OPENSSL_sk_delete_ptr(ossl_check_CTLOG_sk_type(sk), ossl_check_CTLOG_type(ptr))) +#define sk_CTLOG_push(sk, ptr) OPENSSL_sk_push(ossl_check_CTLOG_sk_type(sk), ossl_check_CTLOG_type(ptr)) +#define sk_CTLOG_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_CTLOG_sk_type(sk), ossl_check_CTLOG_type(ptr)) +#define sk_CTLOG_pop(sk) ((CTLOG *)OPENSSL_sk_pop(ossl_check_CTLOG_sk_type(sk))) +#define sk_CTLOG_shift(sk) ((CTLOG *)OPENSSL_sk_shift(ossl_check_CTLOG_sk_type(sk))) +#define sk_CTLOG_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_CTLOG_sk_type(sk),ossl_check_CTLOG_freefunc_type(freefunc)) +#define sk_CTLOG_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_CTLOG_sk_type(sk), ossl_check_CTLOG_type(ptr), (idx)) +#define sk_CTLOG_set(sk, idx, ptr) ((CTLOG *)OPENSSL_sk_set(ossl_check_CTLOG_sk_type(sk), (idx), ossl_check_CTLOG_type(ptr))) +#define sk_CTLOG_find(sk, ptr) OPENSSL_sk_find(ossl_check_CTLOG_sk_type(sk), ossl_check_CTLOG_type(ptr)) +#define sk_CTLOG_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_CTLOG_sk_type(sk), ossl_check_CTLOG_type(ptr)) +#define sk_CTLOG_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_CTLOG_sk_type(sk), ossl_check_CTLOG_type(ptr), pnum) +#define sk_CTLOG_sort(sk) OPENSSL_sk_sort(ossl_check_CTLOG_sk_type(sk)) +#define sk_CTLOG_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_CTLOG_sk_type(sk)) +#define sk_CTLOG_dup(sk) ((STACK_OF(CTLOG) *)OPENSSL_sk_dup(ossl_check_const_CTLOG_sk_type(sk))) +#define sk_CTLOG_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(CTLOG) *)OPENSSL_sk_deep_copy(ossl_check_const_CTLOG_sk_type(sk), ossl_check_CTLOG_copyfunc_type(copyfunc), ossl_check_CTLOG_freefunc_type(freefunc))) +#define sk_CTLOG_set_cmp_func(sk, cmp) ((sk_CTLOG_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CTLOG_sk_type(sk), ossl_check_CTLOG_compfunc_type(cmp))) + + + +typedef enum { + CT_LOG_ENTRY_TYPE_NOT_SET = -1, + CT_LOG_ENTRY_TYPE_X509 = 0, + CT_LOG_ENTRY_TYPE_PRECERT = 1 +} ct_log_entry_type_t; + +typedef enum { + SCT_VERSION_NOT_SET = -1, + SCT_VERSION_V1 = 0 +} sct_version_t; + +typedef enum { + SCT_SOURCE_UNKNOWN, + SCT_SOURCE_TLS_EXTENSION, + SCT_SOURCE_X509V3_EXTENSION, + SCT_SOURCE_OCSP_STAPLED_RESPONSE +} sct_source_t; + +typedef enum { + SCT_VALIDATION_STATUS_NOT_SET, + SCT_VALIDATION_STATUS_UNKNOWN_LOG, + SCT_VALIDATION_STATUS_VALID, + SCT_VALIDATION_STATUS_INVALID, + SCT_VALIDATION_STATUS_UNVERIFIED, + SCT_VALIDATION_STATUS_UNKNOWN_VERSION +} sct_validation_status_t; + +/****************************************** + * CT policy evaluation context functions * + ******************************************/ + +/* + * Creates a new, empty policy evaluation context associated with the given + * library context and property query string. + * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished + * with the CT_POLICY_EVAL_CTX. + */ +CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx, + const char *propq); + +/* + * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library + * context and property query string is used. + */ +CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); + +/* Deletes a policy evaluation context and anything it owns. */ +void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); + +/* Gets the peer certificate that the SCTs are for */ +X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the certificate associated with the received SCTs. + * Increments the reference count of cert. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); + +/* Gets the issuer of the aforementioned certificate */ +X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the issuer of the certificate associated with the received SCTs. + * Increments the reference count of issuer. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); + +/* Gets the CT logs that are trusted sources of SCTs */ +const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); + +/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */ +void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, + CTLOG_STORE *log_store); + +/* + * Gets the time, in milliseconds since the Unix epoch, that will be used as the + * current time when checking whether an SCT was issued in the future. + * Such SCTs will fail validation, as required by RFC6962. + */ +uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch. + * If an SCT's timestamp is after this time, it will be interpreted as having + * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs + * whose timestamp is in the future", so an SCT will not validate in this case. + */ +void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); + +/***************** + * SCT functions * + *****************/ + +/* + * Creates a new, blank SCT. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new(void); + +/* + * Creates a new SCT from some base64-encoded strings. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new_from_base64(unsigned char version, + const char *logid_base64, + ct_log_entry_type_t entry_type, + uint64_t timestamp, + const char *extensions_base64, + const char *signature_base64); + +/* + * Frees the SCT and the underlying data structures. + */ +void SCT_free(SCT *sct); + +/* + * Free a stack of SCTs, and the underlying SCTs themselves. + * Intended to be compatible with X509V3_EXT_FREE. + */ +void SCT_LIST_free(STACK_OF(SCT) *a); + +/* + * Returns the version of the SCT. + */ +sct_version_t SCT_get_version(const SCT *sct); + +/* + * Set the version of an SCT. + * Returns 1 on success, 0 if the version is unrecognized. + */ +__owur int SCT_set_version(SCT *sct, sct_version_t version); + +/* + * Returns the log entry type of the SCT. + */ +ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); + +/* + * Set the log entry type of an SCT. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); + +/* + * Gets the ID of the log that an SCT came from. + * Ownership of the log ID remains with the SCT. + * Returns the length of the log ID. + */ +size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); + +/* + * Set the log ID of an SCT to point directly to the *log_id specified. + * The SCT takes ownership of the specified pointer. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); + +/* + * Set the log ID of an SCT. + * This makes a copy of the log_id. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, + size_t log_id_len); + +/* + * Returns the timestamp for the SCT (epoch time in milliseconds). + */ +uint64_t SCT_get_timestamp(const SCT *sct); + +/* + * Set the timestamp of an SCT (epoch time in milliseconds). + */ +void SCT_set_timestamp(SCT *sct, uint64_t timestamp); + +/* + * Return the NID for the signature used by the SCT. + * For CT v1, this will be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset). + */ +int SCT_get_signature_nid(const SCT *sct); + +/* + * Set the signature type of an SCT + * For CT v1, this should be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_signature_nid(SCT *sct, int nid); + +/* + * Set *ext to point to the extension data for the SCT. ext must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); + +/* + * Set the extensions of an SCT to point directly to the *ext specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); + +/* + * Set the extensions of an SCT. + * This takes a copy of the ext. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_extensions(SCT *sct, const unsigned char *ext, + size_t ext_len); + +/* + * Set *sig to point to the signature for the SCT. sig must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); + +/* + * Set the signature of an SCT to point directly to the *sig specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); + +/* + * Set the signature of an SCT to be a copy of the *sig specified. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_signature(SCT *sct, const unsigned char *sig, + size_t sig_len); + +/* + * The origin of this SCT, e.g. TLS extension, OCSP response, etc. + */ +sct_source_t SCT_get_source(const SCT *sct); + +/* + * Set the origin of this SCT, e.g. TLS extension, OCSP response, etc. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_source(SCT *sct, sct_source_t source); + +/* + * Returns a text string describing the validation status of |sct|. + */ +const char *SCT_validation_status_string(const SCT *sct); + +/* + * Pretty-prints an |sct| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * If |logs| is not NULL, it will be used to lookup the CT log that the SCT came + * from, so that the log name can be printed. + */ +void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); + +/* + * Pretty-prints an |sct_list| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * SCTs will be delimited by |separator|. + * If |logs| is not NULL, it will be used to lookup the CT log that each SCT + * came from, so that the log names can be printed. + */ +void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, + const char *separator, const CTLOG_STORE *logs); + +/* + * Gets the last result of validating this SCT. + * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET. + */ +sct_validation_status_t SCT_get_validation_status(const SCT *sct); + +/* + * Validates the given SCT with the provided context. + * Sets the "validation_status" field of the SCT. + * Returns 1 if the SCT is valid and the signature verifies. + * Returns 0 if the SCT is invalid or could not be verified. + * Returns -1 if an error occurs. + */ +__owur int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); + +/* + * Validates the given list of SCTs with the provided context. + * Sets the "validation_status" field of each SCT. + * Returns 1 if there are no invalid SCTs and all signatures verify. + * Returns 0 if at least one SCT is invalid or could not be verified. + * Returns a negative integer if an error occurs. + */ +__owur int SCT_LIST_validate(const STACK_OF(SCT) *scts, + CT_POLICY_EVAL_CTX *ctx); + + +/********************************* + * SCT parsing and serialization * + *********************************/ + +/* + * Serialize (to TLS format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just return the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +__owur int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Convert TLS format SCT list to a stack of SCTs. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + size_t len); + +/* + * Serialize (to DER format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just returns the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +__owur int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Parses an SCT list in DER format and returns it. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + long len); + +/* + * Serialize (to TLS format) an |sct| and write it to |out|. + * If |out| is null, no SCT will be output but the length will still be returned. + * If |out| points to a null pointer, a string will be allocated to hold the + * TLS-format SCT. It is the responsibility of the caller to free it. + * If |out| points to an allocated string, the TLS-format SCT will be written + * to it. + * The length of the SCT in TLS format will be returned. + */ +__owur int i2o_SCT(const SCT *sct, unsigned char **out); + +/* + * Parses an SCT in TLS format and returns it. + * If |psct| is not null, it will end up pointing to the parsed SCT. If it + * already points to a non-null pointer, the pointer will be free'd. + * |in| should be a pointer to a string containing the TLS-format SCT. + * |in| will be advanced to the end of the SCT if parsing succeeds. + * |len| should be the length of the SCT in |in|. + * Returns NULL if an error occurs. + * If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len' + * fields will be populated (with |in| and |len| respectively). + */ +SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); + +/******************** + * CT log functions * + ********************/ + +/* + * Creates a new CT log instance with the given |public_key| and |name| and + * associates it with the give library context |libctx| and property query + * string |propq|. + * Takes ownership of |public_key| but copies |name|. + * Returns NULL if malloc fails or if |public_key| cannot be converted to DER. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +CTLOG *CTLOG_new_ex(EVP_PKEY *public_key, const char *name, OSSL_LIB_CTX *libctx, + const char *propq); + +/* + * The same as CTLOG_new_ex except that the default library context and + * property query string are used. + */ +CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); + +/* + * Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER + * in |pkey_base64| and associated with the given library context |libctx| and + * property query string |propq|. The |name| is a string to help users identify + * this log. + * Returns 1 on success, 0 on failure. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +int CTLOG_new_from_base64_ex(CTLOG **ct_log, const char *pkey_base64, + const char *name, OSSL_LIB_CTX *libctx, + const char *propq); + +/* + * The same as CTLOG_new_from_base64_ex() except that the default + * library context and property query string are used. + * Returns 1 on success, 0 on failure. + */ +int CTLOG_new_from_base64(CTLOG ** ct_log, + const char *pkey_base64, const char *name); + +/* + * Deletes a CT log instance and its fields. + */ +void CTLOG_free(CTLOG *log); + +/* Gets the name of the CT log */ +const char *CTLOG_get0_name(const CTLOG *log); +/* Gets the ID of the CT log */ +void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, + size_t *log_id_len); +/* Gets the public key of the CT log */ +EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); + +/************************** + * CT log store functions * + **************************/ + +/* + * Creates a new CT log store and associates it with the given libctx and + * property query string. + * Should be deleted by the caller using CTLOG_STORE_free when no longer needed. + */ +CTLOG_STORE *CTLOG_STORE_new_ex(OSSL_LIB_CTX *libctx, const char *propq); + +/* + * Same as CTLOG_STORE_new_ex except that the default libctx and + * property query string are used. + * Should be deleted by the caller using CTLOG_STORE_free when no longer needed. + */ +CTLOG_STORE *CTLOG_STORE_new(void); + +/* + * Deletes a CT log store and all of the CT log instances held within. + */ +void CTLOG_STORE_free(CTLOG_STORE *store); + +/* + * Finds a CT log in the store based on its log ID. + * Returns the CT log, or NULL if no match is found. + */ +const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, + const uint8_t *log_id, + size_t log_id_len); + +/* + * Loads a CT log list into a |store| from a |file|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +__owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); + +/* + * Loads the default CT log list into a |store|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +__owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store); + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/err.h b/contrib/openssl-cmake/common/include/openssl/err.h new file mode 100644 index 000000000000..daca18e7b757 --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/err.h @@ -0,0 +1,512 @@ +/* + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + + +#ifndef OPENSSL_ERR_H +# define OPENSSL_ERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ERR_H +# endif + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# include +# endif + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_FILENAMES +# define ERR_PUT_error(l,f,r,fn,ln) ERR_put_error(l,f,r,fn,ln) +# else +# define ERR_PUT_error(l,f,r,fn,ln) ERR_put_error(l,f,r,NULL,0) +# endif +# endif + +# include +# include + +# define ERR_TXT_MALLOCED 0x01 +# define ERR_TXT_STRING 0x02 + +# if !defined(OPENSSL_NO_DEPRECATED_3_0) || defined(OSSL_FORCE_ERR_STATE) +# define ERR_FLAG_MARK 0x01 +# define ERR_FLAG_CLEAR 0x02 + +# define ERR_NUM_ERRORS 16 +struct err_state_st { + int err_flags[ERR_NUM_ERRORS]; + int err_marks[ERR_NUM_ERRORS]; + unsigned long err_buffer[ERR_NUM_ERRORS]; + char *err_data[ERR_NUM_ERRORS]; + size_t err_data_size[ERR_NUM_ERRORS]; + int err_data_flags[ERR_NUM_ERRORS]; + char *err_file[ERR_NUM_ERRORS]; + int err_line[ERR_NUM_ERRORS]; + char *err_func[ERR_NUM_ERRORS]; + int top, bottom; +}; +# endif + +/* library */ +# define ERR_LIB_NONE 1 +# define ERR_LIB_SYS 2 +# define ERR_LIB_BN 3 +# define ERR_LIB_RSA 4 +# define ERR_LIB_DH 5 +# define ERR_LIB_EVP 6 +# define ERR_LIB_BUF 7 +# define ERR_LIB_OBJ 8 +# define ERR_LIB_PEM 9 +# define ERR_LIB_DSA 10 +# define ERR_LIB_X509 11 +/* #define ERR_LIB_METH 12 */ +# define ERR_LIB_ASN1 13 +# define ERR_LIB_CONF 14 +# define ERR_LIB_CRYPTO 15 +# define ERR_LIB_EC 16 +# define ERR_LIB_SSL 20 +/* #define ERR_LIB_SSL23 21 */ +/* #define ERR_LIB_SSL2 22 */ +/* #define ERR_LIB_SSL3 23 */ +/* #define ERR_LIB_RSAREF 30 */ +/* #define ERR_LIB_PROXY 31 */ +# define ERR_LIB_BIO 32 +# define ERR_LIB_PKCS7 33 +# define ERR_LIB_X509V3 34 +# define ERR_LIB_PKCS12 35 +# define ERR_LIB_RAND 36 +# define ERR_LIB_DSO 37 +# define ERR_LIB_ENGINE 38 +# define ERR_LIB_OCSP 39 +# define ERR_LIB_UI 40 +# define ERR_LIB_COMP 41 +# define ERR_LIB_ECDSA 42 +# define ERR_LIB_ECDH 43 +# define ERR_LIB_OSSL_STORE 44 +# define ERR_LIB_FIPS 45 +# define ERR_LIB_CMS 46 +# define ERR_LIB_TS 47 +# define ERR_LIB_HMAC 48 +/* # define ERR_LIB_JPAKE 49 */ +# define ERR_LIB_CT 50 +# define ERR_LIB_ASYNC 51 +# define ERR_LIB_KDF 52 +# define ERR_LIB_SM2 53 +# define ERR_LIB_ESS 54 +# define ERR_LIB_PROP 55 +# define ERR_LIB_CRMF 56 +# define ERR_LIB_PROV 57 +# define ERR_LIB_CMP 58 +# define ERR_LIB_OSSL_ENCODER 59 +# define ERR_LIB_OSSL_DECODER 60 +# define ERR_LIB_HTTP 61 + +# define ERR_LIB_USER 128 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define ASN1err(f, r) ERR_raise_data(ERR_LIB_ASN1, (r), NULL) +# define ASYNCerr(f, r) ERR_raise_data(ERR_LIB_ASYNC, (r), NULL) +# define BIOerr(f, r) ERR_raise_data(ERR_LIB_BIO, (r), NULL) +# define BNerr(f, r) ERR_raise_data(ERR_LIB_BN, (r), NULL) +# define BUFerr(f, r) ERR_raise_data(ERR_LIB_BUF, (r), NULL) +# define CMPerr(f, r) ERR_raise_data(ERR_LIB_CMP, (r), NULL) +# define CMSerr(f, r) ERR_raise_data(ERR_LIB_CMS, (r), NULL) +# define COMPerr(f, r) ERR_raise_data(ERR_LIB_COMP, (r), NULL) +# define CONFerr(f, r) ERR_raise_data(ERR_LIB_CONF, (r), NULL) +# define CRMFerr(f, r) ERR_raise_data(ERR_LIB_CRMF, (r), NULL) +# define CRYPTOerr(f, r) ERR_raise_data(ERR_LIB_CRYPTO, (r), NULL) +# define CTerr(f, r) ERR_raise_data(ERR_LIB_CT, (r), NULL) +# define DHerr(f, r) ERR_raise_data(ERR_LIB_DH, (r), NULL) +# define DSAerr(f, r) ERR_raise_data(ERR_LIB_DSA, (r), NULL) +# define DSOerr(f, r) ERR_raise_data(ERR_LIB_DSO, (r), NULL) +# define ECDHerr(f, r) ERR_raise_data(ERR_LIB_ECDH, (r), NULL) +# define ECDSAerr(f, r) ERR_raise_data(ERR_LIB_ECDSA, (r), NULL) +# define ECerr(f, r) ERR_raise_data(ERR_LIB_EC, (r), NULL) +# define ENGINEerr(f, r) ERR_raise_data(ERR_LIB_ENGINE, (r), NULL) +# define ESSerr(f, r) ERR_raise_data(ERR_LIB_ESS, (r), NULL) +# define EVPerr(f, r) ERR_raise_data(ERR_LIB_EVP, (r), NULL) +# define FIPSerr(f, r) ERR_raise_data(ERR_LIB_FIPS, (r), NULL) +# define HMACerr(f, r) ERR_raise_data(ERR_LIB_HMAC, (r), NULL) +# define HTTPerr(f, r) ERR_raise_data(ERR_LIB_HTTP, (r), NULL) +# define KDFerr(f, r) ERR_raise_data(ERR_LIB_KDF, (r), NULL) +# define OBJerr(f, r) ERR_raise_data(ERR_LIB_OBJ, (r), NULL) +# define OCSPerr(f, r) ERR_raise_data(ERR_LIB_OCSP, (r), NULL) +# define OSSL_STOREerr(f, r) ERR_raise_data(ERR_LIB_OSSL_STORE, (r), NULL) +# define PEMerr(f, r) ERR_raise_data(ERR_LIB_PEM, (r), NULL) +# define PKCS12err(f, r) ERR_raise_data(ERR_LIB_PKCS12, (r), NULL) +# define PKCS7err(f, r) ERR_raise_data(ERR_LIB_PKCS7, (r), NULL) +# define PROPerr(f, r) ERR_raise_data(ERR_LIB_PROP, (r), NULL) +# define PROVerr(f, r) ERR_raise_data(ERR_LIB_PROV, (r), NULL) +# define RANDerr(f, r) ERR_raise_data(ERR_LIB_RAND, (r), NULL) +# define RSAerr(f, r) ERR_raise_data(ERR_LIB_RSA, (r), NULL) +# define KDFerr(f, r) ERR_raise_data(ERR_LIB_KDF, (r), NULL) +# define SM2err(f, r) ERR_raise_data(ERR_LIB_SM2, (r), NULL) +# define SSLerr(f, r) ERR_raise_data(ERR_LIB_SSL, (r), NULL) +# define SYSerr(f, r) ERR_raise_data(ERR_LIB_SYS, (r), NULL) +# define TSerr(f, r) ERR_raise_data(ERR_LIB_TS, (r), NULL) +# define UIerr(f, r) ERR_raise_data(ERR_LIB_UI, (r), NULL) +# define X509V3err(f, r) ERR_raise_data(ERR_LIB_X509V3, (r), NULL) +# define X509err(f, r) ERR_raise_data(ERR_LIB_X509, (r), NULL) +# endif + +/*- + * The error code packs differently depending on if it records a system + * error or an OpenSSL error. + * + * A system error packs like this (we follow POSIX and only allow positive + * numbers that fit in an |int|): + * + * +-+-------------------------------------------------------------+ + * |1| system error number | + * +-+-------------------------------------------------------------+ + * + * An OpenSSL error packs like this: + * + * <---------------------------- 32 bits --------------------------> + * <--- 8 bits ---><------------------ 23 bits -----------------> + * +-+---------------+---------------------------------------------+ + * |0| library | reason | + * +-+---------------+---------------------------------------------+ + * + * A few of the reason bits are reserved as flags with special meaning: + * + * <5 bits-<>--------- 19 bits -----------------> + * +-------+-+-----------------------------------+ + * | rflags| | reason | + * +-------+-+-----------------------------------+ + * ^ + * | + * ERR_RFLAG_FATAL = ERR_R_FATAL + * + * The reason flags are part of the overall reason code for practical + * reasons, as they provide an easy way to place different types of + * reason codes in different numeric ranges. + * + * The currently known reason flags are: + * + * ERR_RFLAG_FATAL Flags that the reason code is considered fatal. + * For backward compatibility reasons, this flag + * is also the code for ERR_R_FATAL (that reason + * code served the dual purpose of flag and reason + * code in one in pre-3.0 OpenSSL). + * ERR_RFLAG_COMMON Flags that the reason code is common to all + * libraries. All ERR_R_ macros must use this flag, + * and no other _R_ macro is allowed to use it. + */ + +/* Macros to help decode recorded system errors */ +# define ERR_SYSTEM_FLAG ((unsigned int)INT_MAX + 1) +# define ERR_SYSTEM_MASK ((unsigned int)INT_MAX) + +/* + * Macros to help decode recorded OpenSSL errors + * As expressed above, RFLAGS and REASON overlap by one bit to allow + * ERR_R_FATAL to use ERR_RFLAG_FATAL as its reason code. + */ +# define ERR_LIB_OFFSET 23L +# define ERR_LIB_MASK 0xFF +# define ERR_RFLAGS_OFFSET 18L +# define ERR_RFLAGS_MASK 0x1F +# define ERR_REASON_MASK 0X7FFFFF + +/* + * Reason flags are defined pre-shifted to easily combine with the reason + * number. + */ +# define ERR_RFLAG_FATAL (0x1 << ERR_RFLAGS_OFFSET) +# define ERR_RFLAG_COMMON (0x2 << ERR_RFLAGS_OFFSET) + +# define ERR_SYSTEM_ERROR(errcode) (((errcode) & ERR_SYSTEM_FLAG) != 0) + +static ossl_unused ossl_inline int ERR_GET_LIB(unsigned long errcode) +{ + if (ERR_SYSTEM_ERROR(errcode)) + return ERR_LIB_SYS; + return (errcode >> ERR_LIB_OFFSET) & ERR_LIB_MASK; +} + +static ossl_unused ossl_inline int ERR_GET_RFLAGS(unsigned long errcode) +{ + if (ERR_SYSTEM_ERROR(errcode)) + return 0; + return errcode & (ERR_RFLAGS_MASK << ERR_RFLAGS_OFFSET); +} + +static ossl_unused ossl_inline int ERR_GET_REASON(unsigned long errcode) +{ + if (ERR_SYSTEM_ERROR(errcode)) + return errcode & ERR_SYSTEM_MASK; + return errcode & ERR_REASON_MASK; +} + +static ossl_unused ossl_inline int ERR_FATAL_ERROR(unsigned long errcode) +{ + return (ERR_GET_RFLAGS(errcode) & ERR_RFLAG_FATAL) != 0; +} + +static ossl_unused ossl_inline int ERR_COMMON_ERROR(unsigned long errcode) +{ + return (ERR_GET_RFLAGS(errcode) & ERR_RFLAG_COMMON) != 0; +} + +/* + * ERR_PACK is a helper macro to properly pack OpenSSL error codes and may + * only be used for that purpose. System errors are packed internally. + * ERR_PACK takes reason flags and reason code combined in |reason|. + * ERR_PACK ignores |func|, that parameter is just legacy from pre-3.0 OpenSSL. + */ +# define ERR_PACK(lib,func,reason) \ + ( (((unsigned long)(lib) & ERR_LIB_MASK ) << ERR_LIB_OFFSET) | \ + (((unsigned long)(reason) & ERR_REASON_MASK)) ) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SYS_F_FOPEN 0 +# define SYS_F_CONNECT 0 +# define SYS_F_GETSERVBYNAME 0 +# define SYS_F_SOCKET 0 +# define SYS_F_IOCTLSOCKET 0 +# define SYS_F_BIND 0 +# define SYS_F_LISTEN 0 +# define SYS_F_ACCEPT 0 +# define SYS_F_WSASTARTUP 0 +# define SYS_F_OPENDIR 0 +# define SYS_F_FREAD 0 +# define SYS_F_GETADDRINFO 0 +# define SYS_F_GETNAMEINFO 0 +# define SYS_F_SETSOCKOPT 0 +# define SYS_F_GETSOCKOPT 0 +# define SYS_F_GETSOCKNAME 0 +# define SYS_F_GETHOSTBYNAME 0 +# define SYS_F_FFLUSH 0 +# define SYS_F_OPEN 0 +# define SYS_F_CLOSE 0 +# define SYS_F_IOCTL 0 +# define SYS_F_STAT 0 +# define SYS_F_FCNTL 0 +# define SYS_F_FSTAT 0 +# define SYS_F_SENDFILE 0 +# endif + +/* + * All ERR_R_ codes must be combined with ERR_RFLAG_COMMON. + */ + +/* "we came from here" global reason codes, range 1..255 */ +# define ERR_R_SYS_LIB (ERR_LIB_SYS/* 2 */ | ERR_RFLAG_COMMON) +# define ERR_R_BN_LIB (ERR_LIB_BN/* 3 */ | ERR_RFLAG_COMMON) +# define ERR_R_RSA_LIB (ERR_LIB_RSA/* 4 */ | ERR_RFLAG_COMMON) +# define ERR_R_DH_LIB (ERR_LIB_DH/* 5 */ | ERR_RFLAG_COMMON) +# define ERR_R_EVP_LIB (ERR_LIB_EVP/* 6 */ | ERR_RFLAG_COMMON) +# define ERR_R_BUF_LIB (ERR_LIB_BUF/* 7 */ | ERR_RFLAG_COMMON) +# define ERR_R_OBJ_LIB (ERR_LIB_OBJ/* 8 */ | ERR_RFLAG_COMMON) +# define ERR_R_PEM_LIB (ERR_LIB_PEM/* 9 */ | ERR_RFLAG_COMMON) +# define ERR_R_DSA_LIB (ERR_LIB_DSA/* 10 */ | ERR_RFLAG_COMMON) +# define ERR_R_X509_LIB (ERR_LIB_X509/* 11 */ | ERR_RFLAG_COMMON) +# define ERR_R_ASN1_LIB (ERR_LIB_ASN1/* 13 */ | ERR_RFLAG_COMMON) +# define ERR_R_CONF_LIB (ERR_LIB_CONF/* 14 */ | ERR_RFLAG_COMMON) +# define ERR_R_CRYPTO_LIB (ERR_LIB_CRYPTO/* 15 */ | ERR_RFLAG_COMMON) +# define ERR_R_EC_LIB (ERR_LIB_EC/* 16 */ | ERR_RFLAG_COMMON) +# define ERR_R_SSL_LIB (ERR_LIB_SSL/* 20 */ | ERR_RFLAG_COMMON) +# define ERR_R_BIO_LIB (ERR_LIB_BIO/* 32 */ | ERR_RFLAG_COMMON) +# define ERR_R_PKCS7_LIB (ERR_LIB_PKCS7/* 33 */ | ERR_RFLAG_COMMON) +# define ERR_R_X509V3_LIB (ERR_LIB_X509V3/* 34 */ | ERR_RFLAG_COMMON) +# define ERR_R_PKCS12_LIB (ERR_LIB_PKCS12/* 35 */ | ERR_RFLAG_COMMON) +# define ERR_R_RAND_LIB (ERR_LIB_RAND/* 36 */ | ERR_RFLAG_COMMON) +# define ERR_R_DSO_LIB (ERR_LIB_DSO/* 37 */ | ERR_RFLAG_COMMON) +# define ERR_R_ENGINE_LIB (ERR_LIB_ENGINE/* 38 */ | ERR_RFLAG_COMMON) +# define ERR_R_UI_LIB (ERR_LIB_UI/* 40 */ | ERR_RFLAG_COMMON) +# define ERR_R_ECDSA_LIB (ERR_LIB_ECDSA/* 42 */ | ERR_RFLAG_COMMON) +# define ERR_R_OSSL_STORE_LIB (ERR_LIB_OSSL_STORE/* 44 */ | ERR_RFLAG_COMMON) +# define ERR_R_CMS_LIB (ERR_LIB_CMS/* 46 */ | ERR_RFLAG_COMMON) +# define ERR_R_TS_LIB (ERR_LIB_TS/* 47 */ | ERR_RFLAG_COMMON) +# define ERR_R_CT_LIB (ERR_LIB_CT/* 50 */ | ERR_RFLAG_COMMON) +# define ERR_R_PROV_LIB (ERR_LIB_PROV/* 57 */ | ERR_RFLAG_COMMON) +# define ERR_R_ESS_LIB (ERR_LIB_ESS/* 54 */ | ERR_RFLAG_COMMON) +# define ERR_R_CMP_LIB (ERR_LIB_CMP/* 58 */ | ERR_RFLAG_COMMON) +# define ERR_R_OSSL_ENCODER_LIB (ERR_LIB_OSSL_ENCODER/* 59 */ | ERR_RFLAG_COMMON) +# define ERR_R_OSSL_DECODER_LIB (ERR_LIB_OSSL_DECODER/* 60 */ | ERR_RFLAG_COMMON) + +/* Other common error codes, range 256..2^ERR_RFLAGS_OFFSET-1 */ +# define ERR_R_FATAL (ERR_RFLAG_FATAL|ERR_RFLAG_COMMON) +# define ERR_R_MALLOC_FAILURE (256|ERR_R_FATAL) +# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (257|ERR_R_FATAL) +# define ERR_R_PASSED_NULL_PARAMETER (258|ERR_R_FATAL) +# define ERR_R_INTERNAL_ERROR (259|ERR_R_FATAL) +# define ERR_R_DISABLED (260|ERR_R_FATAL) +# define ERR_R_INIT_FAIL (261|ERR_R_FATAL) +# define ERR_R_PASSED_INVALID_ARGUMENT (262|ERR_RFLAG_COMMON) +# define ERR_R_OPERATION_FAIL (263|ERR_R_FATAL) +# define ERR_R_INVALID_PROVIDER_FUNCTIONS (264|ERR_R_FATAL) +# define ERR_R_INTERRUPTED_OR_CANCELLED (265|ERR_RFLAG_COMMON) +# define ERR_R_NESTED_ASN1_ERROR (266|ERR_RFLAG_COMMON) +# define ERR_R_MISSING_ASN1_EOS (267|ERR_RFLAG_COMMON) +# define ERR_R_UNSUPPORTED (268|ERR_RFLAG_COMMON) +# define ERR_R_FETCH_FAILED (269|ERR_RFLAG_COMMON) +# define ERR_R_INVALID_PROPERTY_DEFINITION (270|ERR_RFLAG_COMMON) +# define ERR_R_UNABLE_TO_GET_READ_LOCK (271|ERR_R_FATAL) +# define ERR_R_UNABLE_TO_GET_WRITE_LOCK (272|ERR_R_FATAL) + +typedef struct ERR_string_data_st { + unsigned long error; + const char *string; +} ERR_STRING_DATA; + +DEFINE_LHASH_OF_INTERNAL(ERR_STRING_DATA); +#define lh_ERR_STRING_DATA_new(hfn, cmp) ((LHASH_OF(ERR_STRING_DATA) *)OPENSSL_LH_set_thunks(OPENSSL_LH_new(ossl_check_ERR_STRING_DATA_lh_hashfunc_type(hfn), ossl_check_ERR_STRING_DATA_lh_compfunc_type(cmp)), lh_ERR_STRING_DATA_hash_thunk, lh_ERR_STRING_DATA_comp_thunk, lh_ERR_STRING_DATA_doall_thunk, lh_ERR_STRING_DATA_doall_arg_thunk)) +#define lh_ERR_STRING_DATA_free(lh) OPENSSL_LH_free(ossl_check_ERR_STRING_DATA_lh_type(lh)) +#define lh_ERR_STRING_DATA_flush(lh) OPENSSL_LH_flush(ossl_check_ERR_STRING_DATA_lh_type(lh)) +#define lh_ERR_STRING_DATA_insert(lh, ptr) ((ERR_STRING_DATA *)OPENSSL_LH_insert(ossl_check_ERR_STRING_DATA_lh_type(lh), ossl_check_ERR_STRING_DATA_lh_plain_type(ptr))) +#define lh_ERR_STRING_DATA_delete(lh, ptr) ((ERR_STRING_DATA *)OPENSSL_LH_delete(ossl_check_ERR_STRING_DATA_lh_type(lh), ossl_check_const_ERR_STRING_DATA_lh_plain_type(ptr))) +#define lh_ERR_STRING_DATA_retrieve(lh, ptr) ((ERR_STRING_DATA *)OPENSSL_LH_retrieve(ossl_check_ERR_STRING_DATA_lh_type(lh), ossl_check_const_ERR_STRING_DATA_lh_plain_type(ptr))) +#define lh_ERR_STRING_DATA_error(lh) OPENSSL_LH_error(ossl_check_ERR_STRING_DATA_lh_type(lh)) +#define lh_ERR_STRING_DATA_num_items(lh) OPENSSL_LH_num_items(ossl_check_ERR_STRING_DATA_lh_type(lh)) +#define lh_ERR_STRING_DATA_node_stats_bio(lh, out) OPENSSL_LH_node_stats_bio(ossl_check_const_ERR_STRING_DATA_lh_type(lh), out) +#define lh_ERR_STRING_DATA_node_usage_stats_bio(lh, out) OPENSSL_LH_node_usage_stats_bio(ossl_check_const_ERR_STRING_DATA_lh_type(lh), out) +#define lh_ERR_STRING_DATA_stats_bio(lh, out) OPENSSL_LH_stats_bio(ossl_check_const_ERR_STRING_DATA_lh_type(lh), out) +#define lh_ERR_STRING_DATA_get_down_load(lh) OPENSSL_LH_get_down_load(ossl_check_ERR_STRING_DATA_lh_type(lh)) +#define lh_ERR_STRING_DATA_set_down_load(lh, dl) OPENSSL_LH_set_down_load(ossl_check_ERR_STRING_DATA_lh_type(lh), dl) +#define lh_ERR_STRING_DATA_doall(lh, dfn) OPENSSL_LH_doall(ossl_check_ERR_STRING_DATA_lh_type(lh), ossl_check_ERR_STRING_DATA_lh_doallfunc_type(dfn)) + + +/* 12 lines and some on an 80 column terminal */ +#define ERR_MAX_DATA_SIZE 1024 + +/* Building blocks */ +void ERR_new(void); +void ERR_set_debug(const char *file, int line, const char *func); +void ERR_set_error(int lib, int reason, const char *fmt, ...); +void ERR_vset_error(int lib, int reason, const char *fmt, va_list args); + +/* Main error raising functions */ +# define ERR_raise(lib, reason) ERR_raise_data((lib),(reason),NULL) +# define ERR_raise_data \ + (ERR_new(), \ + ERR_set_debug(OPENSSL_FILE,OPENSSL_LINE,OPENSSL_FUNC), \ + ERR_set_error) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* Backward compatibility */ +# define ERR_put_error(lib, func, reason, file, line) \ + (ERR_new(), \ + ERR_set_debug((file), (line), OPENSSL_FUNC), \ + ERR_set_error((lib), (reason), NULL)) +# endif + +void ERR_set_error_data(char *data, int flags); + +unsigned long ERR_get_error(void); +unsigned long ERR_get_error_all(const char **file, int *line, + const char **func, + const char **data, int *flags); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +unsigned long ERR_get_error_line(const char **file, int *line); +OSSL_DEPRECATEDIN_3_0 +unsigned long ERR_get_error_line_data(const char **file, int *line, + const char **data, int *flags); +#endif +unsigned long ERR_peek_error(void); +unsigned long ERR_peek_error_line(const char **file, int *line); +unsigned long ERR_peek_error_func(const char **func); +unsigned long ERR_peek_error_data(const char **data, int *flags); +unsigned long ERR_peek_error_all(const char **file, int *line, + const char **func, + const char **data, int *flags); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +unsigned long ERR_peek_error_line_data(const char **file, int *line, + const char **data, int *flags); +# endif +unsigned long ERR_peek_last_error(void); +unsigned long ERR_peek_last_error_line(const char **file, int *line); +unsigned long ERR_peek_last_error_func(const char **func); +unsigned long ERR_peek_last_error_data(const char **data, int *flags); +unsigned long ERR_peek_last_error_all(const char **file, int *line, + const char **func, + const char **data, int *flags); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +unsigned long ERR_peek_last_error_line_data(const char **file, int *line, + const char **data, int *flags); +# endif + +void ERR_clear_error(void); + +char *ERR_error_string(unsigned long e, char *buf); +void ERR_error_string_n(unsigned long e, char *buf, size_t len); +const char *ERR_lib_error_string(unsigned long e); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 const char *ERR_func_error_string(unsigned long e); +# endif +const char *ERR_reason_error_string(unsigned long e); + +void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), + void *u); +# ifndef OPENSSL_NO_STDIO +void ERR_print_errors_fp(FILE *fp); +# endif +void ERR_print_errors(BIO *bp); + +void ERR_add_error_data(int num, ...); +void ERR_add_error_vdata(int num, va_list args); +void ERR_add_error_txt(const char *sepr, const char *txt); +void ERR_add_error_mem_bio(const char *sep, BIO *bio); + +int ERR_load_strings(int lib, ERR_STRING_DATA *str); +int ERR_load_strings_const(const ERR_STRING_DATA *str); +int ERR_unload_strings(int lib, ERR_STRING_DATA *str); + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define ERR_load_crypto_strings() \ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +# define ERR_free_strings() while(0) continue +#endif +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +OSSL_DEPRECATEDIN_1_1_0 void ERR_remove_thread_state(void *); +#endif +#ifndef OPENSSL_NO_DEPRECATED_1_0_0 +OSSL_DEPRECATEDIN_1_0_0 void ERR_remove_state(unsigned long pid); +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 ERR_STATE *ERR_get_state(void); +#endif + +int ERR_get_next_error_library(void); + +int ERR_set_mark(void); +int ERR_pop_to_mark(void); +int ERR_clear_last_mark(void); +int ERR_count_to_mark(void); +int ERR_pop(void); + +ERR_STATE *OSSL_ERR_STATE_new(void); +void OSSL_ERR_STATE_save(ERR_STATE *es); +void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es); +void OSSL_ERR_STATE_restore(const ERR_STATE *es); +void OSSL_ERR_STATE_free(ERR_STATE *es); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/ess.h b/contrib/openssl-cmake/common/include/openssl/ess.h new file mode 100644 index 000000000000..4055bebbea2f --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/ess.h @@ -0,0 +1,128 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/ess.h.in + * + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + + +#ifndef OPENSSL_ESS_H +# define OPENSSL_ESS_H +# pragma once + +# include + +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + + +typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL; +typedef struct ESS_cert_id ESS_CERT_ID; +typedef struct ESS_signing_cert ESS_SIGNING_CERT; + +SKM_DEFINE_STACK_OF_INTERNAL(ESS_CERT_ID, ESS_CERT_ID, ESS_CERT_ID) +#define sk_ESS_CERT_ID_num(sk) OPENSSL_sk_num(ossl_check_const_ESS_CERT_ID_sk_type(sk)) +#define sk_ESS_CERT_ID_value(sk, idx) ((ESS_CERT_ID *)OPENSSL_sk_value(ossl_check_const_ESS_CERT_ID_sk_type(sk), (idx))) +#define sk_ESS_CERT_ID_new(cmp) ((STACK_OF(ESS_CERT_ID) *)OPENSSL_sk_new(ossl_check_ESS_CERT_ID_compfunc_type(cmp))) +#define sk_ESS_CERT_ID_new_null() ((STACK_OF(ESS_CERT_ID) *)OPENSSL_sk_new_null()) +#define sk_ESS_CERT_ID_new_reserve(cmp, n) ((STACK_OF(ESS_CERT_ID) *)OPENSSL_sk_new_reserve(ossl_check_ESS_CERT_ID_compfunc_type(cmp), (n))) +#define sk_ESS_CERT_ID_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ESS_CERT_ID_sk_type(sk), (n)) +#define sk_ESS_CERT_ID_free(sk) OPENSSL_sk_free(ossl_check_ESS_CERT_ID_sk_type(sk)) +#define sk_ESS_CERT_ID_zero(sk) OPENSSL_sk_zero(ossl_check_ESS_CERT_ID_sk_type(sk)) +#define sk_ESS_CERT_ID_delete(sk, i) ((ESS_CERT_ID *)OPENSSL_sk_delete(ossl_check_ESS_CERT_ID_sk_type(sk), (i))) +#define sk_ESS_CERT_ID_delete_ptr(sk, ptr) ((ESS_CERT_ID *)OPENSSL_sk_delete_ptr(ossl_check_ESS_CERT_ID_sk_type(sk), ossl_check_ESS_CERT_ID_type(ptr))) +#define sk_ESS_CERT_ID_push(sk, ptr) OPENSSL_sk_push(ossl_check_ESS_CERT_ID_sk_type(sk), ossl_check_ESS_CERT_ID_type(ptr)) +#define sk_ESS_CERT_ID_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ESS_CERT_ID_sk_type(sk), ossl_check_ESS_CERT_ID_type(ptr)) +#define sk_ESS_CERT_ID_pop(sk) ((ESS_CERT_ID *)OPENSSL_sk_pop(ossl_check_ESS_CERT_ID_sk_type(sk))) +#define sk_ESS_CERT_ID_shift(sk) ((ESS_CERT_ID *)OPENSSL_sk_shift(ossl_check_ESS_CERT_ID_sk_type(sk))) +#define sk_ESS_CERT_ID_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ESS_CERT_ID_sk_type(sk),ossl_check_ESS_CERT_ID_freefunc_type(freefunc)) +#define sk_ESS_CERT_ID_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ESS_CERT_ID_sk_type(sk), ossl_check_ESS_CERT_ID_type(ptr), (idx)) +#define sk_ESS_CERT_ID_set(sk, idx, ptr) ((ESS_CERT_ID *)OPENSSL_sk_set(ossl_check_ESS_CERT_ID_sk_type(sk), (idx), ossl_check_ESS_CERT_ID_type(ptr))) +#define sk_ESS_CERT_ID_find(sk, ptr) OPENSSL_sk_find(ossl_check_ESS_CERT_ID_sk_type(sk), ossl_check_ESS_CERT_ID_type(ptr)) +#define sk_ESS_CERT_ID_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ESS_CERT_ID_sk_type(sk), ossl_check_ESS_CERT_ID_type(ptr)) +#define sk_ESS_CERT_ID_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ESS_CERT_ID_sk_type(sk), ossl_check_ESS_CERT_ID_type(ptr), pnum) +#define sk_ESS_CERT_ID_sort(sk) OPENSSL_sk_sort(ossl_check_ESS_CERT_ID_sk_type(sk)) +#define sk_ESS_CERT_ID_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ESS_CERT_ID_sk_type(sk)) +#define sk_ESS_CERT_ID_dup(sk) ((STACK_OF(ESS_CERT_ID) *)OPENSSL_sk_dup(ossl_check_const_ESS_CERT_ID_sk_type(sk))) +#define sk_ESS_CERT_ID_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ESS_CERT_ID) *)OPENSSL_sk_deep_copy(ossl_check_const_ESS_CERT_ID_sk_type(sk), ossl_check_ESS_CERT_ID_copyfunc_type(copyfunc), ossl_check_ESS_CERT_ID_freefunc_type(freefunc))) +#define sk_ESS_CERT_ID_set_cmp_func(sk, cmp) ((sk_ESS_CERT_ID_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ESS_CERT_ID_sk_type(sk), ossl_check_ESS_CERT_ID_compfunc_type(cmp))) + + + +typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2; +typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2; + +SKM_DEFINE_STACK_OF_INTERNAL(ESS_CERT_ID_V2, ESS_CERT_ID_V2, ESS_CERT_ID_V2) +#define sk_ESS_CERT_ID_V2_num(sk) OPENSSL_sk_num(ossl_check_const_ESS_CERT_ID_V2_sk_type(sk)) +#define sk_ESS_CERT_ID_V2_value(sk, idx) ((ESS_CERT_ID_V2 *)OPENSSL_sk_value(ossl_check_const_ESS_CERT_ID_V2_sk_type(sk), (idx))) +#define sk_ESS_CERT_ID_V2_new(cmp) ((STACK_OF(ESS_CERT_ID_V2) *)OPENSSL_sk_new(ossl_check_ESS_CERT_ID_V2_compfunc_type(cmp))) +#define sk_ESS_CERT_ID_V2_new_null() ((STACK_OF(ESS_CERT_ID_V2) *)OPENSSL_sk_new_null()) +#define sk_ESS_CERT_ID_V2_new_reserve(cmp, n) ((STACK_OF(ESS_CERT_ID_V2) *)OPENSSL_sk_new_reserve(ossl_check_ESS_CERT_ID_V2_compfunc_type(cmp), (n))) +#define sk_ESS_CERT_ID_V2_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ESS_CERT_ID_V2_sk_type(sk), (n)) +#define sk_ESS_CERT_ID_V2_free(sk) OPENSSL_sk_free(ossl_check_ESS_CERT_ID_V2_sk_type(sk)) +#define sk_ESS_CERT_ID_V2_zero(sk) OPENSSL_sk_zero(ossl_check_ESS_CERT_ID_V2_sk_type(sk)) +#define sk_ESS_CERT_ID_V2_delete(sk, i) ((ESS_CERT_ID_V2 *)OPENSSL_sk_delete(ossl_check_ESS_CERT_ID_V2_sk_type(sk), (i))) +#define sk_ESS_CERT_ID_V2_delete_ptr(sk, ptr) ((ESS_CERT_ID_V2 *)OPENSSL_sk_delete_ptr(ossl_check_ESS_CERT_ID_V2_sk_type(sk), ossl_check_ESS_CERT_ID_V2_type(ptr))) +#define sk_ESS_CERT_ID_V2_push(sk, ptr) OPENSSL_sk_push(ossl_check_ESS_CERT_ID_V2_sk_type(sk), ossl_check_ESS_CERT_ID_V2_type(ptr)) +#define sk_ESS_CERT_ID_V2_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ESS_CERT_ID_V2_sk_type(sk), ossl_check_ESS_CERT_ID_V2_type(ptr)) +#define sk_ESS_CERT_ID_V2_pop(sk) ((ESS_CERT_ID_V2 *)OPENSSL_sk_pop(ossl_check_ESS_CERT_ID_V2_sk_type(sk))) +#define sk_ESS_CERT_ID_V2_shift(sk) ((ESS_CERT_ID_V2 *)OPENSSL_sk_shift(ossl_check_ESS_CERT_ID_V2_sk_type(sk))) +#define sk_ESS_CERT_ID_V2_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ESS_CERT_ID_V2_sk_type(sk),ossl_check_ESS_CERT_ID_V2_freefunc_type(freefunc)) +#define sk_ESS_CERT_ID_V2_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ESS_CERT_ID_V2_sk_type(sk), ossl_check_ESS_CERT_ID_V2_type(ptr), (idx)) +#define sk_ESS_CERT_ID_V2_set(sk, idx, ptr) ((ESS_CERT_ID_V2 *)OPENSSL_sk_set(ossl_check_ESS_CERT_ID_V2_sk_type(sk), (idx), ossl_check_ESS_CERT_ID_V2_type(ptr))) +#define sk_ESS_CERT_ID_V2_find(sk, ptr) OPENSSL_sk_find(ossl_check_ESS_CERT_ID_V2_sk_type(sk), ossl_check_ESS_CERT_ID_V2_type(ptr)) +#define sk_ESS_CERT_ID_V2_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ESS_CERT_ID_V2_sk_type(sk), ossl_check_ESS_CERT_ID_V2_type(ptr)) +#define sk_ESS_CERT_ID_V2_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ESS_CERT_ID_V2_sk_type(sk), ossl_check_ESS_CERT_ID_V2_type(ptr), pnum) +#define sk_ESS_CERT_ID_V2_sort(sk) OPENSSL_sk_sort(ossl_check_ESS_CERT_ID_V2_sk_type(sk)) +#define sk_ESS_CERT_ID_V2_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ESS_CERT_ID_V2_sk_type(sk)) +#define sk_ESS_CERT_ID_V2_dup(sk) ((STACK_OF(ESS_CERT_ID_V2) *)OPENSSL_sk_dup(ossl_check_const_ESS_CERT_ID_V2_sk_type(sk))) +#define sk_ESS_CERT_ID_V2_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ESS_CERT_ID_V2) *)OPENSSL_sk_deep_copy(ossl_check_const_ESS_CERT_ID_V2_sk_type(sk), ossl_check_ESS_CERT_ID_V2_copyfunc_type(copyfunc), ossl_check_ESS_CERT_ID_V2_freefunc_type(freefunc))) +#define sk_ESS_CERT_ID_V2_set_cmp_func(sk, cmp) ((sk_ESS_CERT_ID_V2_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ESS_CERT_ID_V2_sk_type(sk), ossl_check_ESS_CERT_ID_V2_compfunc_type(cmp))) + + +DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_ISSUER_SERIAL) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_ISSUER_SERIAL, ESS_ISSUER_SERIAL) +DECLARE_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL) + +DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_CERT_ID) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_CERT_ID, ESS_CERT_ID) +DECLARE_ASN1_DUP_FUNCTION(ESS_CERT_ID) + +DECLARE_ASN1_FUNCTIONS(ESS_SIGNING_CERT) +DECLARE_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT) + +DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_CERT_ID_V2) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_CERT_ID_V2, ESS_CERT_ID_V2) +DECLARE_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2) + +DECLARE_ASN1_FUNCTIONS(ESS_SIGNING_CERT_V2) +DECLARE_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2) + +ESS_SIGNING_CERT *OSSL_ESS_signing_cert_new_init(const X509 *signcert, + const STACK_OF(X509) *certs, + int set_issuer_serial); +ESS_SIGNING_CERT_V2 *OSSL_ESS_signing_cert_v2_new_init(const EVP_MD *hash_alg, + const X509 *signcert, + const + STACK_OF(X509) *certs, + int set_issuer_serial); +int OSSL_ESS_check_signing_certs(const ESS_SIGNING_CERT *ss, + const ESS_SIGNING_CERT_V2 *ssv2, + const STACK_OF(X509) *chain, + int require_signing_cert); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/fipskey.h b/contrib/openssl-cmake/common/include/openssl/fipskey.h new file mode 100644 index 000000000000..620812bf0a5f --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/fipskey.h @@ -0,0 +1,41 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/fipskey.h.in + * + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_FIPSKEY_H +# define OPENSSL_FIPSKEY_H +# pragma once + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * The FIPS validation HMAC key, usable as an array initializer. + */ +#define FIPS_KEY_ELEMENTS \ + 0xf4, 0x55, 0x66, 0x50, 0xac, 0x31, 0xd3, 0x54, 0x61, 0x61, 0x0b, 0xac, 0x4e, 0xd8, 0x1b, 0x1a, 0x18, 0x1b, 0x2d, 0x8a, 0x43, 0xea, 0x28, 0x54, 0xcb, 0xae, 0x22, 0xca, 0x74, 0x56, 0x08, 0x13 + +/* + * The FIPS validation key, as a string. + */ +#define FIPS_KEY_STRING "f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813" + +/* + * The FIPS provider vendor name, as a string. + */ +#define FIPS_VENDOR "OpenSSL non-compliant FIPS Provider" + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/lhash.h b/contrib/openssl-cmake/common/include/openssl/lhash.h new file mode 100644 index 000000000000..62c55b20fd97 --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/lhash.h @@ -0,0 +1,398 @@ +/* + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + + +/* + * Header for dynamic hash table routines Author - Eric Young + */ + +#ifndef OPENSSL_LHASH_H +# define OPENSSL_LHASH_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_LHASH_H +# endif + +# include +# include +# ifndef OPENSSL_NO_STDIO +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct lhash_node_st OPENSSL_LH_NODE; +typedef int (*OPENSSL_LH_COMPFUNC) (const void *, const void *); +typedef int (*OPENSSL_LH_COMPFUNCTHUNK) (const void *, const void *, OPENSSL_LH_COMPFUNC cfn); +typedef unsigned long (*OPENSSL_LH_HASHFUNC) (const void *); +typedef unsigned long (*OPENSSL_LH_HASHFUNCTHUNK) (const void *, OPENSSL_LH_HASHFUNC hfn); +typedef void (*OPENSSL_LH_DOALL_FUNC) (void *); +typedef void (*OPENSSL_LH_DOALL_FUNC_THUNK) (void *, OPENSSL_LH_DOALL_FUNC doall); +typedef void (*OPENSSL_LH_DOALL_FUNCARG) (void *, void *); +typedef void (*OPENSSL_LH_DOALL_FUNCARG_THUNK) (void *, void *, OPENSSL_LH_DOALL_FUNCARG doall); +typedef struct lhash_st OPENSSL_LHASH; + +/* + * Macros for declaring and implementing type-safe wrappers for LHASH + * callbacks. This way, callbacks can be provided to LHASH structures without + * function pointer casting and the macro-defined callbacks provide + * per-variable casting before deferring to the underlying type-specific + * callbacks. NB: It is possible to place a "static" in front of both the + * DECLARE and IMPLEMENT macros if the functions are strictly internal. + */ + +/* First: "hash" functions */ +# define DECLARE_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *); +# define IMPLEMENT_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *arg) { \ + const o_type *a = arg; \ + return name##_hash(a); } +# define LHASH_HASH_FN(name) name##_LHASH_HASH + +/* Second: "compare" functions */ +# define DECLARE_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *, const void *); +# define IMPLEMENT_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *arg1, const void *arg2) { \ + const o_type *a = arg1; \ + const o_type *b = arg2; \ + return name##_cmp(a,b); } +# define LHASH_COMP_FN(name) name##_LHASH_COMP + +/* Fourth: "doall_arg" functions */ +# define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *, void *); +# define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ + o_type *a = arg1; \ + a_type *b = arg2; \ + name##_doall_arg(a, b); } +# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG + + +# define LH_LOAD_MULT 256 + +int OPENSSL_LH_error(OPENSSL_LHASH *lh); +OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c); +OPENSSL_LHASH *OPENSSL_LH_set_thunks(OPENSSL_LHASH *lh, + OPENSSL_LH_HASHFUNCTHUNK hw, + OPENSSL_LH_COMPFUNCTHUNK cw, + OPENSSL_LH_DOALL_FUNC_THUNK daw, + OPENSSL_LH_DOALL_FUNCARG_THUNK daaw); +void OPENSSL_LH_free(OPENSSL_LHASH *lh); +void OPENSSL_LH_flush(OPENSSL_LHASH *lh); +void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data); +void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data); +void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data); +void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func); +void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, + OPENSSL_LH_DOALL_FUNCARG func, void *arg); +void OPENSSL_LH_doall_arg_thunk(OPENSSL_LHASH *lh, + OPENSSL_LH_DOALL_FUNCARG_THUNK daaw, + OPENSSL_LH_DOALL_FUNCARG fn, void *arg); + +unsigned long OPENSSL_LH_strhash(const char *c); +unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh); +unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh); +void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load); + +# ifndef OPENSSL_NO_STDIO +# ifndef OPENSSL_NO_DEPRECATED_3_1 +OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp); +OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp); +OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp); +# endif +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_1 +OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +# endif + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define _LHASH OPENSSL_LHASH +# define LHASH_NODE OPENSSL_LH_NODE +# define lh_error OPENSSL_LH_error +# define lh_new OPENSSL_LH_new +# define lh_free OPENSSL_LH_free +# define lh_insert OPENSSL_LH_insert +# define lh_delete OPENSSL_LH_delete +# define lh_retrieve OPENSSL_LH_retrieve +# define lh_doall OPENSSL_LH_doall +# define lh_doall_arg OPENSSL_LH_doall_arg +# define lh_strhash OPENSSL_LH_strhash +# define lh_num_items OPENSSL_LH_num_items +# ifndef OPENSSL_NO_STDIO +# define lh_stats OPENSSL_LH_stats +# define lh_node_stats OPENSSL_LH_node_stats +# define lh_node_usage_stats OPENSSL_LH_node_usage_stats +# endif +# define lh_stats_bio OPENSSL_LH_stats_bio +# define lh_node_stats_bio OPENSSL_LH_node_stats_bio +# define lh_node_usage_stats_bio OPENSSL_LH_node_usage_stats_bio +# endif + +/* Type checking... */ + +# define LHASH_OF(type) struct lhash_st_##type + +/* Helper macro for internal use */ +# define DEFINE_LHASH_OF_INTERNAL(type) \ + LHASH_OF(type) { \ + union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; \ + }; \ + typedef int (*lh_##type##_compfunc)(const type *a, const type *b); \ + typedef unsigned long (*lh_##type##_hashfunc)(const type *a); \ + typedef void (*lh_##type##_doallfunc)(type *a); \ + static ossl_inline unsigned long lh_##type##_hash_thunk(const void *data, OPENSSL_LH_HASHFUNC hfn) \ + { \ + unsigned long (*hfn_conv)(const type *) = (unsigned long (*)(const type *))hfn; \ + return hfn_conv((const type *)data); \ + } \ + static ossl_inline int lh_##type##_comp_thunk(const void *da, const void *db, OPENSSL_LH_COMPFUNC cfn) \ + { \ + int (*cfn_conv)(const type *, const type *) = (int (*)(const type *, const type *))cfn; \ + return cfn_conv((const type *)da, (const type *)db); \ + } \ + static ossl_inline void lh_##type##_doall_thunk(void *node, OPENSSL_LH_DOALL_FUNC doall) \ + { \ + void (*doall_conv)(type *) = (void (*)(type *))doall; \ + doall_conv((type *)node); \ + } \ + static ossl_inline void lh_##type##_doall_arg_thunk(void *node, void *arg, OPENSSL_LH_DOALL_FUNCARG doall) \ + { \ + void (*doall_conv)(type *, void *) = (void (*)(type *, void *))doall; \ + doall_conv((type *)node, arg); \ + } \ + static ossl_unused ossl_inline type *\ + ossl_check_##type##_lh_plain_type(type *ptr) \ + { \ + return ptr; \ + } \ + static ossl_unused ossl_inline const type * \ + ossl_check_const_##type##_lh_plain_type(const type *ptr) \ + { \ + return ptr; \ + } \ + static ossl_unused ossl_inline const OPENSSL_LHASH * \ + ossl_check_const_##type##_lh_type(const LHASH_OF(type) *lh) \ + { \ + return (const OPENSSL_LHASH *)lh; \ + } \ + static ossl_unused ossl_inline OPENSSL_LHASH * \ + ossl_check_##type##_lh_type(LHASH_OF(type) *lh) \ + { \ + return (OPENSSL_LHASH *)lh; \ + } \ + static ossl_unused ossl_inline OPENSSL_LH_COMPFUNC \ + ossl_check_##type##_lh_compfunc_type(lh_##type##_compfunc cmp) \ + { \ + return (OPENSSL_LH_COMPFUNC)cmp; \ + } \ + static ossl_unused ossl_inline OPENSSL_LH_HASHFUNC \ + ossl_check_##type##_lh_hashfunc_type(lh_##type##_hashfunc hfn) \ + { \ + return (OPENSSL_LH_HASHFUNC)hfn; \ + } \ + static ossl_unused ossl_inline OPENSSL_LH_DOALL_FUNC \ + ossl_check_##type##_lh_doallfunc_type(lh_##type##_doallfunc dfn) \ + { \ + return (OPENSSL_LH_DOALL_FUNC)dfn; \ + } \ + LHASH_OF(type) + +# ifndef OPENSSL_NO_DEPRECATED_3_1 +# define DEFINE_LHASH_OF_DEPRECATED(type) \ + static ossl_unused ossl_inline void \ + lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline void \ + lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline void \ + lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } +# else +# define DEFINE_LHASH_OF_DEPRECATED(type) +# endif + +# define DEFINE_LHASH_OF_EX(type) \ + LHASH_OF(type) { \ + union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; \ + }; \ + static unsigned long \ + lh_##type##_hfn_thunk(const void *data, OPENSSL_LH_HASHFUNC hfn) \ + { \ + unsigned long (*hfn_conv)(const type *) = (unsigned long (*)(const type *))hfn; \ + return hfn_conv((const type *)data); \ + } \ + static int lh_##type##_cfn_thunk(const void *da, const void *db, OPENSSL_LH_COMPFUNC cfn) \ + { \ + int (*cfn_conv)(const type *, const type *) = (int (*)(const type *, const type *))cfn; \ + return cfn_conv((const type *)da, (const type *)db); \ + } \ + static ossl_unused ossl_inline void \ + lh_##type##_free(LHASH_OF(type) *lh) \ + { \ + OPENSSL_LH_free((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void \ + lh_##type##_flush(LHASH_OF(type) *lh) \ + { \ + OPENSSL_LH_flush((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline type * \ + lh_##type##_insert(LHASH_OF(type) *lh, type *d) \ + { \ + return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline type * \ + lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline type * \ + lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline int \ + lh_##type##_error(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline unsigned long \ + lh_##type##_num_items(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline unsigned long \ + lh_##type##_get_down_load(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void \ + lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \ + { \ + OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \ + } \ + static ossl_unused ossl_inline void \ + lh_##type##_doall_thunk(void *node, OPENSSL_LH_DOALL_FUNC doall) \ + { \ + void (*doall_conv)(type *) = (void (*)(type *))doall; \ + doall_conv((type *)node); \ + } \ + static ossl_unused ossl_inline void \ + lh_##type##_doall_arg_thunk(void *node, void *arg, OPENSSL_LH_DOALL_FUNCARG doall) \ + { \ + void (*doall_conv)(type *, void *) = (void (*)(type *, void *))doall; \ + doall_conv((type *)node, arg); \ + } \ + static ossl_unused ossl_inline void \ + lh_##type##_doall(LHASH_OF(type) *lh, void (*doall)(type *)) \ + { \ + OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \ + } \ + static ossl_unused ossl_inline LHASH_OF(type) * \ + lh_##type##_new(unsigned long (*hfn)(const type *), \ + int (*cfn)(const type *, const type *)) \ + { \ + return (LHASH_OF(type) *)OPENSSL_LH_set_thunks(OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn), \ + lh_##type##_hfn_thunk, lh_##type##_cfn_thunk, \ + lh_##type##_doall_thunk, \ + lh_##type##_doall_arg_thunk); \ + } \ + static ossl_unused ossl_inline void \ + lh_##type##_doall_arg(LHASH_OF(type) *lh, \ + void (*doallarg)(type *, void *), void *arg) \ + { \ + OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, \ + (OPENSSL_LH_DOALL_FUNCARG)doallarg, arg); \ + } \ + LHASH_OF(type) + +# define DEFINE_LHASH_OF(type) \ + DEFINE_LHASH_OF_EX(type); \ + DEFINE_LHASH_OF_DEPRECATED(type) \ + LHASH_OF(type) + +#define IMPLEMENT_LHASH_DOALL_ARG_CONST(type, argtype) \ + int_implement_lhash_doall(type, argtype, const type) + +#define IMPLEMENT_LHASH_DOALL_ARG(type, argtype) \ + int_implement_lhash_doall(type, argtype, type) + +#define int_implement_lhash_doall(type, argtype, cbargtype) \ + static ossl_unused ossl_inline void \ + lh_##type##_doall_##argtype##_thunk(void *node, void *arg, OPENSSL_LH_DOALL_FUNCARG fn) \ + { \ + void (*fn_conv)(cbargtype *, argtype *) = (void (*)(cbargtype *, argtype *))fn; \ + fn_conv((cbargtype *)node, (argtype *)arg); \ + } \ + static ossl_unused ossl_inline void \ + lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \ + void (*fn)(cbargtype *, argtype *), \ + argtype *arg) \ + { \ + OPENSSL_LH_doall_arg_thunk((OPENSSL_LHASH *)lh, \ + lh_##type##_doall_##argtype##_thunk, \ + (OPENSSL_LH_DOALL_FUNCARG)fn, \ + (void *)arg); \ + } \ + LHASH_OF(type) + +DEFINE_LHASH_OF_INTERNAL(OPENSSL_STRING); +#define lh_OPENSSL_STRING_new(hfn, cmp) ((LHASH_OF(OPENSSL_STRING) *)OPENSSL_LH_set_thunks(OPENSSL_LH_new(ossl_check_OPENSSL_STRING_lh_hashfunc_type(hfn), ossl_check_OPENSSL_STRING_lh_compfunc_type(cmp)), lh_OPENSSL_STRING_hash_thunk, lh_OPENSSL_STRING_comp_thunk, lh_OPENSSL_STRING_doall_thunk, lh_OPENSSL_STRING_doall_arg_thunk)) +#define lh_OPENSSL_STRING_free(lh) OPENSSL_LH_free(ossl_check_OPENSSL_STRING_lh_type(lh)) +#define lh_OPENSSL_STRING_flush(lh) OPENSSL_LH_flush(ossl_check_OPENSSL_STRING_lh_type(lh)) +#define lh_OPENSSL_STRING_insert(lh, ptr) ((OPENSSL_STRING *)OPENSSL_LH_insert(ossl_check_OPENSSL_STRING_lh_type(lh), ossl_check_OPENSSL_STRING_lh_plain_type(ptr))) +#define lh_OPENSSL_STRING_delete(lh, ptr) ((OPENSSL_STRING *)OPENSSL_LH_delete(ossl_check_OPENSSL_STRING_lh_type(lh), ossl_check_const_OPENSSL_STRING_lh_plain_type(ptr))) +#define lh_OPENSSL_STRING_retrieve(lh, ptr) ((OPENSSL_STRING *)OPENSSL_LH_retrieve(ossl_check_OPENSSL_STRING_lh_type(lh), ossl_check_const_OPENSSL_STRING_lh_plain_type(ptr))) +#define lh_OPENSSL_STRING_error(lh) OPENSSL_LH_error(ossl_check_OPENSSL_STRING_lh_type(lh)) +#define lh_OPENSSL_STRING_num_items(lh) OPENSSL_LH_num_items(ossl_check_OPENSSL_STRING_lh_type(lh)) +#define lh_OPENSSL_STRING_node_stats_bio(lh, out) OPENSSL_LH_node_stats_bio(ossl_check_const_OPENSSL_STRING_lh_type(lh), out) +#define lh_OPENSSL_STRING_node_usage_stats_bio(lh, out) OPENSSL_LH_node_usage_stats_bio(ossl_check_const_OPENSSL_STRING_lh_type(lh), out) +#define lh_OPENSSL_STRING_stats_bio(lh, out) OPENSSL_LH_stats_bio(ossl_check_const_OPENSSL_STRING_lh_type(lh), out) +#define lh_OPENSSL_STRING_get_down_load(lh) OPENSSL_LH_get_down_load(ossl_check_OPENSSL_STRING_lh_type(lh)) +#define lh_OPENSSL_STRING_set_down_load(lh, dl) OPENSSL_LH_set_down_load(ossl_check_OPENSSL_STRING_lh_type(lh), dl) +#define lh_OPENSSL_STRING_doall(lh, dfn) OPENSSL_LH_doall(ossl_check_OPENSSL_STRING_lh_type(lh), ossl_check_OPENSSL_STRING_lh_doallfunc_type(dfn)) +DEFINE_LHASH_OF_INTERNAL(OPENSSL_CSTRING); +#define lh_OPENSSL_CSTRING_new(hfn, cmp) ((LHASH_OF(OPENSSL_CSTRING) *)OPENSSL_LH_set_thunks(OPENSSL_LH_new(ossl_check_OPENSSL_CSTRING_lh_hashfunc_type(hfn), ossl_check_OPENSSL_CSTRING_lh_compfunc_type(cmp)), lh_OPENSSL_CSTRING_hash_thunk, lh_OPENSSL_CSTRING_comp_thunk, lh_OPENSSL_CSTRING_doall_thunk, lh_OPENSSL_CSTRING_doall_arg_thunk)) +#define lh_OPENSSL_CSTRING_free(lh) OPENSSL_LH_free(ossl_check_OPENSSL_CSTRING_lh_type(lh)) +#define lh_OPENSSL_CSTRING_flush(lh) OPENSSL_LH_flush(ossl_check_OPENSSL_CSTRING_lh_type(lh)) +#define lh_OPENSSL_CSTRING_insert(lh, ptr) ((OPENSSL_CSTRING *)OPENSSL_LH_insert(ossl_check_OPENSSL_CSTRING_lh_type(lh), ossl_check_OPENSSL_CSTRING_lh_plain_type(ptr))) +#define lh_OPENSSL_CSTRING_delete(lh, ptr) ((OPENSSL_CSTRING *)OPENSSL_LH_delete(ossl_check_OPENSSL_CSTRING_lh_type(lh), ossl_check_const_OPENSSL_CSTRING_lh_plain_type(ptr))) +#define lh_OPENSSL_CSTRING_retrieve(lh, ptr) ((OPENSSL_CSTRING *)OPENSSL_LH_retrieve(ossl_check_OPENSSL_CSTRING_lh_type(lh), ossl_check_const_OPENSSL_CSTRING_lh_plain_type(ptr))) +#define lh_OPENSSL_CSTRING_error(lh) OPENSSL_LH_error(ossl_check_OPENSSL_CSTRING_lh_type(lh)) +#define lh_OPENSSL_CSTRING_num_items(lh) OPENSSL_LH_num_items(ossl_check_OPENSSL_CSTRING_lh_type(lh)) +#define lh_OPENSSL_CSTRING_node_stats_bio(lh, out) OPENSSL_LH_node_stats_bio(ossl_check_const_OPENSSL_CSTRING_lh_type(lh), out) +#define lh_OPENSSL_CSTRING_node_usage_stats_bio(lh, out) OPENSSL_LH_node_usage_stats_bio(ossl_check_const_OPENSSL_CSTRING_lh_type(lh), out) +#define lh_OPENSSL_CSTRING_stats_bio(lh, out) OPENSSL_LH_stats_bio(ossl_check_const_OPENSSL_CSTRING_lh_type(lh), out) +#define lh_OPENSSL_CSTRING_get_down_load(lh) OPENSSL_LH_get_down_load(ossl_check_OPENSSL_CSTRING_lh_type(lh)) +#define lh_OPENSSL_CSTRING_set_down_load(lh, dl) OPENSSL_LH_set_down_load(ossl_check_OPENSSL_CSTRING_lh_type(lh), dl) +#define lh_OPENSSL_CSTRING_doall(lh, dfn) OPENSSL_LH_doall(ossl_check_OPENSSL_CSTRING_lh_type(lh), ossl_check_OPENSSL_CSTRING_lh_doallfunc_type(dfn)) + + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/ocsp.h b/contrib/openssl-cmake/common/include/openssl/ocsp.h new file mode 100644 index 000000000000..142b183140ba --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/ocsp.h @@ -0,0 +1,483 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/ocsp.h.in + * + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + + +#ifndef OPENSSL_OCSP_H +# define OPENSSL_OCSP_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OCSP_H +# endif + +# include +# include +# include + +/* + * These definitions are outside the OPENSSL_NO_OCSP guard because although for + * historical reasons they have OCSP_* names, they can actually be used + * independently of OCSP. E.g. see RFC5280 + */ +/*- + * CRLReason ::= ENUMERATED { + * unspecified (0), + * keyCompromise (1), + * cACompromise (2), + * affiliationChanged (3), + * superseded (4), + * cessationOfOperation (5), + * certificateHold (6), + * -- value 7 is not used + * removeFromCRL (8), + * privilegeWithdrawn (9), + * aACompromise (10) } + */ +# define OCSP_REVOKED_STATUS_NOSTATUS -1 +# define OCSP_REVOKED_STATUS_UNSPECIFIED 0 +# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 +# define OCSP_REVOKED_STATUS_CACOMPROMISE 2 +# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 +# define OCSP_REVOKED_STATUS_SUPERSEDED 4 +# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 +# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 +# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 +# define OCSP_REVOKED_STATUS_PRIVILEGEWITHDRAWN 9 +# define OCSP_REVOKED_STATUS_AACOMPROMISE 10 + + +# ifndef OPENSSL_NO_OCSP + +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/* Various flags and values */ + +# define OCSP_DEFAULT_NONCE_LENGTH 16 + +# define OCSP_NOCERTS 0x1 +# define OCSP_NOINTERN 0x2 +# define OCSP_NOSIGS 0x4 +# define OCSP_NOCHAIN 0x8 +# define OCSP_NOVERIFY 0x10 +# define OCSP_NOEXPLICIT 0x20 +# define OCSP_NOCASIGN 0x40 +# define OCSP_NODELEGATED 0x80 +# define OCSP_NOCHECKS 0x100 +# define OCSP_TRUSTOTHER 0x200 +# define OCSP_RESPID_KEY 0x400 +# define OCSP_NOTIME 0x800 +# define OCSP_PARTIAL_CHAIN 0x1000 + +typedef struct ocsp_cert_id_st OCSP_CERTID; +typedef struct ocsp_one_request_st OCSP_ONEREQ; +typedef struct ocsp_req_info_st OCSP_REQINFO; +typedef struct ocsp_signature_st OCSP_SIGNATURE; +typedef struct ocsp_request_st OCSP_REQUEST; + +SKM_DEFINE_STACK_OF_INTERNAL(OCSP_CERTID, OCSP_CERTID, OCSP_CERTID) +#define sk_OCSP_CERTID_num(sk) OPENSSL_sk_num(ossl_check_const_OCSP_CERTID_sk_type(sk)) +#define sk_OCSP_CERTID_value(sk, idx) ((OCSP_CERTID *)OPENSSL_sk_value(ossl_check_const_OCSP_CERTID_sk_type(sk), (idx))) +#define sk_OCSP_CERTID_new(cmp) ((STACK_OF(OCSP_CERTID) *)OPENSSL_sk_new(ossl_check_OCSP_CERTID_compfunc_type(cmp))) +#define sk_OCSP_CERTID_new_null() ((STACK_OF(OCSP_CERTID) *)OPENSSL_sk_new_null()) +#define sk_OCSP_CERTID_new_reserve(cmp, n) ((STACK_OF(OCSP_CERTID) *)OPENSSL_sk_new_reserve(ossl_check_OCSP_CERTID_compfunc_type(cmp), (n))) +#define sk_OCSP_CERTID_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OCSP_CERTID_sk_type(sk), (n)) +#define sk_OCSP_CERTID_free(sk) OPENSSL_sk_free(ossl_check_OCSP_CERTID_sk_type(sk)) +#define sk_OCSP_CERTID_zero(sk) OPENSSL_sk_zero(ossl_check_OCSP_CERTID_sk_type(sk)) +#define sk_OCSP_CERTID_delete(sk, i) ((OCSP_CERTID *)OPENSSL_sk_delete(ossl_check_OCSP_CERTID_sk_type(sk), (i))) +#define sk_OCSP_CERTID_delete_ptr(sk, ptr) ((OCSP_CERTID *)OPENSSL_sk_delete_ptr(ossl_check_OCSP_CERTID_sk_type(sk), ossl_check_OCSP_CERTID_type(ptr))) +#define sk_OCSP_CERTID_push(sk, ptr) OPENSSL_sk_push(ossl_check_OCSP_CERTID_sk_type(sk), ossl_check_OCSP_CERTID_type(ptr)) +#define sk_OCSP_CERTID_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OCSP_CERTID_sk_type(sk), ossl_check_OCSP_CERTID_type(ptr)) +#define sk_OCSP_CERTID_pop(sk) ((OCSP_CERTID *)OPENSSL_sk_pop(ossl_check_OCSP_CERTID_sk_type(sk))) +#define sk_OCSP_CERTID_shift(sk) ((OCSP_CERTID *)OPENSSL_sk_shift(ossl_check_OCSP_CERTID_sk_type(sk))) +#define sk_OCSP_CERTID_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OCSP_CERTID_sk_type(sk),ossl_check_OCSP_CERTID_freefunc_type(freefunc)) +#define sk_OCSP_CERTID_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OCSP_CERTID_sk_type(sk), ossl_check_OCSP_CERTID_type(ptr), (idx)) +#define sk_OCSP_CERTID_set(sk, idx, ptr) ((OCSP_CERTID *)OPENSSL_sk_set(ossl_check_OCSP_CERTID_sk_type(sk), (idx), ossl_check_OCSP_CERTID_type(ptr))) +#define sk_OCSP_CERTID_find(sk, ptr) OPENSSL_sk_find(ossl_check_OCSP_CERTID_sk_type(sk), ossl_check_OCSP_CERTID_type(ptr)) +#define sk_OCSP_CERTID_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OCSP_CERTID_sk_type(sk), ossl_check_OCSP_CERTID_type(ptr)) +#define sk_OCSP_CERTID_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OCSP_CERTID_sk_type(sk), ossl_check_OCSP_CERTID_type(ptr), pnum) +#define sk_OCSP_CERTID_sort(sk) OPENSSL_sk_sort(ossl_check_OCSP_CERTID_sk_type(sk)) +#define sk_OCSP_CERTID_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OCSP_CERTID_sk_type(sk)) +#define sk_OCSP_CERTID_dup(sk) ((STACK_OF(OCSP_CERTID) *)OPENSSL_sk_dup(ossl_check_const_OCSP_CERTID_sk_type(sk))) +#define sk_OCSP_CERTID_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OCSP_CERTID) *)OPENSSL_sk_deep_copy(ossl_check_const_OCSP_CERTID_sk_type(sk), ossl_check_OCSP_CERTID_copyfunc_type(copyfunc), ossl_check_OCSP_CERTID_freefunc_type(freefunc))) +#define sk_OCSP_CERTID_set_cmp_func(sk, cmp) ((sk_OCSP_CERTID_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OCSP_CERTID_sk_type(sk), ossl_check_OCSP_CERTID_compfunc_type(cmp))) +SKM_DEFINE_STACK_OF_INTERNAL(OCSP_ONEREQ, OCSP_ONEREQ, OCSP_ONEREQ) +#define sk_OCSP_ONEREQ_num(sk) OPENSSL_sk_num(ossl_check_const_OCSP_ONEREQ_sk_type(sk)) +#define sk_OCSP_ONEREQ_value(sk, idx) ((OCSP_ONEREQ *)OPENSSL_sk_value(ossl_check_const_OCSP_ONEREQ_sk_type(sk), (idx))) +#define sk_OCSP_ONEREQ_new(cmp) ((STACK_OF(OCSP_ONEREQ) *)OPENSSL_sk_new(ossl_check_OCSP_ONEREQ_compfunc_type(cmp))) +#define sk_OCSP_ONEREQ_new_null() ((STACK_OF(OCSP_ONEREQ) *)OPENSSL_sk_new_null()) +#define sk_OCSP_ONEREQ_new_reserve(cmp, n) ((STACK_OF(OCSP_ONEREQ) *)OPENSSL_sk_new_reserve(ossl_check_OCSP_ONEREQ_compfunc_type(cmp), (n))) +#define sk_OCSP_ONEREQ_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OCSP_ONEREQ_sk_type(sk), (n)) +#define sk_OCSP_ONEREQ_free(sk) OPENSSL_sk_free(ossl_check_OCSP_ONEREQ_sk_type(sk)) +#define sk_OCSP_ONEREQ_zero(sk) OPENSSL_sk_zero(ossl_check_OCSP_ONEREQ_sk_type(sk)) +#define sk_OCSP_ONEREQ_delete(sk, i) ((OCSP_ONEREQ *)OPENSSL_sk_delete(ossl_check_OCSP_ONEREQ_sk_type(sk), (i))) +#define sk_OCSP_ONEREQ_delete_ptr(sk, ptr) ((OCSP_ONEREQ *)OPENSSL_sk_delete_ptr(ossl_check_OCSP_ONEREQ_sk_type(sk), ossl_check_OCSP_ONEREQ_type(ptr))) +#define sk_OCSP_ONEREQ_push(sk, ptr) OPENSSL_sk_push(ossl_check_OCSP_ONEREQ_sk_type(sk), ossl_check_OCSP_ONEREQ_type(ptr)) +#define sk_OCSP_ONEREQ_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OCSP_ONEREQ_sk_type(sk), ossl_check_OCSP_ONEREQ_type(ptr)) +#define sk_OCSP_ONEREQ_pop(sk) ((OCSP_ONEREQ *)OPENSSL_sk_pop(ossl_check_OCSP_ONEREQ_sk_type(sk))) +#define sk_OCSP_ONEREQ_shift(sk) ((OCSP_ONEREQ *)OPENSSL_sk_shift(ossl_check_OCSP_ONEREQ_sk_type(sk))) +#define sk_OCSP_ONEREQ_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OCSP_ONEREQ_sk_type(sk),ossl_check_OCSP_ONEREQ_freefunc_type(freefunc)) +#define sk_OCSP_ONEREQ_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OCSP_ONEREQ_sk_type(sk), ossl_check_OCSP_ONEREQ_type(ptr), (idx)) +#define sk_OCSP_ONEREQ_set(sk, idx, ptr) ((OCSP_ONEREQ *)OPENSSL_sk_set(ossl_check_OCSP_ONEREQ_sk_type(sk), (idx), ossl_check_OCSP_ONEREQ_type(ptr))) +#define sk_OCSP_ONEREQ_find(sk, ptr) OPENSSL_sk_find(ossl_check_OCSP_ONEREQ_sk_type(sk), ossl_check_OCSP_ONEREQ_type(ptr)) +#define sk_OCSP_ONEREQ_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OCSP_ONEREQ_sk_type(sk), ossl_check_OCSP_ONEREQ_type(ptr)) +#define sk_OCSP_ONEREQ_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OCSP_ONEREQ_sk_type(sk), ossl_check_OCSP_ONEREQ_type(ptr), pnum) +#define sk_OCSP_ONEREQ_sort(sk) OPENSSL_sk_sort(ossl_check_OCSP_ONEREQ_sk_type(sk)) +#define sk_OCSP_ONEREQ_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OCSP_ONEREQ_sk_type(sk)) +#define sk_OCSP_ONEREQ_dup(sk) ((STACK_OF(OCSP_ONEREQ) *)OPENSSL_sk_dup(ossl_check_const_OCSP_ONEREQ_sk_type(sk))) +#define sk_OCSP_ONEREQ_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OCSP_ONEREQ) *)OPENSSL_sk_deep_copy(ossl_check_const_OCSP_ONEREQ_sk_type(sk), ossl_check_OCSP_ONEREQ_copyfunc_type(copyfunc), ossl_check_OCSP_ONEREQ_freefunc_type(freefunc))) +#define sk_OCSP_ONEREQ_set_cmp_func(sk, cmp) ((sk_OCSP_ONEREQ_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OCSP_ONEREQ_sk_type(sk), ossl_check_OCSP_ONEREQ_compfunc_type(cmp))) + + +# define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 +# define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 +# define OCSP_RESPONSE_STATUS_INTERNALERROR 2 +# define OCSP_RESPONSE_STATUS_TRYLATER 3 +# define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 +# define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 + +typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; + +# define V_OCSP_RESPID_NAME 0 +# define V_OCSP_RESPID_KEY 1 + +SKM_DEFINE_STACK_OF_INTERNAL(OCSP_RESPID, OCSP_RESPID, OCSP_RESPID) +#define sk_OCSP_RESPID_num(sk) OPENSSL_sk_num(ossl_check_const_OCSP_RESPID_sk_type(sk)) +#define sk_OCSP_RESPID_value(sk, idx) ((OCSP_RESPID *)OPENSSL_sk_value(ossl_check_const_OCSP_RESPID_sk_type(sk), (idx))) +#define sk_OCSP_RESPID_new(cmp) ((STACK_OF(OCSP_RESPID) *)OPENSSL_sk_new(ossl_check_OCSP_RESPID_compfunc_type(cmp))) +#define sk_OCSP_RESPID_new_null() ((STACK_OF(OCSP_RESPID) *)OPENSSL_sk_new_null()) +#define sk_OCSP_RESPID_new_reserve(cmp, n) ((STACK_OF(OCSP_RESPID) *)OPENSSL_sk_new_reserve(ossl_check_OCSP_RESPID_compfunc_type(cmp), (n))) +#define sk_OCSP_RESPID_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OCSP_RESPID_sk_type(sk), (n)) +#define sk_OCSP_RESPID_free(sk) OPENSSL_sk_free(ossl_check_OCSP_RESPID_sk_type(sk)) +#define sk_OCSP_RESPID_zero(sk) OPENSSL_sk_zero(ossl_check_OCSP_RESPID_sk_type(sk)) +#define sk_OCSP_RESPID_delete(sk, i) ((OCSP_RESPID *)OPENSSL_sk_delete(ossl_check_OCSP_RESPID_sk_type(sk), (i))) +#define sk_OCSP_RESPID_delete_ptr(sk, ptr) ((OCSP_RESPID *)OPENSSL_sk_delete_ptr(ossl_check_OCSP_RESPID_sk_type(sk), ossl_check_OCSP_RESPID_type(ptr))) +#define sk_OCSP_RESPID_push(sk, ptr) OPENSSL_sk_push(ossl_check_OCSP_RESPID_sk_type(sk), ossl_check_OCSP_RESPID_type(ptr)) +#define sk_OCSP_RESPID_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OCSP_RESPID_sk_type(sk), ossl_check_OCSP_RESPID_type(ptr)) +#define sk_OCSP_RESPID_pop(sk) ((OCSP_RESPID *)OPENSSL_sk_pop(ossl_check_OCSP_RESPID_sk_type(sk))) +#define sk_OCSP_RESPID_shift(sk) ((OCSP_RESPID *)OPENSSL_sk_shift(ossl_check_OCSP_RESPID_sk_type(sk))) +#define sk_OCSP_RESPID_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OCSP_RESPID_sk_type(sk),ossl_check_OCSP_RESPID_freefunc_type(freefunc)) +#define sk_OCSP_RESPID_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OCSP_RESPID_sk_type(sk), ossl_check_OCSP_RESPID_type(ptr), (idx)) +#define sk_OCSP_RESPID_set(sk, idx, ptr) ((OCSP_RESPID *)OPENSSL_sk_set(ossl_check_OCSP_RESPID_sk_type(sk), (idx), ossl_check_OCSP_RESPID_type(ptr))) +#define sk_OCSP_RESPID_find(sk, ptr) OPENSSL_sk_find(ossl_check_OCSP_RESPID_sk_type(sk), ossl_check_OCSP_RESPID_type(ptr)) +#define sk_OCSP_RESPID_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OCSP_RESPID_sk_type(sk), ossl_check_OCSP_RESPID_type(ptr)) +#define sk_OCSP_RESPID_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OCSP_RESPID_sk_type(sk), ossl_check_OCSP_RESPID_type(ptr), pnum) +#define sk_OCSP_RESPID_sort(sk) OPENSSL_sk_sort(ossl_check_OCSP_RESPID_sk_type(sk)) +#define sk_OCSP_RESPID_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OCSP_RESPID_sk_type(sk)) +#define sk_OCSP_RESPID_dup(sk) ((STACK_OF(OCSP_RESPID) *)OPENSSL_sk_dup(ossl_check_const_OCSP_RESPID_sk_type(sk))) +#define sk_OCSP_RESPID_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OCSP_RESPID) *)OPENSSL_sk_deep_copy(ossl_check_const_OCSP_RESPID_sk_type(sk), ossl_check_OCSP_RESPID_copyfunc_type(copyfunc), ossl_check_OCSP_RESPID_freefunc_type(freefunc))) +#define sk_OCSP_RESPID_set_cmp_func(sk, cmp) ((sk_OCSP_RESPID_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OCSP_RESPID_sk_type(sk), ossl_check_OCSP_RESPID_compfunc_type(cmp))) + + +typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; + +# define V_OCSP_CERTSTATUS_GOOD 0 +# define V_OCSP_CERTSTATUS_REVOKED 1 +# define V_OCSP_CERTSTATUS_UNKNOWN 2 + +typedef struct ocsp_cert_status_st OCSP_CERTSTATUS; +typedef struct ocsp_single_response_st OCSP_SINGLERESP; + +SKM_DEFINE_STACK_OF_INTERNAL(OCSP_SINGLERESP, OCSP_SINGLERESP, OCSP_SINGLERESP) +#define sk_OCSP_SINGLERESP_num(sk) OPENSSL_sk_num(ossl_check_const_OCSP_SINGLERESP_sk_type(sk)) +#define sk_OCSP_SINGLERESP_value(sk, idx) ((OCSP_SINGLERESP *)OPENSSL_sk_value(ossl_check_const_OCSP_SINGLERESP_sk_type(sk), (idx))) +#define sk_OCSP_SINGLERESP_new(cmp) ((STACK_OF(OCSP_SINGLERESP) *)OPENSSL_sk_new(ossl_check_OCSP_SINGLERESP_compfunc_type(cmp))) +#define sk_OCSP_SINGLERESP_new_null() ((STACK_OF(OCSP_SINGLERESP) *)OPENSSL_sk_new_null()) +#define sk_OCSP_SINGLERESP_new_reserve(cmp, n) ((STACK_OF(OCSP_SINGLERESP) *)OPENSSL_sk_new_reserve(ossl_check_OCSP_SINGLERESP_compfunc_type(cmp), (n))) +#define sk_OCSP_SINGLERESP_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OCSP_SINGLERESP_sk_type(sk), (n)) +#define sk_OCSP_SINGLERESP_free(sk) OPENSSL_sk_free(ossl_check_OCSP_SINGLERESP_sk_type(sk)) +#define sk_OCSP_SINGLERESP_zero(sk) OPENSSL_sk_zero(ossl_check_OCSP_SINGLERESP_sk_type(sk)) +#define sk_OCSP_SINGLERESP_delete(sk, i) ((OCSP_SINGLERESP *)OPENSSL_sk_delete(ossl_check_OCSP_SINGLERESP_sk_type(sk), (i))) +#define sk_OCSP_SINGLERESP_delete_ptr(sk, ptr) ((OCSP_SINGLERESP *)OPENSSL_sk_delete_ptr(ossl_check_OCSP_SINGLERESP_sk_type(sk), ossl_check_OCSP_SINGLERESP_type(ptr))) +#define sk_OCSP_SINGLERESP_push(sk, ptr) OPENSSL_sk_push(ossl_check_OCSP_SINGLERESP_sk_type(sk), ossl_check_OCSP_SINGLERESP_type(ptr)) +#define sk_OCSP_SINGLERESP_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OCSP_SINGLERESP_sk_type(sk), ossl_check_OCSP_SINGLERESP_type(ptr)) +#define sk_OCSP_SINGLERESP_pop(sk) ((OCSP_SINGLERESP *)OPENSSL_sk_pop(ossl_check_OCSP_SINGLERESP_sk_type(sk))) +#define sk_OCSP_SINGLERESP_shift(sk) ((OCSP_SINGLERESP *)OPENSSL_sk_shift(ossl_check_OCSP_SINGLERESP_sk_type(sk))) +#define sk_OCSP_SINGLERESP_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OCSP_SINGLERESP_sk_type(sk),ossl_check_OCSP_SINGLERESP_freefunc_type(freefunc)) +#define sk_OCSP_SINGLERESP_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OCSP_SINGLERESP_sk_type(sk), ossl_check_OCSP_SINGLERESP_type(ptr), (idx)) +#define sk_OCSP_SINGLERESP_set(sk, idx, ptr) ((OCSP_SINGLERESP *)OPENSSL_sk_set(ossl_check_OCSP_SINGLERESP_sk_type(sk), (idx), ossl_check_OCSP_SINGLERESP_type(ptr))) +#define sk_OCSP_SINGLERESP_find(sk, ptr) OPENSSL_sk_find(ossl_check_OCSP_SINGLERESP_sk_type(sk), ossl_check_OCSP_SINGLERESP_type(ptr)) +#define sk_OCSP_SINGLERESP_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OCSP_SINGLERESP_sk_type(sk), ossl_check_OCSP_SINGLERESP_type(ptr)) +#define sk_OCSP_SINGLERESP_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OCSP_SINGLERESP_sk_type(sk), ossl_check_OCSP_SINGLERESP_type(ptr), pnum) +#define sk_OCSP_SINGLERESP_sort(sk) OPENSSL_sk_sort(ossl_check_OCSP_SINGLERESP_sk_type(sk)) +#define sk_OCSP_SINGLERESP_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OCSP_SINGLERESP_sk_type(sk)) +#define sk_OCSP_SINGLERESP_dup(sk) ((STACK_OF(OCSP_SINGLERESP) *)OPENSSL_sk_dup(ossl_check_const_OCSP_SINGLERESP_sk_type(sk))) +#define sk_OCSP_SINGLERESP_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OCSP_SINGLERESP) *)OPENSSL_sk_deep_copy(ossl_check_const_OCSP_SINGLERESP_sk_type(sk), ossl_check_OCSP_SINGLERESP_copyfunc_type(copyfunc), ossl_check_OCSP_SINGLERESP_freefunc_type(freefunc))) +#define sk_OCSP_SINGLERESP_set_cmp_func(sk, cmp) ((sk_OCSP_SINGLERESP_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OCSP_SINGLERESP_sk_type(sk), ossl_check_OCSP_SINGLERESP_compfunc_type(cmp))) + + +typedef struct ocsp_response_data_st OCSP_RESPDATA; + +typedef struct ocsp_basic_response_st OCSP_BASICRESP; + +typedef struct ocsp_crl_id_st OCSP_CRLID; +typedef struct ocsp_service_locator_st OCSP_SERVICELOC; + +# define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" +# define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" + +# define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) + +# define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) + +# define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST, \ + bp,(char **)(x),cb,NULL) + +# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb) (OCSP_RESPONSE *)PEM_ASN1_read_bio(\ + (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE, \ + bp,(char **)(x),cb,NULL) + +# define PEM_write_bio_OCSP_REQUEST(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ + bp,(char *)(o), NULL,NULL,0,NULL,NULL) + +# define PEM_write_bio_OCSP_RESPONSE(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ + bp,(char *)(o), NULL,NULL,0,NULL,NULL) + +# define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) + +# define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) + +# define ASN1_BIT_STRING_digest(data,type,md,len) \ + ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) + +# define OCSP_CERTSTATUS_dup(cs)\ + (OCSP_CERTSTATUS*)ASN1_dup((i2d_of_void *)i2d_OCSP_CERTSTATUS,\ + (d2i_of_void *)d2i_OCSP_CERTSTATUS,(char *)(cs)) + +DECLARE_ASN1_DUP_FUNCTION(OCSP_CERTID) + +OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, + const OCSP_REQUEST *req, int buf_size); +OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX; +# define OCSP_REQ_CTX_new(io, buf_size) \ + OSSL_HTTP_REQ_CTX_new(io, io, buf_size) +# define OCSP_REQ_CTX_free OSSL_HTTP_REQ_CTX_free +# define OCSP_REQ_CTX_http(rctx, op, path) \ + (OSSL_HTTP_REQ_CTX_set_expected(rctx, NULL, 1 /* asn1 */, 0, 0) && \ + OSSL_HTTP_REQ_CTX_set_request_line(rctx, strcmp(op, "POST") == 0, \ + NULL, NULL, path)) +# define OCSP_REQ_CTX_add1_header OSSL_HTTP_REQ_CTX_add1_header +# define OCSP_REQ_CTX_i2d(r, it, req) \ + OSSL_HTTP_REQ_CTX_set1_req(r, "application/ocsp-request", it, req) +# define OCSP_REQ_CTX_set1_req(r, req) \ + OCSP_REQ_CTX_i2d(r, ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)(req)) +# define OCSP_REQ_CTX_nbio OSSL_HTTP_REQ_CTX_nbio +# define OCSP_REQ_CTX_nbio_d2i OSSL_HTTP_REQ_CTX_nbio_d2i +# define OCSP_sendreq_nbio(p, r) \ + OSSL_HTTP_REQ_CTX_nbio_d2i(r, (ASN1_VALUE **)(p), \ + ASN1_ITEM_rptr(OCSP_RESPONSE)) +# define OCSP_REQ_CTX_get0_mem_bio OSSL_HTTP_REQ_CTX_get0_mem_bio +# define OCSP_set_max_response_length OSSL_HTTP_REQ_CTX_set_max_response_length +# endif + +OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, + const X509 *issuer); + +OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, + const X509_NAME *issuerName, + const ASN1_BIT_STRING *issuerKey, + const ASN1_INTEGER *serialNumber); + +OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); + +int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); +int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); +int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs); +int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); + +int OCSP_request_set1_name(OCSP_REQUEST *req, const X509_NAME *nm); +int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); + +int OCSP_request_sign(OCSP_REQUEST *req, + X509 *signer, + EVP_PKEY *key, + const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); + +int OCSP_response_status(OCSP_RESPONSE *resp); +OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); + +const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); +const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); +const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs); + +int OCSP_resp_count(OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); +const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs); +const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, + const ASN1_OCTET_STRING **pid, + const X509_NAME **pname); +int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, + ASN1_OCTET_STRING **pid, + X509_NAME **pname); + +int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); +int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, + int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, + ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); + +int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, + X509_STORE *store, unsigned long flags); + +# define OCSP_parse_url(url, host, port, path, ssl) \ + OSSL_HTTP_parse_url(url, ssl, NULL, host, port, NULL, path, NULL, NULL) + +int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); +int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); + +int OCSP_request_onereq_count(OCSP_REQUEST *req); +OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); +OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one); +int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, + ASN1_OCTET_STRING **pikeyHash, + ASN1_INTEGER **pserial, OCSP_CERTID *cid); +int OCSP_request_is_signed(OCSP_REQUEST *req); +OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, + OCSP_CERTID *cid, + int status, int reason, + ASN1_TIME *revtime, + ASN1_TIME *thisupd, + ASN1_TIME *nextupd); +int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); +int OCSP_basic_sign(OCSP_BASICRESP *brsp, + X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); +int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, + X509 *signer, EVP_MD_CTX *ctx, + STACK_OF(X509) *certs, unsigned long flags); +int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); +int OCSP_RESPID_set_by_key_ex(OCSP_RESPID *respid, X509 *cert, + OSSL_LIB_CTX *libctx, const char *propq); +int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); +int OCSP_RESPID_match_ex(OCSP_RESPID *respid, X509 *cert, OSSL_LIB_CTX *libctx, + const char *propq); +int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); + +X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim); + +X509_EXTENSION *OCSP_accept_responses_new(char **oids); + +X509_EXTENSION *OCSP_archive_cutoff_new(char *tim); + +X509_EXTENSION *OCSP_url_svcloc_new(const X509_NAME *issuer, const char **urls); + +int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); +int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); +int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos); +X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); +X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc); +void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, + int *idx); +int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); + +int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); +int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos); +int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, int lastpos); +int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos); +X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc); +X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc); +void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx); +int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); + +int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); +int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); +int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, + int lastpos); +X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc); +X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc); +void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, + int *idx); +int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); + +int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); +int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos); +int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, + int lastpos); +X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc); +X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc); +void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, + int *idx); +int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc); +const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x); + +DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP) +DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS) +DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) +DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES) +DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ) +DECLARE_ASN1_FUNCTIONS(OCSP_CERTID) +DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST) +DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE) +DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO) +DECLARE_ASN1_FUNCTIONS(OCSP_CRLID) +DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC) + +const char *OCSP_response_status_str(long s); +const char *OCSP_cert_status_str(long s); +const char *OCSP_crl_reason_str(long s); + +int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags); +int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags); + +int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + X509_STORE *st, unsigned long flags); + + +# ifdef __cplusplus +} +# endif +# endif /* !defined(OPENSSL_NO_OCSP) */ +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/opensslv.h b/contrib/openssl-cmake/common/include/openssl/opensslv.h new file mode 100644 index 000000000000..110c34de0e46 --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/opensslv.h @@ -0,0 +1,114 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/opensslv.h.in + * + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OPENSSLV_H +# define OPENSSL_OPENSSLV_H +# pragma once + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * SECTION 1: VERSION DATA. These will change for each release + */ + +/* + * Base version macros + * + * These macros express version number MAJOR.MINOR.PATCH exactly + */ +# define OPENSSL_VERSION_MAJOR 3 +# define OPENSSL_VERSION_MINOR 5 +# define OPENSSL_VERSION_PATCH 6 + +/* + * Additional version information + * + * These are also part of the new version scheme, but aren't part + * of the version number itself. + */ + +/* Could be: #define OPENSSL_VERSION_PRE_RELEASE "-alpha.1" */ +# define OPENSSL_VERSION_PRE_RELEASE "" +/* Could be: #define OPENSSL_VERSION_BUILD_METADATA "+fips" */ +/* Could be: #define OPENSSL_VERSION_BUILD_METADATA "+vendor.1" */ +# define OPENSSL_VERSION_BUILD_METADATA "" + +/* + * Note: The OpenSSL Project will never define OPENSSL_VERSION_BUILD_METADATA + * to be anything but the empty string. Its use is entirely reserved for + * others + */ + +/* + * Shared library version + * + * This is strictly to express ABI version, which may or may not + * be related to the API version expressed with the macros above. + * This is defined in free form. + */ +# define OPENSSL_SHLIB_VERSION 3 + +/* + * SECTION 2: USEFUL MACROS + */ + +/* For checking general API compatibility when preprocessing */ +# define OPENSSL_VERSION_PREREQ(maj,min) \ + ((OPENSSL_VERSION_MAJOR << 16) + OPENSSL_VERSION_MINOR >= ((maj) << 16) + (min)) + +/* + * Macros to get the version in easily digested string form, both the short + * "MAJOR.MINOR.PATCH" variant (where MAJOR, MINOR and PATCH are replaced + * with the values from the corresponding OPENSSL_VERSION_ macros) and the + * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and + * OPENSSL_VERSION_BUILD_METADATA_STR appended. + */ +# define OPENSSL_VERSION_STR "3.5.6" +# define OPENSSL_FULL_VERSION_STR "3.5.6" + +/* + * SECTION 3: ADDITIONAL METADATA + * + * These strings are defined separately to allow them to be parsable. + */ +# define OPENSSL_RELEASE_DATE "7 Apr 2026" + +/* + * SECTION 4: BACKWARD COMPATIBILITY + */ + +# define OPENSSL_VERSION_TEXT "OpenSSL 3.5.6 7 Apr 2026" + +/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ +# ifdef OPENSSL_VERSION_PRE_RELEASE +# define _OPENSSL_VERSION_PRE_RELEASE 0x0L +# else +# define _OPENSSL_VERSION_PRE_RELEASE 0xfL +# endif +# define OPENSSL_VERSION_NUMBER \ + ( (OPENSSL_VERSION_MAJOR<<28) \ + |(OPENSSL_VERSION_MINOR<<20) \ + |(OPENSSL_VERSION_PATCH<<4) \ + |_OPENSSL_VERSION_PRE_RELEASE ) + +# ifdef __cplusplus +} +# endif + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OPENSSLV_H +# endif + +#endif /* OPENSSL_OPENSSLV_H */ diff --git a/contrib/openssl-cmake/common/include/openssl/pkcs12.h b/contrib/openssl-cmake/common/include/openssl/pkcs12.h new file mode 100644 index 000000000000..0809645dad0b --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/pkcs12.h @@ -0,0 +1,366 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/pkcs12.h.in + * + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + + +#ifndef OPENSSL_PKCS12_H +# define OPENSSL_PKCS12_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_PKCS12_H +# endif + +# include +# include +# include +# include +# ifndef OPENSSL_NO_STDIO +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define PKCS12_KEY_ID 1 +# define PKCS12_IV_ID 2 +# define PKCS12_MAC_ID 3 + +/* Default iteration count */ +# ifndef PKCS12_DEFAULT_ITER +# define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER +# endif + +# define PKCS12_MAC_KEY_LENGTH 20 + +/* The macro is expected to be used only internally. Kept for backwards compatibility. */ +# define PKCS12_SALT_LEN 8 + +/* It's not clear if these are actually needed... */ +# define PKCS12_key_gen PKCS12_key_gen_utf8 +# define PKCS12_add_friendlyname PKCS12_add_friendlyname_utf8 + +/* MS key usage constants */ + +# define KEY_EX 0x10 +# define KEY_SIG 0x80 + +typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA; + +typedef struct PKCS12_st PKCS12; + +typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG; + +SKM_DEFINE_STACK_OF_INTERNAL(PKCS12_SAFEBAG, PKCS12_SAFEBAG, PKCS12_SAFEBAG) +#define sk_PKCS12_SAFEBAG_num(sk) OPENSSL_sk_num(ossl_check_const_PKCS12_SAFEBAG_sk_type(sk)) +#define sk_PKCS12_SAFEBAG_value(sk, idx) ((PKCS12_SAFEBAG *)OPENSSL_sk_value(ossl_check_const_PKCS12_SAFEBAG_sk_type(sk), (idx))) +#define sk_PKCS12_SAFEBAG_new(cmp) ((STACK_OF(PKCS12_SAFEBAG) *)OPENSSL_sk_new(ossl_check_PKCS12_SAFEBAG_compfunc_type(cmp))) +#define sk_PKCS12_SAFEBAG_new_null() ((STACK_OF(PKCS12_SAFEBAG) *)OPENSSL_sk_new_null()) +#define sk_PKCS12_SAFEBAG_new_reserve(cmp, n) ((STACK_OF(PKCS12_SAFEBAG) *)OPENSSL_sk_new_reserve(ossl_check_PKCS12_SAFEBAG_compfunc_type(cmp), (n))) +#define sk_PKCS12_SAFEBAG_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_PKCS12_SAFEBAG_sk_type(sk), (n)) +#define sk_PKCS12_SAFEBAG_free(sk) OPENSSL_sk_free(ossl_check_PKCS12_SAFEBAG_sk_type(sk)) +#define sk_PKCS12_SAFEBAG_zero(sk) OPENSSL_sk_zero(ossl_check_PKCS12_SAFEBAG_sk_type(sk)) +#define sk_PKCS12_SAFEBAG_delete(sk, i) ((PKCS12_SAFEBAG *)OPENSSL_sk_delete(ossl_check_PKCS12_SAFEBAG_sk_type(sk), (i))) +#define sk_PKCS12_SAFEBAG_delete_ptr(sk, ptr) ((PKCS12_SAFEBAG *)OPENSSL_sk_delete_ptr(ossl_check_PKCS12_SAFEBAG_sk_type(sk), ossl_check_PKCS12_SAFEBAG_type(ptr))) +#define sk_PKCS12_SAFEBAG_push(sk, ptr) OPENSSL_sk_push(ossl_check_PKCS12_SAFEBAG_sk_type(sk), ossl_check_PKCS12_SAFEBAG_type(ptr)) +#define sk_PKCS12_SAFEBAG_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_PKCS12_SAFEBAG_sk_type(sk), ossl_check_PKCS12_SAFEBAG_type(ptr)) +#define sk_PKCS12_SAFEBAG_pop(sk) ((PKCS12_SAFEBAG *)OPENSSL_sk_pop(ossl_check_PKCS12_SAFEBAG_sk_type(sk))) +#define sk_PKCS12_SAFEBAG_shift(sk) ((PKCS12_SAFEBAG *)OPENSSL_sk_shift(ossl_check_PKCS12_SAFEBAG_sk_type(sk))) +#define sk_PKCS12_SAFEBAG_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_PKCS12_SAFEBAG_sk_type(sk),ossl_check_PKCS12_SAFEBAG_freefunc_type(freefunc)) +#define sk_PKCS12_SAFEBAG_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_PKCS12_SAFEBAG_sk_type(sk), ossl_check_PKCS12_SAFEBAG_type(ptr), (idx)) +#define sk_PKCS12_SAFEBAG_set(sk, idx, ptr) ((PKCS12_SAFEBAG *)OPENSSL_sk_set(ossl_check_PKCS12_SAFEBAG_sk_type(sk), (idx), ossl_check_PKCS12_SAFEBAG_type(ptr))) +#define sk_PKCS12_SAFEBAG_find(sk, ptr) OPENSSL_sk_find(ossl_check_PKCS12_SAFEBAG_sk_type(sk), ossl_check_PKCS12_SAFEBAG_type(ptr)) +#define sk_PKCS12_SAFEBAG_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_PKCS12_SAFEBAG_sk_type(sk), ossl_check_PKCS12_SAFEBAG_type(ptr)) +#define sk_PKCS12_SAFEBAG_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_PKCS12_SAFEBAG_sk_type(sk), ossl_check_PKCS12_SAFEBAG_type(ptr), pnum) +#define sk_PKCS12_SAFEBAG_sort(sk) OPENSSL_sk_sort(ossl_check_PKCS12_SAFEBAG_sk_type(sk)) +#define sk_PKCS12_SAFEBAG_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_PKCS12_SAFEBAG_sk_type(sk)) +#define sk_PKCS12_SAFEBAG_dup(sk) ((STACK_OF(PKCS12_SAFEBAG) *)OPENSSL_sk_dup(ossl_check_const_PKCS12_SAFEBAG_sk_type(sk))) +#define sk_PKCS12_SAFEBAG_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(PKCS12_SAFEBAG) *)OPENSSL_sk_deep_copy(ossl_check_const_PKCS12_SAFEBAG_sk_type(sk), ossl_check_PKCS12_SAFEBAG_copyfunc_type(copyfunc), ossl_check_PKCS12_SAFEBAG_freefunc_type(freefunc))) +#define sk_PKCS12_SAFEBAG_set_cmp_func(sk, cmp) ((sk_PKCS12_SAFEBAG_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_PKCS12_SAFEBAG_sk_type(sk), ossl_check_PKCS12_SAFEBAG_compfunc_type(cmp))) + + +typedef struct pkcs12_bag_st PKCS12_BAGS; + +# define PKCS12_ERROR 0 +# define PKCS12_OK 1 + +/* Compatibility macros */ + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 + +# define M_PKCS12_bag_type PKCS12_bag_type +# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type +# define M_PKCS12_crl_bag_type PKCS12_cert_bag_type + +# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert +# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl +# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid +# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid +# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert +# define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl +# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf +# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt + +#endif +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +OSSL_DEPRECATEDIN_1_1_0 ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, + int attr_nid); +#endif + +ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid); +int PKCS12_mac_present(const PKCS12 *p12); +void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, + const X509_ALGOR **pmacalg, + const ASN1_OCTET_STRING **psalt, + const ASN1_INTEGER **piter, + const PKCS12 *p12); + +const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, + int attr_nid); +const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); +const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag); +const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag); + +X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq); +X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag); +X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq); +X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag); +const STACK_OF(PKCS12_SAFEBAG) * +PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); +const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag); +const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag); + +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_secret(int type, int vtype, const unsigned char *value, int len); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, + const char *pass, + int passlen, + unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8inf); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(int pbe_nid, + const char *pass, + int passlen, + unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *ctx, + const char *propq); + +PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, + int nid1, int nid2); +PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, + int passlen); +PKCS8_PRIV_KEY_INFO *PKCS8_decrypt_ex(const X509_SIG *p8, const char *pass, + int passlen, OSSL_LIB_CTX *ctx, + const char *propq); +PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, + const char *pass, int passlen); +PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey_ex(const PKCS12_SAFEBAG *bag, + const char *pass, int passlen, + OSSL_LIB_CTX *ctx, + const char *propq); +X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, + const char *pass, int passlen, unsigned char *salt, + int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); +X509_SIG *PKCS8_encrypt_ex(int pbe_nid, const EVP_CIPHER *cipher, + const char *pass, int passlen, unsigned char *salt, + int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8, + OSSL_LIB_CTX *ctx, const char *propq); +X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, + PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe); +X509_SIG *PKCS8_set0_pbe_ex(const char *pass, int passlen, + PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe, + OSSL_LIB_CTX *ctx, const char *propq); +PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); +PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + STACK_OF(PKCS12_SAFEBAG) *bags); +PKCS7 *PKCS12_pack_p7encdata_ex(int pbe_nid, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + STACK_OF(PKCS12_SAFEBAG) *bags, + OSSL_LIB_CTX *ctx, const char *propq); + +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, + int passlen); + +int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); +STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12); + +int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, + int namelen); +int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, + const unsigned char *name, int namelen); +int PKCS12_add1_attr_by_NID(PKCS12_SAFEBAG *bag, int nid, int type, + const unsigned char *bytes, int len); +int PKCS12_add1_attr_by_txt(PKCS12_SAFEBAG *bag, const char *attrname, int type, + const unsigned char *bytes, int len); +int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); +ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, + int attr_nid); +char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); +const STACK_OF(X509_ATTRIBUTE) * +PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); +void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs); +unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, + const char *pass, int passlen, + const unsigned char *in, int inlen, + unsigned char **data, int *datalen, + int en_de); +unsigned char *PKCS12_pbe_crypt_ex(const X509_ALGOR *algor, + const char *pass, int passlen, + const unsigned char *in, int inlen, + unsigned char **data, int *datalen, + int en_de, OSSL_LIB_CTX *libctx, + const char *propq); +void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, + const char *pass, int passlen, + const ASN1_OCTET_STRING *oct, int zbuf); +void *PKCS12_item_decrypt_d2i_ex(const X509_ALGOR *algor, const ASN1_ITEM *it, + const char *pass, int passlen, + const ASN1_OCTET_STRING *oct, int zbuf, + OSSL_LIB_CTX *libctx, + const char *propq); +ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, + const ASN1_ITEM *it, + const char *pass, int passlen, + void *obj, int zbuf); +ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt_ex(X509_ALGOR *algor, + const ASN1_ITEM *it, + const char *pass, int passlen, + void *obj, int zbuf, + OSSL_LIB_CTX *ctx, + const char *propq); +PKCS12 *PKCS12_init(int mode); +PKCS12 *PKCS12_init_ex(int mode, OSSL_LIB_CTX *ctx, const char *propq); + +int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_key_gen_asc_ex(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type, + OSSL_LIB_CTX *ctx, const char *propq); +int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_key_gen_uni_ex(unsigned char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type, + OSSL_LIB_CTX *ctx, const char *propq); +int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_key_gen_utf8_ex(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type, + OSSL_LIB_CTX *ctx, const char *propq); + +int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md_type, int en_de); +int PKCS12_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md_type, int en_de, + OSSL_LIB_CTX *libctx, const char *propq); +int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *mac, unsigned int *maclen); +int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); +int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + const EVP_MD *md_type); +int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + const EVP_MD *md_type, const char *prf_md_name); +int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, + int saltlen, const EVP_MD *md_type); +unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, + unsigned char **uni, int *unilen); +char *OPENSSL_uni2asc(const unsigned char *uni, int unilen); +unsigned char *OPENSSL_utf82uni(const char *asc, int asclen, + unsigned char **uni, int *unilen); +char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen); + +DECLARE_ASN1_FUNCTIONS(PKCS12) +DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) +DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) +DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS) + +DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS) +DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) + +void PKCS12_PBE_add(void); +int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca); +typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg); +PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, + int iter, int mac_iter, int keytype); +PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey, + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, + int iter, int mac_iter, int keytype, + OSSL_LIB_CTX *ctx, const char *propq); +PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey, + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, + int iter, int mac_iter, int keytype, + OSSL_LIB_CTX *ctx, const char *propq, + PKCS12_create_cb *cb, void *cbarg); + +PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); +PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, + EVP_PKEY *key, int key_usage, int iter, + int key_nid, const char *pass); +PKCS12_SAFEBAG *PKCS12_add_key_ex(STACK_OF(PKCS12_SAFEBAG) **pbags, + EVP_PKEY *key, int key_usage, int iter, + int key_nid, const char *pass, + OSSL_LIB_CTX *ctx, const char *propq); + +PKCS12_SAFEBAG *PKCS12_add_secret(STACK_OF(PKCS12_SAFEBAG) **pbags, + int nid_type, const unsigned char *value, int len); +int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, + int safe_nid, int iter, const char *pass); +int PKCS12_add_safe_ex(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, + int safe_nid, int iter, const char *pass, + OSSL_LIB_CTX *ctx, const char *propq); + +PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); +PKCS12 *PKCS12_add_safes_ex(STACK_OF(PKCS7) *safes, int p7_nid, + OSSL_LIB_CTX *ctx, const char *propq); + +int i2d_PKCS12_bio(BIO *bp, const PKCS12 *p12); +# ifndef OPENSSL_NO_STDIO +int i2d_PKCS12_fp(FILE *fp, const PKCS12 *p12); +# endif +PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); +# ifndef OPENSSL_NO_STDIO +PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); +# endif +int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/pkcs7.h b/contrib/openssl-cmake/common/include/openssl/pkcs7.h new file mode 100644 index 000000000000..fa68462aff97 --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/pkcs7.h @@ -0,0 +1,430 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/pkcs7.h.in + * + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + + +#ifndef OPENSSL_PKCS7_H +# define OPENSSL_PKCS7_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_PKCS7_H +# endif + +# include +# include +# include + +# include +# include +# include +# ifndef OPENSSL_NO_STDIO +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + + +/*- +Encryption_ID DES-CBC +Digest_ID MD5 +Digest_Encryption_ID rsaEncryption +Key_Encryption_ID rsaEncryption +*/ + +typedef struct PKCS7_CTX_st { + OSSL_LIB_CTX *libctx; + char *propq; +} PKCS7_CTX; + +typedef struct pkcs7_issuer_and_serial_st { + X509_NAME *issuer; + ASN1_INTEGER *serial; +} PKCS7_ISSUER_AND_SERIAL; + +typedef struct pkcs7_signer_info_st { + ASN1_INTEGER *version; /* version 1 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *digest_alg; + STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ + X509_ALGOR *digest_enc_alg; /* confusing name, actually used for signing */ + ASN1_OCTET_STRING *enc_digest; /* confusing name, actually signature */ + STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ + /* The private key to sign with */ + EVP_PKEY *pkey; + const PKCS7_CTX *ctx; +} PKCS7_SIGNER_INFO; +SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO) +#define sk_PKCS7_SIGNER_INFO_num(sk) OPENSSL_sk_num(ossl_check_const_PKCS7_SIGNER_INFO_sk_type(sk)) +#define sk_PKCS7_SIGNER_INFO_value(sk, idx) ((PKCS7_SIGNER_INFO *)OPENSSL_sk_value(ossl_check_const_PKCS7_SIGNER_INFO_sk_type(sk), (idx))) +#define sk_PKCS7_SIGNER_INFO_new(cmp) ((STACK_OF(PKCS7_SIGNER_INFO) *)OPENSSL_sk_new(ossl_check_PKCS7_SIGNER_INFO_compfunc_type(cmp))) +#define sk_PKCS7_SIGNER_INFO_new_null() ((STACK_OF(PKCS7_SIGNER_INFO) *)OPENSSL_sk_new_null()) +#define sk_PKCS7_SIGNER_INFO_new_reserve(cmp, n) ((STACK_OF(PKCS7_SIGNER_INFO) *)OPENSSL_sk_new_reserve(ossl_check_PKCS7_SIGNER_INFO_compfunc_type(cmp), (n))) +#define sk_PKCS7_SIGNER_INFO_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_PKCS7_SIGNER_INFO_sk_type(sk), (n)) +#define sk_PKCS7_SIGNER_INFO_free(sk) OPENSSL_sk_free(ossl_check_PKCS7_SIGNER_INFO_sk_type(sk)) +#define sk_PKCS7_SIGNER_INFO_zero(sk) OPENSSL_sk_zero(ossl_check_PKCS7_SIGNER_INFO_sk_type(sk)) +#define sk_PKCS7_SIGNER_INFO_delete(sk, i) ((PKCS7_SIGNER_INFO *)OPENSSL_sk_delete(ossl_check_PKCS7_SIGNER_INFO_sk_type(sk), (i))) +#define sk_PKCS7_SIGNER_INFO_delete_ptr(sk, ptr) ((PKCS7_SIGNER_INFO *)OPENSSL_sk_delete_ptr(ossl_check_PKCS7_SIGNER_INFO_sk_type(sk), ossl_check_PKCS7_SIGNER_INFO_type(ptr))) +#define sk_PKCS7_SIGNER_INFO_push(sk, ptr) OPENSSL_sk_push(ossl_check_PKCS7_SIGNER_INFO_sk_type(sk), ossl_check_PKCS7_SIGNER_INFO_type(ptr)) +#define sk_PKCS7_SIGNER_INFO_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_PKCS7_SIGNER_INFO_sk_type(sk), ossl_check_PKCS7_SIGNER_INFO_type(ptr)) +#define sk_PKCS7_SIGNER_INFO_pop(sk) ((PKCS7_SIGNER_INFO *)OPENSSL_sk_pop(ossl_check_PKCS7_SIGNER_INFO_sk_type(sk))) +#define sk_PKCS7_SIGNER_INFO_shift(sk) ((PKCS7_SIGNER_INFO *)OPENSSL_sk_shift(ossl_check_PKCS7_SIGNER_INFO_sk_type(sk))) +#define sk_PKCS7_SIGNER_INFO_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_PKCS7_SIGNER_INFO_sk_type(sk),ossl_check_PKCS7_SIGNER_INFO_freefunc_type(freefunc)) +#define sk_PKCS7_SIGNER_INFO_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_PKCS7_SIGNER_INFO_sk_type(sk), ossl_check_PKCS7_SIGNER_INFO_type(ptr), (idx)) +#define sk_PKCS7_SIGNER_INFO_set(sk, idx, ptr) ((PKCS7_SIGNER_INFO *)OPENSSL_sk_set(ossl_check_PKCS7_SIGNER_INFO_sk_type(sk), (idx), ossl_check_PKCS7_SIGNER_INFO_type(ptr))) +#define sk_PKCS7_SIGNER_INFO_find(sk, ptr) OPENSSL_sk_find(ossl_check_PKCS7_SIGNER_INFO_sk_type(sk), ossl_check_PKCS7_SIGNER_INFO_type(ptr)) +#define sk_PKCS7_SIGNER_INFO_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_PKCS7_SIGNER_INFO_sk_type(sk), ossl_check_PKCS7_SIGNER_INFO_type(ptr)) +#define sk_PKCS7_SIGNER_INFO_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_PKCS7_SIGNER_INFO_sk_type(sk), ossl_check_PKCS7_SIGNER_INFO_type(ptr), pnum) +#define sk_PKCS7_SIGNER_INFO_sort(sk) OPENSSL_sk_sort(ossl_check_PKCS7_SIGNER_INFO_sk_type(sk)) +#define sk_PKCS7_SIGNER_INFO_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_PKCS7_SIGNER_INFO_sk_type(sk)) +#define sk_PKCS7_SIGNER_INFO_dup(sk) ((STACK_OF(PKCS7_SIGNER_INFO) *)OPENSSL_sk_dup(ossl_check_const_PKCS7_SIGNER_INFO_sk_type(sk))) +#define sk_PKCS7_SIGNER_INFO_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(PKCS7_SIGNER_INFO) *)OPENSSL_sk_deep_copy(ossl_check_const_PKCS7_SIGNER_INFO_sk_type(sk), ossl_check_PKCS7_SIGNER_INFO_copyfunc_type(copyfunc), ossl_check_PKCS7_SIGNER_INFO_freefunc_type(freefunc))) +#define sk_PKCS7_SIGNER_INFO_set_cmp_func(sk, cmp) ((sk_PKCS7_SIGNER_INFO_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_PKCS7_SIGNER_INFO_sk_type(sk), ossl_check_PKCS7_SIGNER_INFO_compfunc_type(cmp))) + + +typedef struct pkcs7_recip_info_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *key_enc_algor; + ASN1_OCTET_STRING *enc_key; + X509 *cert; /* get the pub-key from this */ + const PKCS7_CTX *ctx; +} PKCS7_RECIP_INFO; +SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INFO) +#define sk_PKCS7_RECIP_INFO_num(sk) OPENSSL_sk_num(ossl_check_const_PKCS7_RECIP_INFO_sk_type(sk)) +#define sk_PKCS7_RECIP_INFO_value(sk, idx) ((PKCS7_RECIP_INFO *)OPENSSL_sk_value(ossl_check_const_PKCS7_RECIP_INFO_sk_type(sk), (idx))) +#define sk_PKCS7_RECIP_INFO_new(cmp) ((STACK_OF(PKCS7_RECIP_INFO) *)OPENSSL_sk_new(ossl_check_PKCS7_RECIP_INFO_compfunc_type(cmp))) +#define sk_PKCS7_RECIP_INFO_new_null() ((STACK_OF(PKCS7_RECIP_INFO) *)OPENSSL_sk_new_null()) +#define sk_PKCS7_RECIP_INFO_new_reserve(cmp, n) ((STACK_OF(PKCS7_RECIP_INFO) *)OPENSSL_sk_new_reserve(ossl_check_PKCS7_RECIP_INFO_compfunc_type(cmp), (n))) +#define sk_PKCS7_RECIP_INFO_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_PKCS7_RECIP_INFO_sk_type(sk), (n)) +#define sk_PKCS7_RECIP_INFO_free(sk) OPENSSL_sk_free(ossl_check_PKCS7_RECIP_INFO_sk_type(sk)) +#define sk_PKCS7_RECIP_INFO_zero(sk) OPENSSL_sk_zero(ossl_check_PKCS7_RECIP_INFO_sk_type(sk)) +#define sk_PKCS7_RECIP_INFO_delete(sk, i) ((PKCS7_RECIP_INFO *)OPENSSL_sk_delete(ossl_check_PKCS7_RECIP_INFO_sk_type(sk), (i))) +#define sk_PKCS7_RECIP_INFO_delete_ptr(sk, ptr) ((PKCS7_RECIP_INFO *)OPENSSL_sk_delete_ptr(ossl_check_PKCS7_RECIP_INFO_sk_type(sk), ossl_check_PKCS7_RECIP_INFO_type(ptr))) +#define sk_PKCS7_RECIP_INFO_push(sk, ptr) OPENSSL_sk_push(ossl_check_PKCS7_RECIP_INFO_sk_type(sk), ossl_check_PKCS7_RECIP_INFO_type(ptr)) +#define sk_PKCS7_RECIP_INFO_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_PKCS7_RECIP_INFO_sk_type(sk), ossl_check_PKCS7_RECIP_INFO_type(ptr)) +#define sk_PKCS7_RECIP_INFO_pop(sk) ((PKCS7_RECIP_INFO *)OPENSSL_sk_pop(ossl_check_PKCS7_RECIP_INFO_sk_type(sk))) +#define sk_PKCS7_RECIP_INFO_shift(sk) ((PKCS7_RECIP_INFO *)OPENSSL_sk_shift(ossl_check_PKCS7_RECIP_INFO_sk_type(sk))) +#define sk_PKCS7_RECIP_INFO_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_PKCS7_RECIP_INFO_sk_type(sk),ossl_check_PKCS7_RECIP_INFO_freefunc_type(freefunc)) +#define sk_PKCS7_RECIP_INFO_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_PKCS7_RECIP_INFO_sk_type(sk), ossl_check_PKCS7_RECIP_INFO_type(ptr), (idx)) +#define sk_PKCS7_RECIP_INFO_set(sk, idx, ptr) ((PKCS7_RECIP_INFO *)OPENSSL_sk_set(ossl_check_PKCS7_RECIP_INFO_sk_type(sk), (idx), ossl_check_PKCS7_RECIP_INFO_type(ptr))) +#define sk_PKCS7_RECIP_INFO_find(sk, ptr) OPENSSL_sk_find(ossl_check_PKCS7_RECIP_INFO_sk_type(sk), ossl_check_PKCS7_RECIP_INFO_type(ptr)) +#define sk_PKCS7_RECIP_INFO_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_PKCS7_RECIP_INFO_sk_type(sk), ossl_check_PKCS7_RECIP_INFO_type(ptr)) +#define sk_PKCS7_RECIP_INFO_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_PKCS7_RECIP_INFO_sk_type(sk), ossl_check_PKCS7_RECIP_INFO_type(ptr), pnum) +#define sk_PKCS7_RECIP_INFO_sort(sk) OPENSSL_sk_sort(ossl_check_PKCS7_RECIP_INFO_sk_type(sk)) +#define sk_PKCS7_RECIP_INFO_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_PKCS7_RECIP_INFO_sk_type(sk)) +#define sk_PKCS7_RECIP_INFO_dup(sk) ((STACK_OF(PKCS7_RECIP_INFO) *)OPENSSL_sk_dup(ossl_check_const_PKCS7_RECIP_INFO_sk_type(sk))) +#define sk_PKCS7_RECIP_INFO_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(PKCS7_RECIP_INFO) *)OPENSSL_sk_deep_copy(ossl_check_const_PKCS7_RECIP_INFO_sk_type(sk), ossl_check_PKCS7_RECIP_INFO_copyfunc_type(copyfunc), ossl_check_PKCS7_RECIP_INFO_freefunc_type(freefunc))) +#define sk_PKCS7_RECIP_INFO_set_cmp_func(sk, cmp) ((sk_PKCS7_RECIP_INFO_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_PKCS7_RECIP_INFO_sk_type(sk), ossl_check_PKCS7_RECIP_INFO_compfunc_type(cmp))) + + + +typedef struct pkcs7_signed_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ /* name should be 'certificates' */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ /* name should be 'crls' */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + struct pkcs7_st *contents; +} PKCS7_SIGNED; +/* + * The above structure is very very similar to PKCS7_SIGN_ENVELOPE. How about + * merging the two + */ + +typedef struct pkcs7_enc_content_st { + ASN1_OBJECT *content_type; + X509_ALGOR *algorithm; + ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ + const EVP_CIPHER *cipher; + const PKCS7_CTX *ctx; +} PKCS7_ENC_CONTENT; + +typedef struct pkcs7_enveloped_st { + ASN1_INTEGER *version; /* version 0 */ + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENVELOPE; + +typedef struct pkcs7_signedandenveloped_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ /* name should be 'certificates' */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ /* name should be 'crls' */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + PKCS7_ENC_CONTENT *enc_data; + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; +} PKCS7_SIGN_ENVELOPE; + +typedef struct pkcs7_digest_st { + ASN1_INTEGER *version; /* version 0 */ + X509_ALGOR *md; /* md used */ + struct pkcs7_st *contents; + ASN1_OCTET_STRING *digest; +} PKCS7_DIGEST; + +typedef struct pkcs7_encrypted_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENCRYPT; + +typedef struct pkcs7_st { + /* + * The following is non NULL if it contains ASN1 encoding of this + * structure + */ + unsigned char *asn1; + long length; +# define PKCS7_S_HEADER 0 +# define PKCS7_S_BODY 1 +# define PKCS7_S_TAIL 2 + int state; /* used during processing */ + int detached; + ASN1_OBJECT *type; + /* content as defined by the type */ + /* + * all encryption/message digests are applied to the 'contents', leaving + * out the 'type' field. + */ + union { + char *ptr; + /* NID_pkcs7_data */ + ASN1_OCTET_STRING *data; + /* NID_pkcs7_signed */ + PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */ + /* NID_pkcs7_enveloped */ + PKCS7_ENVELOPE *enveloped; + /* NID_pkcs7_signedAndEnveloped */ + PKCS7_SIGN_ENVELOPE *signed_and_enveloped; + /* NID_pkcs7_digest */ + PKCS7_DIGEST *digest; + /* NID_pkcs7_encrypted */ + PKCS7_ENCRYPT *encrypted; + /* Anything else */ + ASN1_TYPE *other; + } d; + PKCS7_CTX ctx; +} PKCS7; +SKM_DEFINE_STACK_OF_INTERNAL(PKCS7, PKCS7, PKCS7) +#define sk_PKCS7_num(sk) OPENSSL_sk_num(ossl_check_const_PKCS7_sk_type(sk)) +#define sk_PKCS7_value(sk, idx) ((PKCS7 *)OPENSSL_sk_value(ossl_check_const_PKCS7_sk_type(sk), (idx))) +#define sk_PKCS7_new(cmp) ((STACK_OF(PKCS7) *)OPENSSL_sk_new(ossl_check_PKCS7_compfunc_type(cmp))) +#define sk_PKCS7_new_null() ((STACK_OF(PKCS7) *)OPENSSL_sk_new_null()) +#define sk_PKCS7_new_reserve(cmp, n) ((STACK_OF(PKCS7) *)OPENSSL_sk_new_reserve(ossl_check_PKCS7_compfunc_type(cmp), (n))) +#define sk_PKCS7_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_PKCS7_sk_type(sk), (n)) +#define sk_PKCS7_free(sk) OPENSSL_sk_free(ossl_check_PKCS7_sk_type(sk)) +#define sk_PKCS7_zero(sk) OPENSSL_sk_zero(ossl_check_PKCS7_sk_type(sk)) +#define sk_PKCS7_delete(sk, i) ((PKCS7 *)OPENSSL_sk_delete(ossl_check_PKCS7_sk_type(sk), (i))) +#define sk_PKCS7_delete_ptr(sk, ptr) ((PKCS7 *)OPENSSL_sk_delete_ptr(ossl_check_PKCS7_sk_type(sk), ossl_check_PKCS7_type(ptr))) +#define sk_PKCS7_push(sk, ptr) OPENSSL_sk_push(ossl_check_PKCS7_sk_type(sk), ossl_check_PKCS7_type(ptr)) +#define sk_PKCS7_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_PKCS7_sk_type(sk), ossl_check_PKCS7_type(ptr)) +#define sk_PKCS7_pop(sk) ((PKCS7 *)OPENSSL_sk_pop(ossl_check_PKCS7_sk_type(sk))) +#define sk_PKCS7_shift(sk) ((PKCS7 *)OPENSSL_sk_shift(ossl_check_PKCS7_sk_type(sk))) +#define sk_PKCS7_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_PKCS7_sk_type(sk),ossl_check_PKCS7_freefunc_type(freefunc)) +#define sk_PKCS7_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_PKCS7_sk_type(sk), ossl_check_PKCS7_type(ptr), (idx)) +#define sk_PKCS7_set(sk, idx, ptr) ((PKCS7 *)OPENSSL_sk_set(ossl_check_PKCS7_sk_type(sk), (idx), ossl_check_PKCS7_type(ptr))) +#define sk_PKCS7_find(sk, ptr) OPENSSL_sk_find(ossl_check_PKCS7_sk_type(sk), ossl_check_PKCS7_type(ptr)) +#define sk_PKCS7_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_PKCS7_sk_type(sk), ossl_check_PKCS7_type(ptr)) +#define sk_PKCS7_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_PKCS7_sk_type(sk), ossl_check_PKCS7_type(ptr), pnum) +#define sk_PKCS7_sort(sk) OPENSSL_sk_sort(ossl_check_PKCS7_sk_type(sk)) +#define sk_PKCS7_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_PKCS7_sk_type(sk)) +#define sk_PKCS7_dup(sk) ((STACK_OF(PKCS7) *)OPENSSL_sk_dup(ossl_check_const_PKCS7_sk_type(sk))) +#define sk_PKCS7_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(PKCS7) *)OPENSSL_sk_deep_copy(ossl_check_const_PKCS7_sk_type(sk), ossl_check_PKCS7_copyfunc_type(copyfunc), ossl_check_PKCS7_freefunc_type(freefunc))) +#define sk_PKCS7_set_cmp_func(sk, cmp) ((sk_PKCS7_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_PKCS7_sk_type(sk), ossl_check_PKCS7_compfunc_type(cmp))) + + + +# define PKCS7_OP_SET_DETACHED_SIGNATURE 1 +# define PKCS7_OP_GET_DETACHED_SIGNATURE 2 + +# define PKCS7_get_signed_attributes(si) ((si)->auth_attr) +# define PKCS7_get_attributes(si) ((si)->unauth_attr) + +# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) +# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) +# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) +# define PKCS7_type_is_signedAndEnveloped(a) \ + (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) +# define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +# define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) + +# define PKCS7_set_detached(p,v) \ + PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) +# define PKCS7_get_detached(p) \ + PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) + +# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) + +/* S/MIME related flags */ + +# define PKCS7_TEXT 0x1 +# define PKCS7_NOCERTS 0x2 +# define PKCS7_NOSIGS 0x4 +# define PKCS7_NOCHAIN 0x8 +# define PKCS7_NOINTERN 0x10 +# define PKCS7_NOVERIFY 0x20 +# define PKCS7_DETACHED 0x40 +# define PKCS7_BINARY 0x80 +# define PKCS7_NOATTR 0x100 +# define PKCS7_NOSMIMECAP 0x200 +# define PKCS7_NOOLDMIMETYPE 0x400 +# define PKCS7_CRLFEOL 0x800 +# define PKCS7_STREAM 0x1000 +# define PKCS7_NOCRL 0x2000 +# define PKCS7_PARTIAL 0x4000 +# define PKCS7_REUSE_DIGEST 0x8000 +# define PKCS7_NO_DUAL_CONTENT 0x10000 + +/* Flags: for compatibility with older code */ + +# define SMIME_TEXT PKCS7_TEXT +# define SMIME_NOCERTS PKCS7_NOCERTS +# define SMIME_NOSIGS PKCS7_NOSIGS +# define SMIME_NOCHAIN PKCS7_NOCHAIN +# define SMIME_NOINTERN PKCS7_NOINTERN +# define SMIME_NOVERIFY PKCS7_NOVERIFY +# define SMIME_DETACHED PKCS7_DETACHED +# define SMIME_BINARY PKCS7_BINARY +# define SMIME_NOATTR PKCS7_NOATTR + +/* CRLF ASCII canonicalisation */ +# define SMIME_ASCIICRLF 0x80000 + +DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) + +int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, + const EVP_MD *type, unsigned char *md, + unsigned int *len); +# ifndef OPENSSL_NO_STDIO +PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); +int i2d_PKCS7_fp(FILE *fp, const PKCS7 *p7); +# endif +DECLARE_ASN1_DUP_FUNCTION(PKCS7) +PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); +int i2d_PKCS7_bio(BIO *bp, const PKCS7 *p7); +int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); +int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); + +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) +DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE) +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) +DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT) +DECLARE_ASN1_FUNCTIONS(PKCS7) +PKCS7 *PKCS7_new_ex(OSSL_LIB_CTX *libctx, const char *propq); + +DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) +DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) + +DECLARE_ASN1_NDEF_FUNCTION(PKCS7) +DECLARE_ASN1_PRINT_FUNCTION(PKCS7) + +long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); + +int PKCS7_type_is_other(PKCS7 *p7); +int PKCS7_set_type(PKCS7 *p7, int type); +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); +int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); +int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, + const EVP_MD *dgst); +int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); +int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); +int PKCS7_add_certificate(PKCS7 *p7, X509 *cert); +int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl); +int PKCS7_content_new(PKCS7 *p7, int nid); +int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, + BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, + X509 *signer); + +BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); +int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); +BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); + +PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, + EVP_PKEY *pkey, const EVP_MD *dgst); +X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); +STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); + +PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); +void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, + X509_ALGOR **pdig, X509_ALGOR **psig); +void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc); +int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); +int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); +int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); +int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7); + +PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); +ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7); +ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type, + void *data); +int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, + void *value); +ASN1_TYPE *PKCS7_get_attribute(const PKCS7_SIGNER_INFO *si, int nid); +ASN1_TYPE *PKCS7_get_signed_attribute(const PKCS7_SIGNER_INFO *si, int nid); +int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk); + +PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, int flags); +PKCS7 *PKCS7_sign_ex(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, int flags, OSSL_LIB_CTX *libctx, + const char *propq); + +PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, + X509 *signcert, EVP_PKEY *pkey, + const EVP_MD *md, int flags); + +int PKCS7_final(PKCS7 *p7, BIO *data, int flags); +int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + BIO *indata, BIO *out, int flags); +STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, + int flags); +PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, + int flags); +PKCS7 *PKCS7_encrypt_ex(STACK_OF(X509) *certs, BIO *in, + const EVP_CIPHER *cipher, int flags, + OSSL_LIB_CTX *libctx, const char *propq); +int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, + int flags); + +int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, + STACK_OF(X509_ALGOR) *cap); +STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); +int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); + +int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid); +int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t); +int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, + const unsigned char *md, int mdlen); + +int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); +PKCS7 *SMIME_read_PKCS7_ex(BIO *bio, BIO **bcont, PKCS7 **p7); +PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); + +BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/safestack.h b/contrib/openssl-cmake/common/include/openssl/safestack.h new file mode 100644 index 000000000000..0499700b5625 --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/safestack.h @@ -0,0 +1,297 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/safestack.h.in + * + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + + +#ifndef OPENSSL_SAFESTACK_H +# define OPENSSL_SAFESTACK_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SAFESTACK_H +# endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define STACK_OF(type) struct stack_st_##type + +/* Helper macro for internal use */ +# define SKM_DEFINE_STACK_OF_INTERNAL(t1, t2, t3) \ + STACK_OF(t1); \ + typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \ + typedef void (*sk_##t1##_freefunc)(t3 *a); \ + typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \ + static ossl_unused ossl_inline t2 *ossl_check_##t1##_type(t2 *ptr) \ + { \ + return ptr; \ + } \ + static ossl_unused ossl_inline const OPENSSL_STACK *ossl_check_const_##t1##_sk_type(const STACK_OF(t1) *sk) \ + { \ + return (const OPENSSL_STACK *)sk; \ + } \ + static ossl_unused ossl_inline OPENSSL_STACK *ossl_check_##t1##_sk_type(STACK_OF(t1) *sk) \ + { \ + return (OPENSSL_STACK *)sk; \ + } \ + static ossl_unused ossl_inline OPENSSL_sk_compfunc ossl_check_##t1##_compfunc_type(sk_##t1##_compfunc cmp) \ + { \ + return (OPENSSL_sk_compfunc)cmp; \ + } \ + static ossl_unused ossl_inline OPENSSL_sk_copyfunc ossl_check_##t1##_copyfunc_type(sk_##t1##_copyfunc cpy) \ + { \ + return (OPENSSL_sk_copyfunc)cpy; \ + } \ + static ossl_unused ossl_inline OPENSSL_sk_freefunc ossl_check_##t1##_freefunc_type(sk_##t1##_freefunc fr) \ + { \ + return (OPENSSL_sk_freefunc)fr; \ + } + +# define SKM_DEFINE_STACK_OF(t1, t2, t3) \ + STACK_OF(t1); \ + typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \ + typedef void (*sk_##t1##_freefunc)(t3 *a); \ + typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \ + static ossl_unused ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \ + { \ + return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \ + { \ + return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new((OPENSSL_sk_compfunc)compare); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_reserve(sk_##t1##_compfunc compare, int n) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_reserve((OPENSSL_sk_compfunc)compare, n); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_reserve(STACK_OF(t1) *sk, int n) \ + { \ + return OPENSSL_sk_reserve((OPENSSL_STACK *)sk, n); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_free((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_zero((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \ + { \ + return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \ + (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \ + { \ + return (t2 *)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \ + { \ + return (t2 *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \ + { \ + OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \ + { \ + return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (const void *)ptr, idx); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \ + { \ + return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find_all(STACK_OF(t1) *sk, t2 *ptr, int *pnum) \ + { \ + return OPENSSL_sk_find_all((OPENSSL_STACK *)sk, (const void *)ptr, pnum); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_sort((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \ + { \ + return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) * sk_##t1##_dup(const STACK_OF(t1) *sk) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \ + sk_##t1##_copyfunc copyfunc, \ + sk_##t1##_freefunc freefunc) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_deep_copy((const OPENSSL_STACK *)sk, \ + (OPENSSL_sk_copyfunc)copyfunc, \ + (OPENSSL_sk_freefunc)freefunc); \ + } \ + static ossl_unused ossl_inline sk_##t1##_compfunc sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, sk_##t1##_compfunc compare) \ + { \ + return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \ + } + +# define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) +# define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t) +# define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2) +# define DEFINE_SPECIAL_STACK_OF_CONST(t1, t2) \ + SKM_DEFINE_STACK_OF(t1, const t2, t2) + +/*- + * Strings are special: normally an lhash entry will point to a single + * (somewhat) mutable object. In the case of strings: + * + * a) Instead of a single char, there is an array of chars, NUL-terminated. + * b) The string may have be immutable. + * + * So, they need their own declarations. Especially important for + * type-checking tools, such as Deputy. + * + * In practice, however, it appears to be hard to have a const + * string. For now, I'm settling for dealing with the fact it is a + * string at all. + */ +typedef char *OPENSSL_STRING; +typedef const char *OPENSSL_CSTRING; + +/*- + * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but + * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned + * above, instead of a single char each entry is a NUL-terminated array of + * chars. So, we have to implement STRING specially for STACK_OF. This is + * dealt with in the autogenerated macros below. + */ +SKM_DEFINE_STACK_OF_INTERNAL(OPENSSL_STRING, char, char) +#define sk_OPENSSL_STRING_num(sk) OPENSSL_sk_num(ossl_check_const_OPENSSL_STRING_sk_type(sk)) +#define sk_OPENSSL_STRING_value(sk, idx) ((char *)OPENSSL_sk_value(ossl_check_const_OPENSSL_STRING_sk_type(sk), (idx))) +#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)OPENSSL_sk_new(ossl_check_OPENSSL_STRING_compfunc_type(cmp))) +#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)OPENSSL_sk_new_null()) +#define sk_OPENSSL_STRING_new_reserve(cmp, n) ((STACK_OF(OPENSSL_STRING) *)OPENSSL_sk_new_reserve(ossl_check_OPENSSL_STRING_compfunc_type(cmp), (n))) +#define sk_OPENSSL_STRING_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OPENSSL_STRING_sk_type(sk), (n)) +#define sk_OPENSSL_STRING_free(sk) OPENSSL_sk_free(ossl_check_OPENSSL_STRING_sk_type(sk)) +#define sk_OPENSSL_STRING_zero(sk) OPENSSL_sk_zero(ossl_check_OPENSSL_STRING_sk_type(sk)) +#define sk_OPENSSL_STRING_delete(sk, i) ((char *)OPENSSL_sk_delete(ossl_check_OPENSSL_STRING_sk_type(sk), (i))) +#define sk_OPENSSL_STRING_delete_ptr(sk, ptr) ((char *)OPENSSL_sk_delete_ptr(ossl_check_OPENSSL_STRING_sk_type(sk), ossl_check_OPENSSL_STRING_type(ptr))) +#define sk_OPENSSL_STRING_push(sk, ptr) OPENSSL_sk_push(ossl_check_OPENSSL_STRING_sk_type(sk), ossl_check_OPENSSL_STRING_type(ptr)) +#define sk_OPENSSL_STRING_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OPENSSL_STRING_sk_type(sk), ossl_check_OPENSSL_STRING_type(ptr)) +#define sk_OPENSSL_STRING_pop(sk) ((char *)OPENSSL_sk_pop(ossl_check_OPENSSL_STRING_sk_type(sk))) +#define sk_OPENSSL_STRING_shift(sk) ((char *)OPENSSL_sk_shift(ossl_check_OPENSSL_STRING_sk_type(sk))) +#define sk_OPENSSL_STRING_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OPENSSL_STRING_sk_type(sk),ossl_check_OPENSSL_STRING_freefunc_type(freefunc)) +#define sk_OPENSSL_STRING_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OPENSSL_STRING_sk_type(sk), ossl_check_OPENSSL_STRING_type(ptr), (idx)) +#define sk_OPENSSL_STRING_set(sk, idx, ptr) ((char *)OPENSSL_sk_set(ossl_check_OPENSSL_STRING_sk_type(sk), (idx), ossl_check_OPENSSL_STRING_type(ptr))) +#define sk_OPENSSL_STRING_find(sk, ptr) OPENSSL_sk_find(ossl_check_OPENSSL_STRING_sk_type(sk), ossl_check_OPENSSL_STRING_type(ptr)) +#define sk_OPENSSL_STRING_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OPENSSL_STRING_sk_type(sk), ossl_check_OPENSSL_STRING_type(ptr)) +#define sk_OPENSSL_STRING_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OPENSSL_STRING_sk_type(sk), ossl_check_OPENSSL_STRING_type(ptr), pnum) +#define sk_OPENSSL_STRING_sort(sk) OPENSSL_sk_sort(ossl_check_OPENSSL_STRING_sk_type(sk)) +#define sk_OPENSSL_STRING_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OPENSSL_STRING_sk_type(sk)) +#define sk_OPENSSL_STRING_dup(sk) ((STACK_OF(OPENSSL_STRING) *)OPENSSL_sk_dup(ossl_check_const_OPENSSL_STRING_sk_type(sk))) +#define sk_OPENSSL_STRING_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OPENSSL_STRING) *)OPENSSL_sk_deep_copy(ossl_check_const_OPENSSL_STRING_sk_type(sk), ossl_check_OPENSSL_STRING_copyfunc_type(copyfunc), ossl_check_OPENSSL_STRING_freefunc_type(freefunc))) +#define sk_OPENSSL_STRING_set_cmp_func(sk, cmp) ((sk_OPENSSL_STRING_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OPENSSL_STRING_sk_type(sk), ossl_check_OPENSSL_STRING_compfunc_type(cmp))) +SKM_DEFINE_STACK_OF_INTERNAL(OPENSSL_CSTRING, const char, char) +#define sk_OPENSSL_CSTRING_num(sk) OPENSSL_sk_num(ossl_check_const_OPENSSL_CSTRING_sk_type(sk)) +#define sk_OPENSSL_CSTRING_value(sk, idx) ((const char *)OPENSSL_sk_value(ossl_check_const_OPENSSL_CSTRING_sk_type(sk), (idx))) +#define sk_OPENSSL_CSTRING_new(cmp) ((STACK_OF(OPENSSL_CSTRING) *)OPENSSL_sk_new(ossl_check_OPENSSL_CSTRING_compfunc_type(cmp))) +#define sk_OPENSSL_CSTRING_new_null() ((STACK_OF(OPENSSL_CSTRING) *)OPENSSL_sk_new_null()) +#define sk_OPENSSL_CSTRING_new_reserve(cmp, n) ((STACK_OF(OPENSSL_CSTRING) *)OPENSSL_sk_new_reserve(ossl_check_OPENSSL_CSTRING_compfunc_type(cmp), (n))) +#define sk_OPENSSL_CSTRING_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OPENSSL_CSTRING_sk_type(sk), (n)) +#define sk_OPENSSL_CSTRING_free(sk) OPENSSL_sk_free(ossl_check_OPENSSL_CSTRING_sk_type(sk)) +#define sk_OPENSSL_CSTRING_zero(sk) OPENSSL_sk_zero(ossl_check_OPENSSL_CSTRING_sk_type(sk)) +#define sk_OPENSSL_CSTRING_delete(sk, i) ((const char *)OPENSSL_sk_delete(ossl_check_OPENSSL_CSTRING_sk_type(sk), (i))) +#define sk_OPENSSL_CSTRING_delete_ptr(sk, ptr) ((const char *)OPENSSL_sk_delete_ptr(ossl_check_OPENSSL_CSTRING_sk_type(sk), ossl_check_OPENSSL_CSTRING_type(ptr))) +#define sk_OPENSSL_CSTRING_push(sk, ptr) OPENSSL_sk_push(ossl_check_OPENSSL_CSTRING_sk_type(sk), ossl_check_OPENSSL_CSTRING_type(ptr)) +#define sk_OPENSSL_CSTRING_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OPENSSL_CSTRING_sk_type(sk), ossl_check_OPENSSL_CSTRING_type(ptr)) +#define sk_OPENSSL_CSTRING_pop(sk) ((const char *)OPENSSL_sk_pop(ossl_check_OPENSSL_CSTRING_sk_type(sk))) +#define sk_OPENSSL_CSTRING_shift(sk) ((const char *)OPENSSL_sk_shift(ossl_check_OPENSSL_CSTRING_sk_type(sk))) +#define sk_OPENSSL_CSTRING_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OPENSSL_CSTRING_sk_type(sk),ossl_check_OPENSSL_CSTRING_freefunc_type(freefunc)) +#define sk_OPENSSL_CSTRING_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OPENSSL_CSTRING_sk_type(sk), ossl_check_OPENSSL_CSTRING_type(ptr), (idx)) +#define sk_OPENSSL_CSTRING_set(sk, idx, ptr) ((const char *)OPENSSL_sk_set(ossl_check_OPENSSL_CSTRING_sk_type(sk), (idx), ossl_check_OPENSSL_CSTRING_type(ptr))) +#define sk_OPENSSL_CSTRING_find(sk, ptr) OPENSSL_sk_find(ossl_check_OPENSSL_CSTRING_sk_type(sk), ossl_check_OPENSSL_CSTRING_type(ptr)) +#define sk_OPENSSL_CSTRING_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OPENSSL_CSTRING_sk_type(sk), ossl_check_OPENSSL_CSTRING_type(ptr)) +#define sk_OPENSSL_CSTRING_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OPENSSL_CSTRING_sk_type(sk), ossl_check_OPENSSL_CSTRING_type(ptr), pnum) +#define sk_OPENSSL_CSTRING_sort(sk) OPENSSL_sk_sort(ossl_check_OPENSSL_CSTRING_sk_type(sk)) +#define sk_OPENSSL_CSTRING_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OPENSSL_CSTRING_sk_type(sk)) +#define sk_OPENSSL_CSTRING_dup(sk) ((STACK_OF(OPENSSL_CSTRING) *)OPENSSL_sk_dup(ossl_check_const_OPENSSL_CSTRING_sk_type(sk))) +#define sk_OPENSSL_CSTRING_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OPENSSL_CSTRING) *)OPENSSL_sk_deep_copy(ossl_check_const_OPENSSL_CSTRING_sk_type(sk), ossl_check_OPENSSL_CSTRING_copyfunc_type(copyfunc), ossl_check_OPENSSL_CSTRING_freefunc_type(freefunc))) +#define sk_OPENSSL_CSTRING_set_cmp_func(sk, cmp) ((sk_OPENSSL_CSTRING_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OPENSSL_CSTRING_sk_type(sk), ossl_check_OPENSSL_CSTRING_compfunc_type(cmp))) + + +#if !defined(OPENSSL_NO_DEPRECATED_3_0) +/* + * This is not used by OpenSSL. A block of bytes, NOT nul-terminated. + * These should also be distinguished from "normal" stacks. + */ +typedef void *OPENSSL_BLOCK; +SKM_DEFINE_STACK_OF_INTERNAL(OPENSSL_BLOCK, void, void) +#define sk_OPENSSL_BLOCK_num(sk) OPENSSL_sk_num(ossl_check_const_OPENSSL_BLOCK_sk_type(sk)) +#define sk_OPENSSL_BLOCK_value(sk, idx) ((void *)OPENSSL_sk_value(ossl_check_const_OPENSSL_BLOCK_sk_type(sk), (idx))) +#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)OPENSSL_sk_new(ossl_check_OPENSSL_BLOCK_compfunc_type(cmp))) +#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)OPENSSL_sk_new_null()) +#define sk_OPENSSL_BLOCK_new_reserve(cmp, n) ((STACK_OF(OPENSSL_BLOCK) *)OPENSSL_sk_new_reserve(ossl_check_OPENSSL_BLOCK_compfunc_type(cmp), (n))) +#define sk_OPENSSL_BLOCK_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OPENSSL_BLOCK_sk_type(sk), (n)) +#define sk_OPENSSL_BLOCK_free(sk) OPENSSL_sk_free(ossl_check_OPENSSL_BLOCK_sk_type(sk)) +#define sk_OPENSSL_BLOCK_zero(sk) OPENSSL_sk_zero(ossl_check_OPENSSL_BLOCK_sk_type(sk)) +#define sk_OPENSSL_BLOCK_delete(sk, i) ((void *)OPENSSL_sk_delete(ossl_check_OPENSSL_BLOCK_sk_type(sk), (i))) +#define sk_OPENSSL_BLOCK_delete_ptr(sk, ptr) ((void *)OPENSSL_sk_delete_ptr(ossl_check_OPENSSL_BLOCK_sk_type(sk), ossl_check_OPENSSL_BLOCK_type(ptr))) +#define sk_OPENSSL_BLOCK_push(sk, ptr) OPENSSL_sk_push(ossl_check_OPENSSL_BLOCK_sk_type(sk), ossl_check_OPENSSL_BLOCK_type(ptr)) +#define sk_OPENSSL_BLOCK_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OPENSSL_BLOCK_sk_type(sk), ossl_check_OPENSSL_BLOCK_type(ptr)) +#define sk_OPENSSL_BLOCK_pop(sk) ((void *)OPENSSL_sk_pop(ossl_check_OPENSSL_BLOCK_sk_type(sk))) +#define sk_OPENSSL_BLOCK_shift(sk) ((void *)OPENSSL_sk_shift(ossl_check_OPENSSL_BLOCK_sk_type(sk))) +#define sk_OPENSSL_BLOCK_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OPENSSL_BLOCK_sk_type(sk),ossl_check_OPENSSL_BLOCK_freefunc_type(freefunc)) +#define sk_OPENSSL_BLOCK_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OPENSSL_BLOCK_sk_type(sk), ossl_check_OPENSSL_BLOCK_type(ptr), (idx)) +#define sk_OPENSSL_BLOCK_set(sk, idx, ptr) ((void *)OPENSSL_sk_set(ossl_check_OPENSSL_BLOCK_sk_type(sk), (idx), ossl_check_OPENSSL_BLOCK_type(ptr))) +#define sk_OPENSSL_BLOCK_find(sk, ptr) OPENSSL_sk_find(ossl_check_OPENSSL_BLOCK_sk_type(sk), ossl_check_OPENSSL_BLOCK_type(ptr)) +#define sk_OPENSSL_BLOCK_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OPENSSL_BLOCK_sk_type(sk), ossl_check_OPENSSL_BLOCK_type(ptr)) +#define sk_OPENSSL_BLOCK_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OPENSSL_BLOCK_sk_type(sk), ossl_check_OPENSSL_BLOCK_type(ptr), pnum) +#define sk_OPENSSL_BLOCK_sort(sk) OPENSSL_sk_sort(ossl_check_OPENSSL_BLOCK_sk_type(sk)) +#define sk_OPENSSL_BLOCK_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OPENSSL_BLOCK_sk_type(sk)) +#define sk_OPENSSL_BLOCK_dup(sk) ((STACK_OF(OPENSSL_BLOCK) *)OPENSSL_sk_dup(ossl_check_const_OPENSSL_BLOCK_sk_type(sk))) +#define sk_OPENSSL_BLOCK_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OPENSSL_BLOCK) *)OPENSSL_sk_deep_copy(ossl_check_const_OPENSSL_BLOCK_sk_type(sk), ossl_check_OPENSSL_BLOCK_copyfunc_type(copyfunc), ossl_check_OPENSSL_BLOCK_freefunc_type(freefunc))) +#define sk_OPENSSL_BLOCK_set_cmp_func(sk, cmp) ((sk_OPENSSL_BLOCK_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OPENSSL_BLOCK_sk_type(sk), ossl_check_OPENSSL_BLOCK_compfunc_type(cmp))) + +#endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/srp.h b/contrib/openssl-cmake/common/include/openssl/srp.h new file mode 100644 index 000000000000..a48766c6ce8b --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/srp.h @@ -0,0 +1,285 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/srp.h.in + * + * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2004, EdelKey Project. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Christophe Renou and Peter Sylvester, + * for the EdelKey project. + */ + + + +#ifndef OPENSSL_SRP_H +# define OPENSSL_SRP_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SRP_H +# endif + +#include + +#ifndef OPENSSL_NO_SRP +# include +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 + +typedef struct SRP_gN_cache_st { + char *b64_bn; + BIGNUM *bn; +} SRP_gN_cache; +SKM_DEFINE_STACK_OF_INTERNAL(SRP_gN_cache, SRP_gN_cache, SRP_gN_cache) +#define sk_SRP_gN_cache_num(sk) OPENSSL_sk_num(ossl_check_const_SRP_gN_cache_sk_type(sk)) +#define sk_SRP_gN_cache_value(sk, idx) ((SRP_gN_cache *)OPENSSL_sk_value(ossl_check_const_SRP_gN_cache_sk_type(sk), (idx))) +#define sk_SRP_gN_cache_new(cmp) ((STACK_OF(SRP_gN_cache) *)OPENSSL_sk_new(ossl_check_SRP_gN_cache_compfunc_type(cmp))) +#define sk_SRP_gN_cache_new_null() ((STACK_OF(SRP_gN_cache) *)OPENSSL_sk_new_null()) +#define sk_SRP_gN_cache_new_reserve(cmp, n) ((STACK_OF(SRP_gN_cache) *)OPENSSL_sk_new_reserve(ossl_check_SRP_gN_cache_compfunc_type(cmp), (n))) +#define sk_SRP_gN_cache_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_SRP_gN_cache_sk_type(sk), (n)) +#define sk_SRP_gN_cache_free(sk) OPENSSL_sk_free(ossl_check_SRP_gN_cache_sk_type(sk)) +#define sk_SRP_gN_cache_zero(sk) OPENSSL_sk_zero(ossl_check_SRP_gN_cache_sk_type(sk)) +#define sk_SRP_gN_cache_delete(sk, i) ((SRP_gN_cache *)OPENSSL_sk_delete(ossl_check_SRP_gN_cache_sk_type(sk), (i))) +#define sk_SRP_gN_cache_delete_ptr(sk, ptr) ((SRP_gN_cache *)OPENSSL_sk_delete_ptr(ossl_check_SRP_gN_cache_sk_type(sk), ossl_check_SRP_gN_cache_type(ptr))) +#define sk_SRP_gN_cache_push(sk, ptr) OPENSSL_sk_push(ossl_check_SRP_gN_cache_sk_type(sk), ossl_check_SRP_gN_cache_type(ptr)) +#define sk_SRP_gN_cache_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_SRP_gN_cache_sk_type(sk), ossl_check_SRP_gN_cache_type(ptr)) +#define sk_SRP_gN_cache_pop(sk) ((SRP_gN_cache *)OPENSSL_sk_pop(ossl_check_SRP_gN_cache_sk_type(sk))) +#define sk_SRP_gN_cache_shift(sk) ((SRP_gN_cache *)OPENSSL_sk_shift(ossl_check_SRP_gN_cache_sk_type(sk))) +#define sk_SRP_gN_cache_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_SRP_gN_cache_sk_type(sk),ossl_check_SRP_gN_cache_freefunc_type(freefunc)) +#define sk_SRP_gN_cache_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_SRP_gN_cache_sk_type(sk), ossl_check_SRP_gN_cache_type(ptr), (idx)) +#define sk_SRP_gN_cache_set(sk, idx, ptr) ((SRP_gN_cache *)OPENSSL_sk_set(ossl_check_SRP_gN_cache_sk_type(sk), (idx), ossl_check_SRP_gN_cache_type(ptr))) +#define sk_SRP_gN_cache_find(sk, ptr) OPENSSL_sk_find(ossl_check_SRP_gN_cache_sk_type(sk), ossl_check_SRP_gN_cache_type(ptr)) +#define sk_SRP_gN_cache_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_SRP_gN_cache_sk_type(sk), ossl_check_SRP_gN_cache_type(ptr)) +#define sk_SRP_gN_cache_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_SRP_gN_cache_sk_type(sk), ossl_check_SRP_gN_cache_type(ptr), pnum) +#define sk_SRP_gN_cache_sort(sk) OPENSSL_sk_sort(ossl_check_SRP_gN_cache_sk_type(sk)) +#define sk_SRP_gN_cache_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_SRP_gN_cache_sk_type(sk)) +#define sk_SRP_gN_cache_dup(sk) ((STACK_OF(SRP_gN_cache) *)OPENSSL_sk_dup(ossl_check_const_SRP_gN_cache_sk_type(sk))) +#define sk_SRP_gN_cache_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(SRP_gN_cache) *)OPENSSL_sk_deep_copy(ossl_check_const_SRP_gN_cache_sk_type(sk), ossl_check_SRP_gN_cache_copyfunc_type(copyfunc), ossl_check_SRP_gN_cache_freefunc_type(freefunc))) +#define sk_SRP_gN_cache_set_cmp_func(sk, cmp) ((sk_SRP_gN_cache_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_SRP_gN_cache_sk_type(sk), ossl_check_SRP_gN_cache_compfunc_type(cmp))) + + + +typedef struct SRP_user_pwd_st { + /* Owned by us. */ + char *id; + BIGNUM *s; + BIGNUM *v; + /* Not owned by us. */ + const BIGNUM *g; + const BIGNUM *N; + /* Owned by us. */ + char *info; +} SRP_user_pwd; +SKM_DEFINE_STACK_OF_INTERNAL(SRP_user_pwd, SRP_user_pwd, SRP_user_pwd) +#define sk_SRP_user_pwd_num(sk) OPENSSL_sk_num(ossl_check_const_SRP_user_pwd_sk_type(sk)) +#define sk_SRP_user_pwd_value(sk, idx) ((SRP_user_pwd *)OPENSSL_sk_value(ossl_check_const_SRP_user_pwd_sk_type(sk), (idx))) +#define sk_SRP_user_pwd_new(cmp) ((STACK_OF(SRP_user_pwd) *)OPENSSL_sk_new(ossl_check_SRP_user_pwd_compfunc_type(cmp))) +#define sk_SRP_user_pwd_new_null() ((STACK_OF(SRP_user_pwd) *)OPENSSL_sk_new_null()) +#define sk_SRP_user_pwd_new_reserve(cmp, n) ((STACK_OF(SRP_user_pwd) *)OPENSSL_sk_new_reserve(ossl_check_SRP_user_pwd_compfunc_type(cmp), (n))) +#define sk_SRP_user_pwd_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_SRP_user_pwd_sk_type(sk), (n)) +#define sk_SRP_user_pwd_free(sk) OPENSSL_sk_free(ossl_check_SRP_user_pwd_sk_type(sk)) +#define sk_SRP_user_pwd_zero(sk) OPENSSL_sk_zero(ossl_check_SRP_user_pwd_sk_type(sk)) +#define sk_SRP_user_pwd_delete(sk, i) ((SRP_user_pwd *)OPENSSL_sk_delete(ossl_check_SRP_user_pwd_sk_type(sk), (i))) +#define sk_SRP_user_pwd_delete_ptr(sk, ptr) ((SRP_user_pwd *)OPENSSL_sk_delete_ptr(ossl_check_SRP_user_pwd_sk_type(sk), ossl_check_SRP_user_pwd_type(ptr))) +#define sk_SRP_user_pwd_push(sk, ptr) OPENSSL_sk_push(ossl_check_SRP_user_pwd_sk_type(sk), ossl_check_SRP_user_pwd_type(ptr)) +#define sk_SRP_user_pwd_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_SRP_user_pwd_sk_type(sk), ossl_check_SRP_user_pwd_type(ptr)) +#define sk_SRP_user_pwd_pop(sk) ((SRP_user_pwd *)OPENSSL_sk_pop(ossl_check_SRP_user_pwd_sk_type(sk))) +#define sk_SRP_user_pwd_shift(sk) ((SRP_user_pwd *)OPENSSL_sk_shift(ossl_check_SRP_user_pwd_sk_type(sk))) +#define sk_SRP_user_pwd_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_SRP_user_pwd_sk_type(sk),ossl_check_SRP_user_pwd_freefunc_type(freefunc)) +#define sk_SRP_user_pwd_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_SRP_user_pwd_sk_type(sk), ossl_check_SRP_user_pwd_type(ptr), (idx)) +#define sk_SRP_user_pwd_set(sk, idx, ptr) ((SRP_user_pwd *)OPENSSL_sk_set(ossl_check_SRP_user_pwd_sk_type(sk), (idx), ossl_check_SRP_user_pwd_type(ptr))) +#define sk_SRP_user_pwd_find(sk, ptr) OPENSSL_sk_find(ossl_check_SRP_user_pwd_sk_type(sk), ossl_check_SRP_user_pwd_type(ptr)) +#define sk_SRP_user_pwd_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_SRP_user_pwd_sk_type(sk), ossl_check_SRP_user_pwd_type(ptr)) +#define sk_SRP_user_pwd_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_SRP_user_pwd_sk_type(sk), ossl_check_SRP_user_pwd_type(ptr), pnum) +#define sk_SRP_user_pwd_sort(sk) OPENSSL_sk_sort(ossl_check_SRP_user_pwd_sk_type(sk)) +#define sk_SRP_user_pwd_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_SRP_user_pwd_sk_type(sk)) +#define sk_SRP_user_pwd_dup(sk) ((STACK_OF(SRP_user_pwd) *)OPENSSL_sk_dup(ossl_check_const_SRP_user_pwd_sk_type(sk))) +#define sk_SRP_user_pwd_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(SRP_user_pwd) *)OPENSSL_sk_deep_copy(ossl_check_const_SRP_user_pwd_sk_type(sk), ossl_check_SRP_user_pwd_copyfunc_type(copyfunc), ossl_check_SRP_user_pwd_freefunc_type(freefunc))) +#define sk_SRP_user_pwd_set_cmp_func(sk, cmp) ((sk_SRP_user_pwd_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_SRP_user_pwd_sk_type(sk), ossl_check_SRP_user_pwd_compfunc_type(cmp))) + + +OSSL_DEPRECATEDIN_3_0 +SRP_user_pwd *SRP_user_pwd_new(void); +OSSL_DEPRECATEDIN_3_0 +void SRP_user_pwd_free(SRP_user_pwd *user_pwd); + +OSSL_DEPRECATEDIN_3_0 +void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, + const BIGNUM *N); +OSSL_DEPRECATEDIN_3_0 +int SRP_user_pwd_set1_ids(SRP_user_pwd *user_pwd, const char *id, + const char *info); +OSSL_DEPRECATEDIN_3_0 +int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v); + +typedef struct SRP_VBASE_st { + STACK_OF(SRP_user_pwd) *users_pwd; + STACK_OF(SRP_gN_cache) *gN_cache; +/* to simulate a user */ + char *seed_key; + const BIGNUM *default_g; + const BIGNUM *default_N; +} SRP_VBASE; + +/* + * Internal structure storing N and g pair + */ +typedef struct SRP_gN_st { + char *id; + const BIGNUM *g; + const BIGNUM *N; +} SRP_gN; +SKM_DEFINE_STACK_OF_INTERNAL(SRP_gN, SRP_gN, SRP_gN) +#define sk_SRP_gN_num(sk) OPENSSL_sk_num(ossl_check_const_SRP_gN_sk_type(sk)) +#define sk_SRP_gN_value(sk, idx) ((SRP_gN *)OPENSSL_sk_value(ossl_check_const_SRP_gN_sk_type(sk), (idx))) +#define sk_SRP_gN_new(cmp) ((STACK_OF(SRP_gN) *)OPENSSL_sk_new(ossl_check_SRP_gN_compfunc_type(cmp))) +#define sk_SRP_gN_new_null() ((STACK_OF(SRP_gN) *)OPENSSL_sk_new_null()) +#define sk_SRP_gN_new_reserve(cmp, n) ((STACK_OF(SRP_gN) *)OPENSSL_sk_new_reserve(ossl_check_SRP_gN_compfunc_type(cmp), (n))) +#define sk_SRP_gN_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_SRP_gN_sk_type(sk), (n)) +#define sk_SRP_gN_free(sk) OPENSSL_sk_free(ossl_check_SRP_gN_sk_type(sk)) +#define sk_SRP_gN_zero(sk) OPENSSL_sk_zero(ossl_check_SRP_gN_sk_type(sk)) +#define sk_SRP_gN_delete(sk, i) ((SRP_gN *)OPENSSL_sk_delete(ossl_check_SRP_gN_sk_type(sk), (i))) +#define sk_SRP_gN_delete_ptr(sk, ptr) ((SRP_gN *)OPENSSL_sk_delete_ptr(ossl_check_SRP_gN_sk_type(sk), ossl_check_SRP_gN_type(ptr))) +#define sk_SRP_gN_push(sk, ptr) OPENSSL_sk_push(ossl_check_SRP_gN_sk_type(sk), ossl_check_SRP_gN_type(ptr)) +#define sk_SRP_gN_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_SRP_gN_sk_type(sk), ossl_check_SRP_gN_type(ptr)) +#define sk_SRP_gN_pop(sk) ((SRP_gN *)OPENSSL_sk_pop(ossl_check_SRP_gN_sk_type(sk))) +#define sk_SRP_gN_shift(sk) ((SRP_gN *)OPENSSL_sk_shift(ossl_check_SRP_gN_sk_type(sk))) +#define sk_SRP_gN_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_SRP_gN_sk_type(sk),ossl_check_SRP_gN_freefunc_type(freefunc)) +#define sk_SRP_gN_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_SRP_gN_sk_type(sk), ossl_check_SRP_gN_type(ptr), (idx)) +#define sk_SRP_gN_set(sk, idx, ptr) ((SRP_gN *)OPENSSL_sk_set(ossl_check_SRP_gN_sk_type(sk), (idx), ossl_check_SRP_gN_type(ptr))) +#define sk_SRP_gN_find(sk, ptr) OPENSSL_sk_find(ossl_check_SRP_gN_sk_type(sk), ossl_check_SRP_gN_type(ptr)) +#define sk_SRP_gN_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_SRP_gN_sk_type(sk), ossl_check_SRP_gN_type(ptr)) +#define sk_SRP_gN_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_SRP_gN_sk_type(sk), ossl_check_SRP_gN_type(ptr), pnum) +#define sk_SRP_gN_sort(sk) OPENSSL_sk_sort(ossl_check_SRP_gN_sk_type(sk)) +#define sk_SRP_gN_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_SRP_gN_sk_type(sk)) +#define sk_SRP_gN_dup(sk) ((STACK_OF(SRP_gN) *)OPENSSL_sk_dup(ossl_check_const_SRP_gN_sk_type(sk))) +#define sk_SRP_gN_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(SRP_gN) *)OPENSSL_sk_deep_copy(ossl_check_const_SRP_gN_sk_type(sk), ossl_check_SRP_gN_copyfunc_type(copyfunc), ossl_check_SRP_gN_freefunc_type(freefunc))) +#define sk_SRP_gN_set_cmp_func(sk, cmp) ((sk_SRP_gN_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_SRP_gN_sk_type(sk), ossl_check_SRP_gN_compfunc_type(cmp))) + + + +OSSL_DEPRECATEDIN_3_0 +SRP_VBASE *SRP_VBASE_new(char *seed_key); +OSSL_DEPRECATEDIN_3_0 +void SRP_VBASE_free(SRP_VBASE *vb); +OSSL_DEPRECATEDIN_3_0 +int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); + +OSSL_DEPRECATEDIN_3_0 +int SRP_VBASE_add0_user(SRP_VBASE *vb, SRP_user_pwd *user_pwd); + +/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/ +OSSL_DEPRECATEDIN_3_0 +SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username); + +OSSL_DEPRECATEDIN_3_0 +char *SRP_create_verifier_ex(const char *user, const char *pass, char **salt, + char **verifier, const char *N, const char *g, + OSSL_LIB_CTX *libctx, const char *propq); +OSSL_DEPRECATEDIN_3_0 +char *SRP_create_verifier(const char *user, const char *pass, char **salt, + char **verifier, const char *N, const char *g); +OSSL_DEPRECATEDIN_3_0 +int SRP_create_verifier_BN_ex(const char *user, const char *pass, BIGNUM **salt, + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g, OSSL_LIB_CTX *libctx, + const char *propq); +OSSL_DEPRECATEDIN_3_0 +int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g); + +# define SRP_NO_ERROR 0 +# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 +# define SRP_ERR_VBASE_BN_LIB 2 +# define SRP_ERR_OPEN_FILE 3 +# define SRP_ERR_MEMORY 4 + +# define DB_srptype 0 +# define DB_srpverifier 1 +# define DB_srpsalt 2 +# define DB_srpid 3 +# define DB_srpgN 4 +# define DB_srpinfo 5 +# undef DB_NUMBER +# define DB_NUMBER 6 + +# define DB_SRP_INDEX 'I' +# define DB_SRP_VALID 'V' +# define DB_SRP_REVOKED 'R' +# define DB_SRP_MODIF 'v' + +/* see srp.c */ +OSSL_DEPRECATEDIN_3_0 +char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N); +OSSL_DEPRECATEDIN_3_0 +SRP_gN *SRP_get_default_gN(const char *id); + +/* server side .... */ +OSSL_DEPRECATEDIN_3_0 +BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, + const BIGNUM *b, const BIGNUM *N); +OSSL_DEPRECATEDIN_3_0 +BIGNUM *SRP_Calc_B_ex(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, + const BIGNUM *v, OSSL_LIB_CTX *libctx, const char *propq); +OSSL_DEPRECATEDIN_3_0 +BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, + const BIGNUM *v); + +OSSL_DEPRECATEDIN_3_0 +int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N); +OSSL_DEPRECATEDIN_3_0 +BIGNUM *SRP_Calc_u_ex(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N, + OSSL_LIB_CTX *libctx, const char *propq); +OSSL_DEPRECATEDIN_3_0 +BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N); + +/* client side .... */ + +OSSL_DEPRECATEDIN_3_0 +BIGNUM *SRP_Calc_x_ex(const BIGNUM *s, const char *user, const char *pass, + OSSL_LIB_CTX *libctx, const char *propq); +OSSL_DEPRECATEDIN_3_0 +BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass); +OSSL_DEPRECATEDIN_3_0 +BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g); +OSSL_DEPRECATEDIN_3_0 +BIGNUM *SRP_Calc_client_key_ex(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u, + OSSL_LIB_CTX *libctx, const char *propq); +OSSL_DEPRECATEDIN_3_0 +BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u); +OSSL_DEPRECATEDIN_3_0 +int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N); + +# define SRP_MINIMAL_N 1024 + +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +/* This method ignores the configured seed and fails for an unknown user. */ +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +OSSL_DEPRECATEDIN_1_1_0 +SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); +# endif + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/ssl.h b/contrib/openssl-cmake/common/include/openssl/ssl.h new file mode 100644 index 000000000000..aeb28d2b55d5 --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/ssl.h @@ -0,0 +1,2933 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/ssl.h.in + * + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + + +#ifndef OPENSSL_SSL_H +# define OPENSSL_SSL_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SSL_H +# endif + +# include +# include +# include +# include +# include +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# include +# include +# endif +# include +# include +# include +# include + +# include +# include +# include +# include +# include +# ifndef OPENSSL_NO_STDIO +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* OpenSSL version number for ASN.1 encoding of the session information */ +/*- + * Version 0 - initial version + * Version 1 - added the optional peer certificate + */ +# define SSL_SESSION_ASN1_VERSION 0x0001 + +# define SSL_MAX_SSL_SESSION_ID_LENGTH 32 +# define SSL_MAX_SID_CTX_LENGTH 32 + +# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) +# define SSL_MAX_KEY_ARG_LENGTH 8 +/* SSL_MAX_MASTER_KEY_LENGTH is defined in prov_ssl.h */ + +/* The maximum number of encrypt/decrypt pipelines we can support */ +# define SSL_MAX_PIPELINES 32 + +/* text strings for the ciphers */ + +/* These are used to specify which ciphers to use and not to use */ + +# define SSL_TXT_LOW "LOW" +# define SSL_TXT_MEDIUM "MEDIUM" +# define SSL_TXT_HIGH "HIGH" +# define SSL_TXT_FIPS "FIPS" + +# define SSL_TXT_aNULL "aNULL" +# define SSL_TXT_eNULL "eNULL" +# define SSL_TXT_NULL "NULL" + +# define SSL_TXT_kRSA "kRSA" +# define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */ +# define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */ +# define SSL_TXT_kDH "kDH"/* this cipher class has been removed */ +# define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ +# define SSL_TXT_kDHE "kDHE" +# define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */ +# define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */ +# define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */ +# define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ +# define SSL_TXT_kECDHE "kECDHE" +# define SSL_TXT_kPSK "kPSK" +# define SSL_TXT_kRSAPSK "kRSAPSK" +# define SSL_TXT_kECDHEPSK "kECDHEPSK" +# define SSL_TXT_kDHEPSK "kDHEPSK" +# define SSL_TXT_kGOST "kGOST" +# define SSL_TXT_kGOST18 "kGOST18" +# define SSL_TXT_kSRP "kSRP" + +# define SSL_TXT_aRSA "aRSA" +# define SSL_TXT_aDSS "aDSS" +# define SSL_TXT_aDH "aDH"/* this cipher class has been removed */ +# define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */ +# define SSL_TXT_aECDSA "aECDSA" +# define SSL_TXT_aPSK "aPSK" +# define SSL_TXT_aGOST94 "aGOST94" +# define SSL_TXT_aGOST01 "aGOST01" +# define SSL_TXT_aGOST12 "aGOST12" +# define SSL_TXT_aGOST "aGOST" +# define SSL_TXT_aSRP "aSRP" + +# define SSL_TXT_DSS "DSS" +# define SSL_TXT_DH "DH" +# define SSL_TXT_DHE "DHE"/* same as "kDHE:-ADH" */ +# define SSL_TXT_EDH "EDH"/* alias for DHE */ +# define SSL_TXT_ADH "ADH" +# define SSL_TXT_RSA "RSA" +# define SSL_TXT_ECDH "ECDH" +# define SSL_TXT_EECDH "EECDH"/* alias for ECDHE" */ +# define SSL_TXT_ECDHE "ECDHE"/* same as "kECDHE:-AECDH" */ +# define SSL_TXT_AECDH "AECDH" +# define SSL_TXT_ECDSA "ECDSA" +# define SSL_TXT_PSK "PSK" +# define SSL_TXT_SRP "SRP" + +# define SSL_TXT_DES "DES" +# define SSL_TXT_3DES "3DES" +# define SSL_TXT_RC4 "RC4" +# define SSL_TXT_RC2 "RC2" +# define SSL_TXT_IDEA "IDEA" +# define SSL_TXT_SEED "SEED" +# define SSL_TXT_AES128 "AES128" +# define SSL_TXT_AES256 "AES256" +# define SSL_TXT_AES "AES" +# define SSL_TXT_AES_GCM "AESGCM" +# define SSL_TXT_AES_CCM "AESCCM" +# define SSL_TXT_AES_CCM_8 "AESCCM8" +# define SSL_TXT_CAMELLIA128 "CAMELLIA128" +# define SSL_TXT_CAMELLIA256 "CAMELLIA256" +# define SSL_TXT_CAMELLIA "CAMELLIA" +# define SSL_TXT_CHACHA20 "CHACHA20" +# define SSL_TXT_GOST "GOST89" +# define SSL_TXT_ARIA "ARIA" +# define SSL_TXT_ARIA_GCM "ARIAGCM" +# define SSL_TXT_ARIA128 "ARIA128" +# define SSL_TXT_ARIA256 "ARIA256" +# define SSL_TXT_GOST2012_GOST8912_GOST8912 "GOST2012-GOST8912-GOST8912" +# define SSL_TXT_CBC "CBC" + +# define SSL_TXT_MD5 "MD5" +# define SSL_TXT_SHA1 "SHA1" +# define SSL_TXT_SHA "SHA"/* same as "SHA1" */ +# define SSL_TXT_GOST94 "GOST94" +# define SSL_TXT_GOST89MAC "GOST89MAC" +# define SSL_TXT_GOST12 "GOST12" +# define SSL_TXT_GOST89MAC12 "GOST89MAC12" +# define SSL_TXT_SHA256 "SHA256" +# define SSL_TXT_SHA384 "SHA384" + +# define SSL_TXT_SSLV3 "SSLv3" +# define SSL_TXT_TLSV1 "TLSv1" +# define SSL_TXT_TLSV1_1 "TLSv1.1" +# define SSL_TXT_TLSV1_2 "TLSv1.2" + +# define SSL_TXT_ALL "ALL" + +/*- + * COMPLEMENTOF* definitions. These identifiers are used to (de-select) + * ciphers normally not being used. + * Example: "RC4" will activate all ciphers using RC4 including ciphers + * without authentication, which would normally disabled by DEFAULT (due + * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" + * will make sure that it is also disabled in the specific selection. + * COMPLEMENTOF* identifiers are portable between version, as adjustments + * to the default cipher setup will also be included here. + * + * COMPLEMENTOFDEFAULT does not experience the same special treatment that + * DEFAULT gets, as only selection is being done and no sorting as needed + * for DEFAULT. + */ +# define SSL_TXT_CMPALL "COMPLEMENTOFALL" +# define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" + +/* + * The following cipher list is used by default. It also is substituted when + * an application-defined cipher list string starts with 'DEFAULT'. + * This applies to ciphersuites for TLSv1.2 and below. + * DEPRECATED IN 3.0.0, in favor of OSSL_default_cipher_list() + * Update both macro and function simultaneously + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" +/* + * This is the default set of TLSv1.3 ciphersuites + * DEPRECATED IN 3.0.0, in favor of OSSL_default_ciphersuites() + * Update both macro and function simultaneously + */ +# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ + "TLS_CHACHA20_POLY1305_SHA256:" \ + "TLS_AES_128_GCM_SHA256" +# endif +/* + * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always + * starts with a reasonable order, and all we have to do for DEFAULT is + * throwing out anonymous and unencrypted ciphersuites! (The latter are not + * actually enabled by ALL, but "ALL:RSA" would enable some of them.) + */ + +/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ +# define SSL_SENT_SHUTDOWN 1 +# define SSL_RECEIVED_SHUTDOWN 2 + +#ifdef __cplusplus +} +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 +# define SSL_FILETYPE_PEM X509_FILETYPE_PEM + +/* + * This is needed to stop compilers complaining about the 'struct ssl_st *' + * function parameters used to prototype callbacks in SSL_CTX. + */ +typedef struct ssl_st *ssl_crock_st; +typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; +typedef struct ssl_method_st SSL_METHOD; +typedef struct ssl_cipher_st SSL_CIPHER; +typedef struct ssl_session_st SSL_SESSION; +typedef struct tls_sigalgs_st TLS_SIGALGS; +typedef struct ssl_conf_ctx_st SSL_CONF_CTX; + +STACK_OF(SSL_CIPHER); + +/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ +typedef struct srtp_protection_profile_st { + const char *name; + unsigned long id; +} SRTP_PROTECTION_PROFILE; +SKM_DEFINE_STACK_OF_INTERNAL(SRTP_PROTECTION_PROFILE, SRTP_PROTECTION_PROFILE, SRTP_PROTECTION_PROFILE) +#define sk_SRTP_PROTECTION_PROFILE_num(sk) OPENSSL_sk_num(ossl_check_const_SRTP_PROTECTION_PROFILE_sk_type(sk)) +#define sk_SRTP_PROTECTION_PROFILE_value(sk, idx) ((SRTP_PROTECTION_PROFILE *)OPENSSL_sk_value(ossl_check_const_SRTP_PROTECTION_PROFILE_sk_type(sk), (idx))) +#define sk_SRTP_PROTECTION_PROFILE_new(cmp) ((STACK_OF(SRTP_PROTECTION_PROFILE) *)OPENSSL_sk_new(ossl_check_SRTP_PROTECTION_PROFILE_compfunc_type(cmp))) +#define sk_SRTP_PROTECTION_PROFILE_new_null() ((STACK_OF(SRTP_PROTECTION_PROFILE) *)OPENSSL_sk_new_null()) +#define sk_SRTP_PROTECTION_PROFILE_new_reserve(cmp, n) ((STACK_OF(SRTP_PROTECTION_PROFILE) *)OPENSSL_sk_new_reserve(ossl_check_SRTP_PROTECTION_PROFILE_compfunc_type(cmp), (n))) +#define sk_SRTP_PROTECTION_PROFILE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), (n)) +#define sk_SRTP_PROTECTION_PROFILE_free(sk) OPENSSL_sk_free(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk)) +#define sk_SRTP_PROTECTION_PROFILE_zero(sk) OPENSSL_sk_zero(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk)) +#define sk_SRTP_PROTECTION_PROFILE_delete(sk, i) ((SRTP_PROTECTION_PROFILE *)OPENSSL_sk_delete(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), (i))) +#define sk_SRTP_PROTECTION_PROFILE_delete_ptr(sk, ptr) ((SRTP_PROTECTION_PROFILE *)OPENSSL_sk_delete_ptr(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), ossl_check_SRTP_PROTECTION_PROFILE_type(ptr))) +#define sk_SRTP_PROTECTION_PROFILE_push(sk, ptr) OPENSSL_sk_push(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), ossl_check_SRTP_PROTECTION_PROFILE_type(ptr)) +#define sk_SRTP_PROTECTION_PROFILE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), ossl_check_SRTP_PROTECTION_PROFILE_type(ptr)) +#define sk_SRTP_PROTECTION_PROFILE_pop(sk) ((SRTP_PROTECTION_PROFILE *)OPENSSL_sk_pop(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk))) +#define sk_SRTP_PROTECTION_PROFILE_shift(sk) ((SRTP_PROTECTION_PROFILE *)OPENSSL_sk_shift(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk))) +#define sk_SRTP_PROTECTION_PROFILE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk),ossl_check_SRTP_PROTECTION_PROFILE_freefunc_type(freefunc)) +#define sk_SRTP_PROTECTION_PROFILE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), ossl_check_SRTP_PROTECTION_PROFILE_type(ptr), (idx)) +#define sk_SRTP_PROTECTION_PROFILE_set(sk, idx, ptr) ((SRTP_PROTECTION_PROFILE *)OPENSSL_sk_set(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), (idx), ossl_check_SRTP_PROTECTION_PROFILE_type(ptr))) +#define sk_SRTP_PROTECTION_PROFILE_find(sk, ptr) OPENSSL_sk_find(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), ossl_check_SRTP_PROTECTION_PROFILE_type(ptr)) +#define sk_SRTP_PROTECTION_PROFILE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), ossl_check_SRTP_PROTECTION_PROFILE_type(ptr)) +#define sk_SRTP_PROTECTION_PROFILE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), ossl_check_SRTP_PROTECTION_PROFILE_type(ptr), pnum) +#define sk_SRTP_PROTECTION_PROFILE_sort(sk) OPENSSL_sk_sort(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk)) +#define sk_SRTP_PROTECTION_PROFILE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_SRTP_PROTECTION_PROFILE_sk_type(sk)) +#define sk_SRTP_PROTECTION_PROFILE_dup(sk) ((STACK_OF(SRTP_PROTECTION_PROFILE) *)OPENSSL_sk_dup(ossl_check_const_SRTP_PROTECTION_PROFILE_sk_type(sk))) +#define sk_SRTP_PROTECTION_PROFILE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(SRTP_PROTECTION_PROFILE) *)OPENSSL_sk_deep_copy(ossl_check_const_SRTP_PROTECTION_PROFILE_sk_type(sk), ossl_check_SRTP_PROTECTION_PROFILE_copyfunc_type(copyfunc), ossl_check_SRTP_PROTECTION_PROFILE_freefunc_type(freefunc))) +#define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(sk, cmp) ((sk_SRTP_PROTECTION_PROFILE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), ossl_check_SRTP_PROTECTION_PROFILE_compfunc_type(cmp))) + + + +typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, + int len, void *arg); +typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, + const SSL_CIPHER **cipher, void *arg); + +/* Extension context codes */ +/* This extension is only allowed in TLS */ +#define SSL_EXT_TLS_ONLY 0x00001 +/* This extension is only allowed in DTLS */ +#define SSL_EXT_DTLS_ONLY 0x00002 +/* Some extensions may be allowed in DTLS but we don't implement them for it */ +#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x00004 +/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ +#define SSL_EXT_SSL3_ALLOWED 0x00008 +/* Extension is only defined for TLS1.2 and below */ +#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x00010 +/* Extension is only defined for TLS1.3 and above */ +#define SSL_EXT_TLS1_3_ONLY 0x00020 +/* Ignore this extension during parsing if we are resuming */ +#define SSL_EXT_IGNORE_ON_RESUMPTION 0x00040 +#define SSL_EXT_CLIENT_HELLO 0x00080 +/* Really means TLS1.2 or below */ +#define SSL_EXT_TLS1_2_SERVER_HELLO 0x00100 +#define SSL_EXT_TLS1_3_SERVER_HELLO 0x00200 +#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x00400 +#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x00800 +#define SSL_EXT_TLS1_3_CERTIFICATE 0x01000 +#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x02000 +#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x04000 +#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION 0x08000 +/* When sending a raw public key in a certificate message */ +#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY 0x10000 + +/* Typedefs for handling custom extensions */ + +typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, + const unsigned char **out, size_t *outlen, + int *al, void *add_arg); + +typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, + const unsigned char *out, void *add_arg); + +typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, + const unsigned char *in, size_t inlen, + int *al, void *parse_arg); + + +typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char **out, + size_t *outlen, X509 *x, + size_t chainidx, + int *al, void *add_arg); + +typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *out, + void *add_arg); + +typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, + size_t chainidx, + int *al, void *parse_arg); + +/* Typedef for verification callback */ +typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); + +/* Typedef for SSL async callback */ +typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); + +#define SSL_OP_BIT(n) ((uint64_t)1 << (uint64_t)n) + +/* + * SSL/TLS connection options. + */ + /* Disable Extended master secret */ +# define SSL_OP_NO_EXTENDED_MASTER_SECRET SSL_OP_BIT(0) + /* Cleanse plaintext copies of data delivered to the application */ +# define SSL_OP_CLEANSE_PLAINTEXT SSL_OP_BIT(1) + /* Allow initial connection to servers that don't support RI */ +# define SSL_OP_LEGACY_SERVER_CONNECT SSL_OP_BIT(2) + /* Enable support for Kernel TLS */ +# define SSL_OP_ENABLE_KTLS SSL_OP_BIT(3) +# define SSL_OP_TLSEXT_PADDING SSL_OP_BIT(4) +# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG SSL_OP_BIT(6) +# define SSL_OP_IGNORE_UNEXPECTED_EOF SSL_OP_BIT(7) +# define SSL_OP_ALLOW_CLIENT_RENEGOTIATION SSL_OP_BIT(8) +# define SSL_OP_DISABLE_TLSEXT_CA_NAMES SSL_OP_BIT(9) + /* In TLSv1.3 allow a non-(ec)dhe based kex_mode */ +# define SSL_OP_ALLOW_NO_DHE_KEX SSL_OP_BIT(10) + /* + * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added + * in OpenSSL 0.9.6d. Usually (depending on the application protocol) + * the workaround is not needed. Unfortunately some broken SSL/TLS + * implementations cannot handle it at all, which is why we include it + * in SSL_OP_ALL. Added in 0.9.6e + */ +# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_BIT(11) + /* DTLS options */ +# define SSL_OP_NO_QUERY_MTU SSL_OP_BIT(12) + /* Turn on Cookie Exchange (on relevant for servers) */ +# define SSL_OP_COOKIE_EXCHANGE SSL_OP_BIT(13) + /* Don't use RFC4507 ticket extension */ +# define SSL_OP_NO_TICKET SSL_OP_BIT(14) +# ifndef OPENSSL_NO_DTLS1_METHOD + /* + * Use Cisco's version identifier of DTLS_BAD_VER + * (only with deprecated DTLSv1_client_method()) + */ +# define SSL_OP_CISCO_ANYCONNECT SSL_OP_BIT(15) +# endif + /* As server, disallow session resumption on renegotiation */ +# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_BIT(16) + /* Don't use compression even if supported */ +# define SSL_OP_NO_COMPRESSION SSL_OP_BIT(17) + /* Permit unsafe legacy renegotiation */ +# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_BIT(18) + /* Disable encrypt-then-mac */ +# define SSL_OP_NO_ENCRYPT_THEN_MAC SSL_OP_BIT(19) + /* + * Enable TLSv1.3 Compatibility mode. This is on by default. A future + * version of OpenSSL may have this disabled by default. + */ +# define SSL_OP_ENABLE_MIDDLEBOX_COMPAT SSL_OP_BIT(20) + /* + * Prioritize Chacha20Poly1305 when client does. + * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE + */ +# define SSL_OP_PRIORITIZE_CHACHA SSL_OP_BIT(21) + /* + * Set on servers to choose the cipher according to server's preferences. + */ +# define SSL_OP_CIPHER_SERVER_PREFERENCE SSL_OP_BIT(22) + /* + * If set, a server will allow a client to issue an SSLv3.0 version + * number as latest version supported in the premaster secret, even when + * TLSv1.0 (version 3.1) was announced in the client hello. Normally + * this is forbidden to prevent version rollback attacks. + */ +# define SSL_OP_TLS_ROLLBACK_BUG SSL_OP_BIT(23) + /* + * Switches off automatic TLSv1.3 anti-replay protection for early data. + * This is a server-side option only (no effect on the client). + */ +# define SSL_OP_NO_ANTI_REPLAY SSL_OP_BIT(24) +# define SSL_OP_NO_SSLv3 SSL_OP_BIT(25) +# define SSL_OP_NO_TLSv1 SSL_OP_BIT(26) +# define SSL_OP_NO_TLSv1_2 SSL_OP_BIT(27) +# define SSL_OP_NO_TLSv1_1 SSL_OP_BIT(28) +# define SSL_OP_NO_TLSv1_3 SSL_OP_BIT(29) +# define SSL_OP_NO_DTLSv1 SSL_OP_BIT(26) +# define SSL_OP_NO_DTLSv1_2 SSL_OP_BIT(27) + /* Disallow all renegotiation */ +# define SSL_OP_NO_RENEGOTIATION SSL_OP_BIT(30) + /* + * Make server add server-hello extension from early version of + * cryptopro draft, when GOST ciphersuite is negotiated. Required for + * interoperability with CryptoPro CSP 3.x + */ +# define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31) +/* + * Disable RFC8879 certificate compression + * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates, + * and ignore the extension when received. + * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and + * subsequently indicating that receiving is not supported + */ +# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION SSL_OP_BIT(32) +# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION SSL_OP_BIT(33) + /* Enable KTLS TX zerocopy on Linux */ +# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE SSL_OP_BIT(34) + +#define SSL_OP_PREFER_NO_DHE_KEX SSL_OP_BIT(35) + +/* + * Option "collections." + */ +# define SSL_OP_NO_SSL_MASK \ + ( SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 \ + | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3 ) +# define SSL_OP_NO_DTLS_MASK \ + ( SSL_OP_NO_DTLSv1 | SSL_OP_NO_DTLSv1_2 ) + +/* Various bug workarounds that should be rather harmless. */ +# define SSL_OP_ALL \ + ( SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS \ + | SSL_OP_TLSEXT_PADDING | SSL_OP_SAFARI_ECDHE_ECDSA_BUG ) + +/* + * OBSOLETE OPTIONS retained for compatibility + */ + +# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 +# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0 +# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 +# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 +# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 +# define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 +# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 +# define SSL_OP_TLS_D5_BUG 0x0 +# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 +# define SSL_OP_SINGLE_ECDH_USE 0x0 +# define SSL_OP_SINGLE_DH_USE 0x0 +# define SSL_OP_EPHEMERAL_RSA 0x0 +# define SSL_OP_NO_SSLv2 0x0 +# define SSL_OP_PKCS1_CHECK_1 0x0 +# define SSL_OP_PKCS1_CHECK_2 0x0 +# define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 +# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0 + +/* + * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success + * when just a single record has been written): + */ +# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U +/* + * Make it possible to retry SSL_write() with changed buffer location (buffer + * contents must stay the same!); this is not the default to avoid the + * misconception that non-blocking SSL_write() behaves like non-blocking + * write(): + */ +# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U +/* + * Never bother the application with retries if the transport is blocking: + */ +# define SSL_MODE_AUTO_RETRY 0x00000004U +/* Don't attempt to automatically build certificate chain */ +# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U +/* + * Save RAM by releasing read and write buffers when they're empty. (SSL3 and + * TLS only.) Released buffers are freed. + */ +# define SSL_MODE_RELEASE_BUFFERS 0x00000010U +/* + * Send the current time in the Random fields of the ClientHello and + * ServerHello records for compatibility with hypothetical implementations + * that require it. + */ +# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U +# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U +/* + * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications + * that reconnect with a downgraded protocol version; see + * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your + * application attempts a normal handshake. Only use this in explicit + * fallback retries, following the guidance in + * draft-ietf-tls-downgrade-scsv-00. + */ +# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U +/* + * Support Asynchronous operation + */ +# define SSL_MODE_ASYNC 0x00000100U + +/* + * When using DTLS/SCTP, include the terminating zero in the label + * used for computing the endpoint-pair shared secret. Required for + * interoperability with implementations having this bug like these + * older version of OpenSSL: + * - OpenSSL 1.0.0 series + * - OpenSSL 1.0.1 series + * - OpenSSL 1.0.2 series + * - OpenSSL 1.1.0 series + * - OpenSSL 1.1.1 and 1.1.1a + */ +# define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U + +/* Cert related flags */ +/* + * Many implementations ignore some aspects of the TLS standards such as + * enforcing certificate chain algorithms. When this is set we enforce them. + */ +# define SSL_CERT_FLAG_TLS_STRICT 0x00000001U + +/* Suite B modes, takes same values as certificate verify flags */ +# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 +/* Suite B 192 bit only mode */ +# define SSL_CERT_FLAG_SUITEB_192_LOS 0x20000 +/* Suite B 128 bit mode allowing 192 bit algorithms */ +# define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000 + +/* Perform all sorts of protocol violations for testing purposes */ +# define SSL_CERT_FLAG_BROKEN_PROTOCOL 0x10000000 + +/* Flags for building certificate chains */ +/* Treat any existing certificates as untrusted CAs */ +# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 +/* Don't include root CA in chain */ +# define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 +/* Just check certificates already there */ +# define SSL_BUILD_CHAIN_FLAG_CHECK 0x4 +/* Ignore verification errors */ +# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8 +/* Clear verification errors from queue */ +# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 + +/* Flags returned by SSL_check_chain */ +/* Certificate can be used with this session */ +# define CERT_PKEY_VALID 0x1 +/* Certificate can also be used for signing */ +# define CERT_PKEY_SIGN 0x2 +/* EE certificate signing algorithm OK */ +# define CERT_PKEY_EE_SIGNATURE 0x10 +/* CA signature algorithms OK */ +# define CERT_PKEY_CA_SIGNATURE 0x20 +/* EE certificate parameters OK */ +# define CERT_PKEY_EE_PARAM 0x40 +/* CA certificate parameters OK */ +# define CERT_PKEY_CA_PARAM 0x80 +/* Signing explicitly allowed as opposed to SHA1 fallback */ +# define CERT_PKEY_EXPLICIT_SIGN 0x100 +/* Client CA issuer names match (always set for server cert) */ +# define CERT_PKEY_ISSUER_NAME 0x200 +/* Cert type matches client types (always set for server cert) */ +# define CERT_PKEY_CERT_TYPE 0x400 +/* Cert chain suitable to Suite B */ +# define CERT_PKEY_SUITEB 0x800 +/* Cert pkey valid for raw public key use */ +# define CERT_PKEY_RPK 0x1000 + +# define SSL_CONF_FLAG_CMDLINE 0x1 +# define SSL_CONF_FLAG_FILE 0x2 +# define SSL_CONF_FLAG_CLIENT 0x4 +# define SSL_CONF_FLAG_SERVER 0x8 +# define SSL_CONF_FLAG_SHOW_ERRORS 0x10 +# define SSL_CONF_FLAG_CERTIFICATE 0x20 +# define SSL_CONF_FLAG_REQUIRE_PRIVATE 0x40 +/* Configuration value types */ +# define SSL_CONF_TYPE_UNKNOWN 0x0 +# define SSL_CONF_TYPE_STRING 0x1 +# define SSL_CONF_TYPE_FILE 0x2 +# define SSL_CONF_TYPE_DIR 0x3 +# define SSL_CONF_TYPE_NONE 0x4 +# define SSL_CONF_TYPE_STORE 0x5 + +/* Maximum length of the application-controlled segment of a a TLSv1.3 cookie */ +# define SSL_COOKIE_LENGTH 4096 + +/* + * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they + * cannot be used to clear bits. + */ + +uint64_t SSL_CTX_get_options(const SSL_CTX *ctx); +uint64_t SSL_get_options(const SSL *s); +uint64_t SSL_CTX_clear_options(SSL_CTX *ctx, uint64_t op); +uint64_t SSL_clear_options(SSL *s, uint64_t op); +uint64_t SSL_CTX_set_options(SSL_CTX *ctx, uint64_t op); +uint64_t SSL_set_options(SSL *s, uint64_t op); + +# define SSL_CTX_set_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) +# define SSL_CTX_clear_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) +# define SSL_CTX_get_mode(ctx) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) +# define SSL_clear_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) +# define SSL_set_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) +# define SSL_get_mode(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) +# define SSL_set_mtu(ssl, mtu) \ + SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) +# define DTLS_set_link_mtu(ssl, mtu) \ + SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) +# define DTLS_get_link_min_mtu(ssl) \ + SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) + +# define SSL_get_secure_renegotiation_support(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) + +# define SSL_CTX_set_cert_flags(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL) +# define SSL_set_cert_flags(s,op) \ + SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL) +# define SSL_CTX_clear_cert_flags(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) +# define SSL_clear_cert_flags(s,op) \ + SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) + +void SSL_CTX_set_msg_callback(SSL_CTX *ctx, + void (*cb) (int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); +void SSL_set_msg_callback(SSL *ssl, + void (*cb) (int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); +# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) +# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) + +# define SSL_get_extms_support(s) \ + SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL) + +# ifndef OPENSSL_NO_SRP +/* see tls_srp.c */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 __owur int SSL_SRP_CTX_init(SSL *s); +OSSL_DEPRECATEDIN_3_0 __owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 int SSL_SRP_CTX_free(SSL *ctx); +OSSL_DEPRECATEDIN_3_0 int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 __owur int SSL_srp_server_param_with_username(SSL *s, + int *ad); +OSSL_DEPRECATEDIN_3_0 __owur int SRP_Calc_A_param(SSL *s); +# endif +# endif + +/* 100k max cert list */ +# define SSL_MAX_CERT_LIST_DEFAULT (1024*100) + +# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) + +/* + * This callback type is used inside SSL_CTX, SSL, and in the functions that + * set them. It is used to override the generation of SSL/TLS session IDs in + * a server. Return value should be zero on an error, non-zero to proceed. + * Also, callbacks should themselves check if the id they generate is unique + * otherwise the SSL handshake will fail with an error - callbacks can do + * this using the 'ssl' value they're passed by; + * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in + * is set at the maximum size the session ID can be. In SSLv3/TLSv1 it is 32 + * bytes. The callback can alter this length to be less if desired. It is + * also an error for the callback to set the size to zero. + */ +typedef int (*GEN_SESSION_CB) (SSL *ssl, unsigned char *id, + unsigned int *id_len); + +# define SSL_SESS_CACHE_OFF 0x0000 +# define SSL_SESS_CACHE_CLIENT 0x0001 +# define SSL_SESS_CACHE_SERVER 0x0002 +# define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) +# define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 +/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ +# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 +# define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 +# define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) +# define SSL_SESS_CACHE_UPDATE_TIME 0x0400 + +LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); +# define SSL_CTX_sess_number(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) +# define SSL_CTX_sess_connect(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) +# define SSL_CTX_sess_connect_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) +# define SSL_CTX_sess_connect_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) +# define SSL_CTX_sess_accept(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) +# define SSL_CTX_sess_accept_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) +# define SSL_CTX_sess_accept_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) +# define SSL_CTX_sess_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) +# define SSL_CTX_sess_cb_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) +# define SSL_CTX_sess_misses(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) +# define SSL_CTX_sess_timeouts(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) +# define SSL_CTX_sess_cache_full(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) + +void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, + int (*new_session_cb) (struct ssl_st *ssl, + SSL_SESSION *sess)); +int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, + SSL_SESSION *sess); +void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, + void (*remove_session_cb) (struct ssl_ctx_st + *ctx, + SSL_SESSION *sess)); +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, + SSL_SESSION *sess); +void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, + SSL_SESSION *(*get_session_cb) (struct ssl_st + *ssl, + const unsigned char + *data, int len, + int *copy)); +SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, + const unsigned char *data, + int len, int *copy); +void SSL_CTX_set_info_callback(SSL_CTX *ctx, + void (*cb) (const SSL *ssl, int type, int val)); +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, + int val); +void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, + int (*client_cert_cb) (SSL *ssl, X509 **x509, + EVP_PKEY **pkey)); +int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, + EVP_PKEY **pkey); +# ifndef OPENSSL_NO_ENGINE +__owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); +# endif +void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, + int (*app_gen_cookie_cb) (SSL *ssl, + unsigned char + *cookie, + unsigned int + *cookie_len)); +void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, + int (*app_verify_cookie_cb) (SSL *ssl, + const unsigned + char *cookie, + unsigned int + cookie_len)); + +void SSL_CTX_set_stateless_cookie_generate_cb( + SSL_CTX *ctx, + int (*gen_stateless_cookie_cb) (SSL *ssl, + unsigned char *cookie, + size_t *cookie_len)); +void SSL_CTX_set_stateless_cookie_verify_cb( + SSL_CTX *ctx, + int (*verify_stateless_cookie_cb) (SSL *ssl, + const unsigned char *cookie, + size_t cookie_len)); +# ifndef OPENSSL_NO_NEXTPROTONEG + +typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl, + const unsigned char **out, + unsigned int *outlen, + void *arg); +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, + SSL_CTX_npn_advertised_cb_func cb, + void *arg); +# define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb + +typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s, + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, + SSL_CTX_npn_select_cb_func cb, + void *arg); +# define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb + +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, + unsigned *len); +# define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated +# endif + +__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, + const unsigned char *client, + unsigned int client_len); + +# define OPENSSL_NPN_UNSUPPORTED 0 +# define OPENSSL_NPN_NEGOTIATED 1 +# define OPENSSL_NPN_NO_OVERLAP 2 + +__owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, + unsigned int protos_len); +__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, + unsigned int protos_len); +typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); +void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, + SSL_CTX_alpn_select_cb_func cb, + void *arg); +void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, + unsigned int *len); + +# ifndef OPENSSL_NO_PSK +/* + * the maximum length of the buffer given to callbacks containing the + * resulting identity/psk + */ +# define PSK_MAX_IDENTITY_LEN 256 +# define PSK_MAX_PSK_LEN 512 +typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, + const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); +void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); +void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); + +typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, + const char *identity, + unsigned char *psk, + unsigned int max_psk_len); +void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); +void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); + +__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); +__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); +const char *SSL_get_psk_identity_hint(const SSL *s); +const char *SSL_get_psk_identity(const SSL *s); +# endif + +typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, + const unsigned char *identity, + size_t identity_len, + SSL_SESSION **sess); +typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, + const unsigned char **id, + size_t *idlen, + SSL_SESSION **sess); + +void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb); +void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, + SSL_psk_find_session_cb_func cb); +void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); +void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, + SSL_psk_use_session_cb_func cb); + +/* Register callbacks to handle custom TLS Extensions for client or server. */ + +__owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, + unsigned int ext_type); + +__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +__owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + unsigned int context, + SSL_custom_ext_add_cb_ex add_cb, + SSL_custom_ext_free_cb_ex free_cb, + void *add_arg, + SSL_custom_ext_parse_cb_ex parse_cb, + void *parse_arg); + +__owur int SSL_extension_supported(unsigned int ext_type); + +# define SSL_NOTHING 1 +# define SSL_WRITING 2 +# define SSL_READING 3 +# define SSL_X509_LOOKUP 4 +# define SSL_ASYNC_PAUSED 5 +# define SSL_ASYNC_NO_JOBS 6 +# define SSL_CLIENT_HELLO_CB 7 +# define SSL_RETRY_VERIFY 8 + +/* These will only be used when doing non-blocking IO */ +# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) +# define SSL_want_read(s) (SSL_want(s) == SSL_READING) +# define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) +# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) +# define SSL_want_retry_verify(s) (SSL_want(s) == SSL_RETRY_VERIFY) +# define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED) +# define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS) +# define SSL_want_client_hello_cb(s) (SSL_want(s) == SSL_CLIENT_HELLO_CB) + +# define SSL_MAC_FLAG_READ_MAC_STREAM 1 +# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 +# define SSL_MAC_FLAG_READ_MAC_TLSTREE 4 +# define SSL_MAC_FLAG_WRITE_MAC_TLSTREE 8 + +/* + * A callback for logging out TLS key material. This callback should log out + * |line| followed by a newline. + */ +typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); + +/* + * SSL_CTX_set_keylog_callback configures a callback to log key material. This + * is intended for debugging use with tools like Wireshark. The cb function + * should log line followed by a newline. + */ +void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); + +/* + * SSL_CTX_get_keylog_callback returns the callback configured by + * SSL_CTX_set_keylog_callback. + */ +SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); + +int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data); +uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); +int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); +uint32_t SSL_get_max_early_data(const SSL *s); +int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data); +uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx); +int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data); +uint32_t SSL_get_recv_max_early_data(const SSL *s); + +#ifdef __cplusplus +} +#endif + +# include +# include +# include /* This is mostly sslv3 with a few tweaks */ +# include /* Datagram TLS */ +# include /* Support for the use_srtp extension */ +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * These need to be after the above set of includes due to a compiler bug + * in VisualStudio 2015 + */ +SKM_DEFINE_STACK_OF_INTERNAL(SSL_CIPHER, const SSL_CIPHER, SSL_CIPHER) +#define sk_SSL_CIPHER_num(sk) OPENSSL_sk_num(ossl_check_const_SSL_CIPHER_sk_type(sk)) +#define sk_SSL_CIPHER_value(sk, idx) ((const SSL_CIPHER *)OPENSSL_sk_value(ossl_check_const_SSL_CIPHER_sk_type(sk), (idx))) +#define sk_SSL_CIPHER_new(cmp) ((STACK_OF(SSL_CIPHER) *)OPENSSL_sk_new(ossl_check_SSL_CIPHER_compfunc_type(cmp))) +#define sk_SSL_CIPHER_new_null() ((STACK_OF(SSL_CIPHER) *)OPENSSL_sk_new_null()) +#define sk_SSL_CIPHER_new_reserve(cmp, n) ((STACK_OF(SSL_CIPHER) *)OPENSSL_sk_new_reserve(ossl_check_SSL_CIPHER_compfunc_type(cmp), (n))) +#define sk_SSL_CIPHER_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_SSL_CIPHER_sk_type(sk), (n)) +#define sk_SSL_CIPHER_free(sk) OPENSSL_sk_free(ossl_check_SSL_CIPHER_sk_type(sk)) +#define sk_SSL_CIPHER_zero(sk) OPENSSL_sk_zero(ossl_check_SSL_CIPHER_sk_type(sk)) +#define sk_SSL_CIPHER_delete(sk, i) ((const SSL_CIPHER *)OPENSSL_sk_delete(ossl_check_SSL_CIPHER_sk_type(sk), (i))) +#define sk_SSL_CIPHER_delete_ptr(sk, ptr) ((const SSL_CIPHER *)OPENSSL_sk_delete_ptr(ossl_check_SSL_CIPHER_sk_type(sk), ossl_check_SSL_CIPHER_type(ptr))) +#define sk_SSL_CIPHER_push(sk, ptr) OPENSSL_sk_push(ossl_check_SSL_CIPHER_sk_type(sk), ossl_check_SSL_CIPHER_type(ptr)) +#define sk_SSL_CIPHER_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_SSL_CIPHER_sk_type(sk), ossl_check_SSL_CIPHER_type(ptr)) +#define sk_SSL_CIPHER_pop(sk) ((const SSL_CIPHER *)OPENSSL_sk_pop(ossl_check_SSL_CIPHER_sk_type(sk))) +#define sk_SSL_CIPHER_shift(sk) ((const SSL_CIPHER *)OPENSSL_sk_shift(ossl_check_SSL_CIPHER_sk_type(sk))) +#define sk_SSL_CIPHER_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_SSL_CIPHER_sk_type(sk),ossl_check_SSL_CIPHER_freefunc_type(freefunc)) +#define sk_SSL_CIPHER_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_SSL_CIPHER_sk_type(sk), ossl_check_SSL_CIPHER_type(ptr), (idx)) +#define sk_SSL_CIPHER_set(sk, idx, ptr) ((const SSL_CIPHER *)OPENSSL_sk_set(ossl_check_SSL_CIPHER_sk_type(sk), (idx), ossl_check_SSL_CIPHER_type(ptr))) +#define sk_SSL_CIPHER_find(sk, ptr) OPENSSL_sk_find(ossl_check_SSL_CIPHER_sk_type(sk), ossl_check_SSL_CIPHER_type(ptr)) +#define sk_SSL_CIPHER_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_SSL_CIPHER_sk_type(sk), ossl_check_SSL_CIPHER_type(ptr)) +#define sk_SSL_CIPHER_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_SSL_CIPHER_sk_type(sk), ossl_check_SSL_CIPHER_type(ptr), pnum) +#define sk_SSL_CIPHER_sort(sk) OPENSSL_sk_sort(ossl_check_SSL_CIPHER_sk_type(sk)) +#define sk_SSL_CIPHER_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_SSL_CIPHER_sk_type(sk)) +#define sk_SSL_CIPHER_dup(sk) ((STACK_OF(SSL_CIPHER) *)OPENSSL_sk_dup(ossl_check_const_SSL_CIPHER_sk_type(sk))) +#define sk_SSL_CIPHER_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(SSL_CIPHER) *)OPENSSL_sk_deep_copy(ossl_check_const_SSL_CIPHER_sk_type(sk), ossl_check_SSL_CIPHER_copyfunc_type(copyfunc), ossl_check_SSL_CIPHER_freefunc_type(freefunc))) +#define sk_SSL_CIPHER_set_cmp_func(sk, cmp) ((sk_SSL_CIPHER_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_SSL_CIPHER_sk_type(sk), ossl_check_SSL_CIPHER_compfunc_type(cmp))) + + +/* compatibility */ +# define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)(arg))) +# define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) +# define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0, \ + (char *)(a))) +# define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) +# define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) +# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0, \ + (char *)(arg))) +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +OSSL_DEPRECATEDIN_1_1_0 void SSL_set_debug(SSL *s, int debug); +# endif + +/* TLSv1.3 KeyUpdate message types */ +/* -1 used so that this is an invalid value for the on-the-wire protocol */ +#define SSL_KEY_UPDATE_NONE -1 +/* Values as defined for the on-the-wire protocol */ +#define SSL_KEY_UPDATE_NOT_REQUESTED 0 +#define SSL_KEY_UPDATE_REQUESTED 1 + +/* + * The valid handshake states (one for each type message sent and one for each + * type of message received). There are also two "special" states: + * TLS = TLS or DTLS state + * DTLS = DTLS specific state + * CR/SR = Client Read/Server Read + * CW/SW = Client Write/Server Write + * + * The "special" states are: + * TLS_ST_BEFORE = No handshake has been initiated yet + * TLS_ST_OK = A handshake has been successfully completed + */ +typedef enum { + TLS_ST_BEFORE, + TLS_ST_OK, + DTLS_ST_CR_HELLO_VERIFY_REQUEST, + TLS_ST_CR_SRVR_HELLO, + TLS_ST_CR_CERT, + TLS_ST_CR_COMP_CERT, + TLS_ST_CR_CERT_STATUS, + TLS_ST_CR_KEY_EXCH, + TLS_ST_CR_CERT_REQ, + TLS_ST_CR_SRVR_DONE, + TLS_ST_CR_SESSION_TICKET, + TLS_ST_CR_CHANGE, + TLS_ST_CR_FINISHED, + TLS_ST_CW_CLNT_HELLO, + TLS_ST_CW_CERT, + TLS_ST_CW_COMP_CERT, + TLS_ST_CW_KEY_EXCH, + TLS_ST_CW_CERT_VRFY, + TLS_ST_CW_CHANGE, + TLS_ST_CW_NEXT_PROTO, + TLS_ST_CW_FINISHED, + TLS_ST_SW_HELLO_REQ, + TLS_ST_SR_CLNT_HELLO, + DTLS_ST_SW_HELLO_VERIFY_REQUEST, + TLS_ST_SW_SRVR_HELLO, + TLS_ST_SW_CERT, + TLS_ST_SW_COMP_CERT, + TLS_ST_SW_KEY_EXCH, + TLS_ST_SW_CERT_REQ, + TLS_ST_SW_SRVR_DONE, + TLS_ST_SR_CERT, + TLS_ST_SR_COMP_CERT, + TLS_ST_SR_KEY_EXCH, + TLS_ST_SR_CERT_VRFY, + TLS_ST_SR_NEXT_PROTO, + TLS_ST_SR_CHANGE, + TLS_ST_SR_FINISHED, + TLS_ST_SW_SESSION_TICKET, + TLS_ST_SW_CERT_STATUS, + TLS_ST_SW_CHANGE, + TLS_ST_SW_FINISHED, + TLS_ST_SW_ENCRYPTED_EXTENSIONS, + TLS_ST_CR_ENCRYPTED_EXTENSIONS, + TLS_ST_CR_CERT_VRFY, + TLS_ST_SW_CERT_VRFY, + TLS_ST_CR_HELLO_REQ, + TLS_ST_SW_KEY_UPDATE, + TLS_ST_CW_KEY_UPDATE, + TLS_ST_SR_KEY_UPDATE, + TLS_ST_CR_KEY_UPDATE, + TLS_ST_EARLY_DATA, + TLS_ST_PENDING_EARLY_DATA_END, + TLS_ST_CW_END_OF_EARLY_DATA, + TLS_ST_SR_END_OF_EARLY_DATA +} OSSL_HANDSHAKE_STATE; + +/* + * Most of the following state values are no longer used and are defined to be + * the closest equivalent value in the current state machine code. Not all + * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT + * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP, + * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT. + */ + +# define SSL_ST_CONNECT 0x1000 +# define SSL_ST_ACCEPT 0x2000 + +# define SSL_ST_MASK 0x0FFF + +# define SSL_CB_LOOP 0x01 +# define SSL_CB_EXIT 0x02 +# define SSL_CB_READ 0x04 +# define SSL_CB_WRITE 0x08 +# define SSL_CB_ALERT 0x4000/* used in callback */ +# define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) +# define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) +# define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) +# define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) +# define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) +# define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) +# define SSL_CB_HANDSHAKE_START 0x10 +# define SSL_CB_HANDSHAKE_DONE 0x20 + +/* Is the SSL_connection established? */ +# define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a)) +# define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a)) +int SSL_in_init(const SSL *s); +int SSL_in_before(const SSL *s); +int SSL_is_init_finished(const SSL *s); + +/* + * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you + * should not need these + */ +# define SSL_ST_READ_HEADER 0xF0 +# define SSL_ST_READ_BODY 0xF1 +# define SSL_ST_READ_DONE 0xF2 + +/*- + * Obtain latest Finished message + * -- that we sent (SSL_get_finished) + * -- that we expected from peer (SSL_get_peer_finished). + * Returns length (0 == no Finished so far), copies up to 'count' bytes. + */ +size_t SSL_get_finished(const SSL *s, void *buf, size_t count); +size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + +/* + * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 3 options are + * 'ored' with SSL_VERIFY_PEER if they are desired + */ +# define SSL_VERIFY_NONE 0x00 +# define SSL_VERIFY_PEER 0x01 +# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 +# define SSL_VERIFY_CLIENT_ONCE 0x04 +# define SSL_VERIFY_POST_HANDSHAKE 0x08 + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define OpenSSL_add_ssl_algorithms() SSL_library_init() +# define SSLeay_add_ssl_algorithms() SSL_library_init() +# endif + +/* More backward compatibility */ +# define SSL_get_cipher(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +# define SSL_get_cipher_bits(s,np) \ + SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +# define SSL_get_cipher_version(s) \ + SSL_CIPHER_get_version(SSL_get_current_cipher(s)) +# define SSL_get_cipher_name(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +# define SSL_get_time(a) SSL_SESSION_get_time(a) +# define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) +# define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) +# define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) + +# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) +# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) + +DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) +# define SSL_AD_REASON_OFFSET 1000/* offset to get SSL_R_... value + * from SSL_AD_... */ +/* These alert types are for SSLv3 and TLSv1 */ +# define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY +/* fatal */ +# define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE +/* fatal */ +# define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC +# define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED +# define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW +/* fatal */ +# define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE +/* fatal */ +# define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE +/* Not for TLS */ +# define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE +# define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE +# define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE +# define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED +# define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED +# define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN +/* fatal */ +# define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER +/* fatal */ +# define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA +/* fatal */ +# define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED +/* fatal */ +# define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR +# define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR +/* fatal */ +# define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION +/* fatal */ +# define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION +/* fatal */ +# define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY +/* fatal */ +# define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR +# define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED +# define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION +# define SSL_AD_MISSING_EXTENSION TLS13_AD_MISSING_EXTENSION +# define SSL_AD_CERTIFICATE_REQUIRED TLS13_AD_CERTIFICATE_REQUIRED +# define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION +# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE +# define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME +# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE +# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE +/* fatal */ +# define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY +/* fatal */ +# define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK +# define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL +# define SSL_ERROR_NONE 0 +# define SSL_ERROR_SSL 1 +# define SSL_ERROR_WANT_READ 2 +# define SSL_ERROR_WANT_WRITE 3 +# define SSL_ERROR_WANT_X509_LOOKUP 4 +# define SSL_ERROR_SYSCALL 5/* look at error stack/return + * value/errno */ +# define SSL_ERROR_ZERO_RETURN 6 +# define SSL_ERROR_WANT_CONNECT 7 +# define SSL_ERROR_WANT_ACCEPT 8 +# define SSL_ERROR_WANT_ASYNC 9 +# define SSL_ERROR_WANT_ASYNC_JOB 10 +# define SSL_ERROR_WANT_CLIENT_HELLO_CB 11 +# define SSL_ERROR_WANT_RETRY_VERIFY 12 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SSL_CTRL_SET_TMP_DH 3 +# define SSL_CTRL_SET_TMP_ECDH 4 +# define SSL_CTRL_SET_TMP_DH_CB 6 +# endif + +# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 +# define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 +# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 +# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 +# define SSL_CTRL_GET_FLAGS 13 +# define SSL_CTRL_EXTRA_CHAIN_CERT 14 +# define SSL_CTRL_SET_MSG_CALLBACK 15 +# define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 +/* only applies to datagram connections */ +# define SSL_CTRL_SET_MTU 17 +/* Stats */ +# define SSL_CTRL_SESS_NUMBER 20 +# define SSL_CTRL_SESS_CONNECT 21 +# define SSL_CTRL_SESS_CONNECT_GOOD 22 +# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 +# define SSL_CTRL_SESS_ACCEPT 24 +# define SSL_CTRL_SESS_ACCEPT_GOOD 25 +# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 +# define SSL_CTRL_SESS_HIT 27 +# define SSL_CTRL_SESS_CB_HIT 28 +# define SSL_CTRL_SESS_MISSES 29 +# define SSL_CTRL_SESS_TIMEOUTS 30 +# define SSL_CTRL_SESS_CACHE_FULL 31 +# define SSL_CTRL_MODE 33 +# define SSL_CTRL_GET_READ_AHEAD 40 +# define SSL_CTRL_SET_READ_AHEAD 41 +# define SSL_CTRL_SET_SESS_CACHE_SIZE 42 +# define SSL_CTRL_GET_SESS_CACHE_SIZE 43 +# define SSL_CTRL_SET_SESS_CACHE_MODE 44 +# define SSL_CTRL_GET_SESS_CACHE_MODE 45 +# define SSL_CTRL_GET_MAX_CERT_LIST 50 +# define SSL_CTRL_SET_MAX_CERT_LIST 51 +# define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 +/* see tls1.h for macros based on these */ +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 +# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 +# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 +# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 +# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */ +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 +# endif +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 +# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 +# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 +# define SSL_CTRL_SET_SRP_ARG 78 +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 +# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 +# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 +# define DTLS_CTRL_GET_TIMEOUT 73 +# define DTLS_CTRL_HANDLE_TIMEOUT 74 +# define SSL_CTRL_GET_RI_SUPPORT 76 +# define SSL_CTRL_CLEAR_MODE 78 +# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79 +# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 +# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 +# define SSL_CTRL_CHAIN 88 +# define SSL_CTRL_CHAIN_CERT 89 +# define SSL_CTRL_GET_GROUPS 90 +# define SSL_CTRL_SET_GROUPS 91 +# define SSL_CTRL_SET_GROUPS_LIST 92 +# define SSL_CTRL_GET_SHARED_GROUP 93 +# define SSL_CTRL_SET_SIGALGS 97 +# define SSL_CTRL_SET_SIGALGS_LIST 98 +# define SSL_CTRL_CERT_FLAGS 99 +# define SSL_CTRL_CLEAR_CERT_FLAGS 100 +# define SSL_CTRL_SET_CLIENT_SIGALGS 101 +# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 +# define SSL_CTRL_GET_CLIENT_CERT_TYPES 103 +# define SSL_CTRL_SET_CLIENT_CERT_TYPES 104 +# define SSL_CTRL_BUILD_CERT_CHAIN 105 +# define SSL_CTRL_SET_VERIFY_CERT_STORE 106 +# define SSL_CTRL_SET_CHAIN_CERT_STORE 107 +# define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 +# define SSL_CTRL_GET_PEER_TMP_KEY 109 +# define SSL_CTRL_GET_RAW_CIPHERLIST 110 +# define SSL_CTRL_GET_EC_POINT_FORMATS 111 +# define SSL_CTRL_GET_CHAIN_CERTS 115 +# define SSL_CTRL_SELECT_CURRENT_CERT 116 +# define SSL_CTRL_SET_CURRENT_CERT 117 +# define SSL_CTRL_SET_DH_AUTO 118 +# define DTLS_CTRL_SET_LINK_MTU 120 +# define DTLS_CTRL_GET_LINK_MIN_MTU 121 +# define SSL_CTRL_GET_EXTMS_SUPPORT 122 +# define SSL_CTRL_SET_MIN_PROTO_VERSION 123 +# define SSL_CTRL_SET_MAX_PROTO_VERSION 124 +# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125 +# define SSL_CTRL_SET_MAX_PIPELINES 126 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 +# define SSL_CTRL_GET_MIN_PROTO_VERSION 130 +# define SSL_CTRL_GET_MAX_PROTO_VERSION 131 +# define SSL_CTRL_GET_SIGNATURE_NID 132 +# define SSL_CTRL_GET_TMP_KEY 133 +# define SSL_CTRL_GET_NEGOTIATED_GROUP 134 +# define SSL_CTRL_GET_IANA_GROUPS 135 +# define SSL_CTRL_SET_RETRY_VERIFY 136 +# define SSL_CTRL_GET_VERIFY_CERT_STORE 137 +# define SSL_CTRL_GET_CHAIN_CERT_STORE 138 +# define SSL_CTRL_GET0_IMPLEMENTED_GROUPS 139 +# define SSL_CTRL_GET_SIGNATURE_NAME 140 +# define SSL_CTRL_GET_PEER_SIGNATURE_NAME 141 +# define SSL_CERT_SET_FIRST 1 +# define SSL_CERT_SET_NEXT 2 +# define SSL_CERT_SET_SERVER 3 +# define DTLSv1_get_timeout(ssl, arg) \ + SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)(arg)) +# define DTLSv1_handle_timeout(ssl) \ + SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) +# define SSL_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) +# define SSL_clear_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) +# define SSL_total_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SSL_CTX_set_tmp_dh(ctx,dh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) +# endif +# define SSL_CTX_set_dh_auto(ctx, onoff) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) +# define SSL_set_dh_auto(s, onoff) \ + SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SSL_set_tmp_dh(ssl,dh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) +# define SSL_set_tmp_ecdh(ssl,ecdh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) +# endif +# define SSL_CTX_add_extra_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)(x509)) +# define SSL_CTX_get_extra_chain_certs(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) +# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509) +# define SSL_CTX_clear_extra_chain_certs(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) +# define SSL_CTX_set0_chain(ctx,sk) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) +# define SSL_CTX_set1_chain(ctx,sk) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk)) +# define SSL_CTX_add0_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) +# define SSL_CTX_add1_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) +# define SSL_CTX_get0_chain_certs(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) +# define SSL_CTX_clear_chain_certs(ctx) \ + SSL_CTX_set0_chain(ctx,NULL) +# define SSL_CTX_build_cert_chain(ctx, flags) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +# define SSL_CTX_select_current_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) +# define SSL_CTX_set_current_cert(ctx, op) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) +# define SSL_CTX_set0_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_CTX_set1_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) +# define SSL_CTX_get0_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_CTX_set0_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) +# define SSL_CTX_set1_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) +# define SSL_CTX_get0_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st)) +# define SSL_set0_chain(s,sk) \ + SSL_ctrl(s,SSL_CTRL_CHAIN,0,(char *)(sk)) +# define SSL_set1_chain(s,sk) \ + SSL_ctrl(s,SSL_CTRL_CHAIN,1,(char *)(sk)) +# define SSL_add0_chain_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) +# define SSL_add1_chain_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) +# define SSL_get0_chain_certs(s,px509) \ + SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERTS,0,px509) +# define SSL_clear_chain_certs(s) \ + SSL_set0_chain(s,NULL) +# define SSL_build_cert_chain(s, flags) \ + SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +# define SSL_select_current_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) +# define SSL_set_current_cert(s,op) \ + SSL_ctrl(s,SSL_CTRL_SET_CURRENT_CERT, op, NULL) +# define SSL_set0_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_set1_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) +#define SSL_get0_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_set0_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) +# define SSL_set1_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) +#define SSL_get0_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st)) + +# define SSL_get1_groups(s, glist) \ + SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) +# define SSL_get0_iana_groups(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst)) +# define SSL_CTX_set1_groups(ctx, glist, glistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist)) +# define SSL_CTX_set1_groups_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s)) +# define SSL_CTX_get0_implemented_groups(ctx, all, out) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET0_IMPLEMENTED_GROUPS, all, \ + (STACK_OF(OPENSSL_CSTRING) *)(out)) +# define SSL_set1_groups(s, glist, glistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) +# define SSL_set1_groups_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(str)) +# define SSL_get_shared_group(s, n) \ + SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL) +# define SSL_get_negotiated_group(s) \ + SSL_ctrl(s,SSL_CTRL_GET_NEGOTIATED_GROUP,0,NULL) +# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) +# define SSL_CTX_set1_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s)) +# define SSL_set1_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) +# define SSL_set1_sigalgs_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(str)) +# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) +# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s)) +# define SSL_set1_client_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) +# define SSL_set1_client_sigalgs_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(str)) +# define SSL_get0_certificate_types(s, clist) \ + SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist)) +# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen, \ + (char *)(clist)) +# define SSL_set1_client_certificate_types(s, clist, clistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist)) +# define SSL_get0_signature_name(s, str) \ + SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NAME,0,(1?(str):(const char **)NULL)) +# define SSL_get_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn) +# define SSL_get0_peer_signature_name(s, str) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NAME,0,(1?(str):(const char **)NULL)) +# define SSL_get_peer_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) +# define SSL_get_peer_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk) +# define SSL_get_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk) +# define SSL_get0_raw_cipherlist(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) +# define SSL_get0_ec_point_formats(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst) +# define SSL_CTX_set_min_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +# define SSL_CTX_set_max_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +# define SSL_CTX_get_min_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +# define SSL_CTX_get_max_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) +# define SSL_set_min_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +# define SSL_set_max_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +# define SSL_get_min_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +# define SSL_get_max_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) + +const char *SSL_get0_group_name(SSL *s); +const char *SSL_group_to_name(SSL *s, int id); + +/* Backwards compatibility, original 1.1.0 names */ +# define SSL_CTRL_GET_SERVER_TMP_KEY \ + SSL_CTRL_GET_PEER_TMP_KEY +# define SSL_get_server_tmp_key(s, pk) \ + SSL_get_peer_tmp_key(s, pk) + +int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey); +int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey); + +/* + * The following symbol names are old and obsolete. They are kept + * for compatibility reasons only and should not be used anymore. + */ +# define SSL_CTRL_GET_CURVES SSL_CTRL_GET_GROUPS +# define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS +# define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST +# define SSL_CTRL_GET_SHARED_CURVE SSL_CTRL_GET_SHARED_GROUP + +# define SSL_get1_curves SSL_get1_groups +# define SSL_CTX_set1_curves SSL_CTX_set1_groups +# define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list +# define SSL_set1_curves SSL_set1_groups +# define SSL_set1_curves_list SSL_set1_groups_list +# define SSL_get_shared_curve SSL_get_shared_group + + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +/* Provide some compatibility macros for removed functionality. */ +# define SSL_CTX_need_tmp_RSA(ctx) 0 +# define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 +# define SSL_need_tmp_RSA(ssl) 0 +# define SSL_set_tmp_rsa(ssl,rsa) 1 +# define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +# define SSL_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +/* + * We "pretend" to call the callback to avoid warnings about unused static + * functions. + */ +# define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0) +# define SSL_set_tmp_rsa_callback(ssl, cb) while(0) (cb)(NULL, 0, 0) +# endif +__owur const BIO_METHOD *BIO_f_ssl(void); +__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client); +__owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx); +__owur BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); +__owur int BIO_ssl_copy_session_id(BIO *to, BIO *from); +void BIO_ssl_shutdown(BIO *ssl_bio); + +__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); +__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); +__owur SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, + const SSL_METHOD *meth); +int SSL_CTX_up_ref(SSL_CTX *ctx); +void SSL_CTX_free(SSL_CTX *); +__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); +__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx); +__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); +void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); +void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *); +__owur int SSL_want(const SSL *s); +__owur int SSL_clear(SSL *s); + +#ifndef OPENSSL_NO_DEPRECATED_3_4 +OSSL_DEPRECATEDIN_3_4_FOR("not Y2038-safe, replace with SSL_CTX_flush_sessions_ex()") +void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); +#endif +void SSL_CTX_flush_sessions_ex(SSL_CTX *ctx, time_t tm); + +__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +__owur const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s); +__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); +__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c); +__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); +__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); +__owur const char *OPENSSL_cipher_name(const char *rfc_name); +__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); +__owur uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); +__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); +__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); +__owur const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); +__owur int SSL_CIPHER_is_aead(const SSL_CIPHER *c); + +__owur int SSL_get_fd(const SSL *s); +__owur int SSL_get_rfd(const SSL *s); +__owur int SSL_get_wfd(const SSL *s); +__owur const char *SSL_get_cipher_list(const SSL *s, int n); +__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); +__owur int SSL_get_read_ahead(const SSL *s); +__owur int SSL_pending(const SSL *s); +__owur int SSL_has_pending(const SSL *s); +# ifndef OPENSSL_NO_SOCK +__owur int SSL_set_fd(SSL *s, int fd); +__owur int SSL_set_rfd(SSL *s, int fd); +__owur int SSL_set_wfd(SSL *s, int fd); +# endif +void SSL_set0_rbio(SSL *s, BIO *rbio); +void SSL_set0_wbio(SSL *s, BIO *wbio); +void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); +__owur BIO *SSL_get_rbio(const SSL *s); +__owur BIO *SSL_get_wbio(const SSL *s); +__owur int SSL_set_cipher_list(SSL *s, const char *str); +__owur int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); +__owur int SSL_set_ciphersuites(SSL *s, const char *str); +void SSL_set_read_ahead(SSL *s, int yes); +__owur int SSL_get_verify_mode(const SSL *s); +__owur int SSL_get_verify_depth(const SSL *s); +__owur SSL_verify_cb SSL_get_verify_callback(const SSL *s); +void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback); +void SSL_set_verify_depth(SSL *s, int depth); +void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 __owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +OSSL_DEPRECATEDIN_3_0 +__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, + const unsigned char *d, long len); +# endif +__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, + long len); +__owur int SSL_use_certificate(SSL *ssl, X509 *x); +__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); +__owur int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, + STACK_OF(X509) *chain, int override); + + +/* serverinfo file format versions */ +# define SSL_SERVERINFOV1 1 +# define SSL_SERVERINFOV2 2 + +/* Set serverinfo data for the current active cert. */ +__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, + size_t serverinfo_length); +__owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, + const unsigned char *serverinfo, + size_t serverinfo_length); +__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); + +#ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +#endif + +__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type); + +#ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, + int type); +#endif +__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, + int type); +__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, + int type); +/* PEM type */ +__owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); +__owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file); +__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +__owur STACK_OF(X509_NAME) +*SSL_load_client_CA_file_ex(const char *file, OSSL_LIB_CTX *libctx, + const char *propq); +__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *file); +int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *dir); +int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *uri); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define SSL_load_error_strings() \ + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +# endif + +__owur const char *SSL_state_string(const SSL *s); +__owur const char *SSL_rstate_string(const SSL *s); +__owur const char *SSL_state_string_long(const SSL *s); +__owur const char *SSL_rstate_string_long(const SSL *s); + +#ifndef OPENSSL_NO_DEPRECATED_3_4 +OSSL_DEPRECATEDIN_3_4_FOR("not Y2038-safe, replace with SSL_SESSION_get_time_ex()") +__owur long SSL_SESSION_get_time(const SSL_SESSION *s); +OSSL_DEPRECATEDIN_3_4_FOR("not Y2038-safe, replace with SSL_SESSION_set_time_ex()") +__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t); +#endif +__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s); +__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); +__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); +__owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); + +__owur time_t SSL_SESSION_get_time_ex(const SSL_SESSION *s); +__owur time_t SSL_SESSION_set_time_ex(SSL_SESSION *s, time_t t); + +__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); +__owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); +void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, + const unsigned char **alpn, + size_t *len); +__owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, + const unsigned char *alpn, + size_t len); +__owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); +__owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); +__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s); +__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); +void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, + size_t *len); +__owur uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); +__owur int SSL_SESSION_set_max_early_data(SSL_SESSION *s, + uint32_t max_early_data); +__owur int SSL_copy_session_id(SSL *to, const SSL *from); +__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); +__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); +__owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, + unsigned int sid_len); +__owur int SSL_SESSION_is_resumable(const SSL_SESSION *s); + +__owur SSL_SESSION *SSL_SESSION_new(void); +__owur SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src); +const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, + unsigned int *len); +const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, + unsigned int *len); +__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); +# ifndef OPENSSL_NO_STDIO +int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); +# endif +int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); +int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); +int SSL_SESSION_up_ref(SSL_SESSION *ses); +void SSL_SESSION_free(SSL_SESSION *ses); +__owur int i2d_SSL_SESSION(const SSL_SESSION *in, unsigned char **pp); +__owur int SSL_set_session(SSL *to, SSL_SESSION *session); +int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session); +int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *session); +__owur int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); +__owur int SSL_set_generate_session_id(SSL *s, GEN_SESSION_CB cb); +__owur int SSL_has_matching_session_id(const SSL *s, + const unsigned char *id, + unsigned int id_len); +SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, + long length); +SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp, + long length, OSSL_LIB_CTX *libctx, + const char *propq); + +# ifdef OPENSSL_X509_H +__owur X509 *SSL_get0_peer_certificate(const SSL *s); +__owur X509 *SSL_get1_peer_certificate(const SSL *s); +/* Deprecated in 3.0.0 */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SSL_get_peer_certificate SSL_get1_peer_certificate +# endif +# endif + +__owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); + +__owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +__owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +__owur SSL_verify_cb SSL_CTX_get_verify_callback(const SSL_CTX *ctx); +void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback); +void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); +void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, + int (*cb) (X509_STORE_CTX *, void *), + void *arg); +void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), + void *arg); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +OSSL_DEPRECATEDIN_3_0 +__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, + long len); +# endif +__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, + const unsigned char *d, long len); +__owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +__owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, + const unsigned char *d); +__owur int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, + STACK_OF(X509) *chain, int override); + +void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); +pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); +void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); +void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); +void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); +pem_password_cb *SSL_get_default_passwd_cb(SSL *s); +void *SSL_get_default_passwd_cb_userdata(SSL *s); + +__owur int SSL_CTX_check_private_key(const SSL_CTX *ctx); +__owur int SSL_check_private_key(const SSL *ctx); + +__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +SSL *SSL_new(SSL_CTX *ctx); +int SSL_up_ref(SSL *s); +int SSL_is_dtls(const SSL *s); +int SSL_is_tls(const SSL *s); +int SSL_is_quic(const SSL *s); +__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +__owur int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose); +__owur int SSL_set_purpose(SSL *ssl, int purpose); +__owur int SSL_CTX_set_trust(SSL_CTX *ctx, int trust); +__owur int SSL_set_trust(SSL *ssl, int trust); + +__owur int SSL_set1_host(SSL *s, const char *hostname); +__owur int SSL_add1_host(SSL *s, const char *hostname); +__owur const char *SSL_get0_peername(SSL *s); +void SSL_set_hostflags(SSL *s, unsigned int flags); + +__owur int SSL_CTX_dane_enable(SSL_CTX *ctx); +__owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, + uint8_t mtype, uint8_t ord); +__owur int SSL_dane_enable(SSL *s, const char *basedomain); +__owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, + uint8_t mtype, const unsigned char *data, size_t dlen); +__owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); +__owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, + uint8_t *mtype, const unsigned char **data, + size_t *dlen); +/* + * Bridge opacity barrier between libcrypt and libssl, also needed to support + * offline testing in test/danetest.c + */ +SSL_DANE *SSL_get0_dane(SSL *ssl); +/* + * DANE flags + */ +unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); +unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); +unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); +unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); + +__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); +__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); + +__owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); +__owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); + +# ifndef OPENSSL_NO_SRP +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); +OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); +OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); +OSSL_DEPRECATEDIN_3_0 +int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, + char *(*cb) (SSL *, void *)); +OSSL_DEPRECATEDIN_3_0 +int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, + int (*cb) (SSL *, void *)); +OSSL_DEPRECATEDIN_3_0 +int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, + int (*cb) (SSL *, int *, void *)); +OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); + +OSSL_DEPRECATEDIN_3_0 +int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, + BIGNUM *sa, BIGNUM *v, char *info); +OSSL_DEPRECATEDIN_3_0 +int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, + const char *grp); + +OSSL_DEPRECATEDIN_3_0 __owur BIGNUM *SSL_get_srp_g(SSL *s); +OSSL_DEPRECATEDIN_3_0 __owur BIGNUM *SSL_get_srp_N(SSL *s); + +OSSL_DEPRECATEDIN_3_0 __owur char *SSL_get_srp_username(SSL *s); +OSSL_DEPRECATEDIN_3_0 __owur char *SSL_get_srp_userinfo(SSL *s); +# endif +# endif + +/* + * ClientHello callback and helpers. + */ + +# define SSL_CLIENT_HELLO_SUCCESS 1 +# define SSL_CLIENT_HELLO_ERROR 0 +# define SSL_CLIENT_HELLO_RETRY (-1) + +typedef int (*SSL_client_hello_cb_fn) (SSL *s, int *al, void *arg); +void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, + void *arg); +typedef int (*SSL_new_pending_conn_cb_fn) (SSL_CTX *ctx, SSL *new_ssl, + void *arg); +void SSL_CTX_set_new_pending_conn_cb(SSL_CTX *c, SSL_new_pending_conn_cb_fn cb, + void *arg); + +int SSL_client_hello_isv2(SSL *s); +unsigned int SSL_client_hello_get0_legacy_version(SSL *s); +size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_compression_methods(SSL *s, + const unsigned char **out); +int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen); +int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts, + size_t *num_exts); +int SSL_client_hello_get0_ext(SSL *s, unsigned int type, + const unsigned char **out, size_t *outlen); + +void SSL_certs_clear(SSL *s); +void SSL_free(SSL *ssl); +# ifdef OSSL_ASYNC_FD +/* + * Windows application developer has to include windows.h to use these. + */ +__owur int SSL_waiting_for_async(SSL *s); +__owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds); +__owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds); +__owur int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback); +__owur int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg); +__owur int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback); +__owur int SSL_set_async_callback_arg(SSL *s, void *arg); +__owur int SSL_get_async_status(SSL *s, int *status); + +# endif +__owur int SSL_accept(SSL *ssl); +__owur int SSL_stateless(SSL *s); +__owur int SSL_connect(SSL *ssl); +__owur int SSL_read(SSL *ssl, void *buf, int num); +__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); + +# define SSL_READ_EARLY_DATA_ERROR 0 +# define SSL_READ_EARLY_DATA_SUCCESS 1 +# define SSL_READ_EARLY_DATA_FINISH 2 + +__owur int SSL_read_early_data(SSL *s, void *buf, size_t num, + size_t *readbytes); +__owur int SSL_peek(SSL *ssl, void *buf, int num); +__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); +__owur ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, + int flags); +__owur int SSL_write(SSL *ssl, const void *buf, int num); +__owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); +__owur int SSL_write_early_data(SSL *s, const void *buf, size_t num, + size_t *written); +long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); +long SSL_callback_ctrl(SSL *, int, void (*)(void)); +long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); +long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); + +# define SSL_WRITE_FLAG_CONCLUDE (1U << 0) + +__owur int SSL_write_ex2(SSL *s, const void *buf, size_t num, + uint64_t flags, + size_t *written); + +# define SSL_EARLY_DATA_NOT_SENT 0 +# define SSL_EARLY_DATA_REJECTED 1 +# define SSL_EARLY_DATA_ACCEPTED 2 + +__owur int SSL_get_early_data_status(const SSL *s); + +__owur int SSL_get_error(const SSL *s, int ret_code); +__owur const char *SSL_get_version(const SSL *s); +__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt); + +/* This sets the 'default' SSL version that SSL_new() will create */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); +# endif + +# ifndef OPENSSL_NO_SSL3_METHOD +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ +OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *SSLv3_server_method(void); +OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *SSLv3_client_method(void); +# endif +# endif + +#define SSLv23_method TLS_method +#define SSLv23_server_method TLS_server_method +#define SSLv23_client_method TLS_client_method + +/* Negotiate highest available SSL/TLS version */ +__owur const SSL_METHOD *TLS_method(void); +__owur const SSL_METHOD *TLS_server_method(void); +__owur const SSL_METHOD *TLS_client_method(void); + +# ifndef OPENSSL_NO_TLS1_METHOD +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ +OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_server_method(void); +OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_client_method(void); +# endif +# endif + +# ifndef OPENSSL_NO_TLS1_1_METHOD +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */ +OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_1_server_method(void); +OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_1_client_method(void); +# endif +# endif + +# ifndef OPENSSL_NO_TLS1_2_METHOD +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */ +OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_server_method(void); +OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_client_method(void); +# endif +# endif + +# ifndef OPENSSL_NO_DTLS1_METHOD +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ +OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_server_method(void); +OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_client_method(void); +# endif +# endif + +# ifndef OPENSSL_NO_DTLS1_2_METHOD +/* DTLSv1.2 */ +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_2_method(void); +OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_2_server_method(void); +OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_2_client_method(void); +# endif +# endif + +__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ +__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ +__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ + +__owur size_t DTLS_get_data_mtu(const SSL *s); + +__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); +__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); + +__owur int SSL_do_handshake(SSL *s); +int SSL_key_update(SSL *s, int updatetype); +int SSL_get_key_update_type(const SSL *s); +int SSL_renegotiate(SSL *s); +int SSL_renegotiate_abbreviated(SSL *s); +__owur int SSL_renegotiate_pending(const SSL *s); +int SSL_new_session_ticket(SSL *s); +int SSL_shutdown(SSL *s); +__owur int SSL_verify_client_post_handshake(SSL *s); +void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); +void SSL_set_post_handshake_auth(SSL *s, int val); + +__owur const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); +__owur const SSL_METHOD *SSL_get_ssl_method(const SSL *s); +__owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); +__owur const char *SSL_alert_type_string_long(int value); +__owur const char *SSL_alert_type_string(int value); +__owur const char *SSL_alert_desc_string_long(int value); +__owur const char *SSL_alert_desc_string(int value); + +void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +__owur const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s); +__owur const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); +__owur int SSL_add1_to_CA_list(SSL *ssl, const X509 *x); +__owur int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x); +__owur const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s); + +void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +__owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +__owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); +__owur int SSL_add_client_CA(SSL *ssl, X509 *x); +__owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); + +void SSL_set_connect_state(SSL *s); +void SSL_set_accept_state(SSL *s); + +__owur long SSL_get_default_timeout(const SSL *s); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define SSL_library_init() OPENSSL_init_ssl(0, NULL) +# endif + +__owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); +__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk); + +__owur SSL *SSL_dup(SSL *ssl); + +__owur X509 *SSL_get_certificate(const SSL *ssl); +/* + * EVP_PKEY + */ +struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); + +__owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); +__owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); + +void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); +__owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); +void SSL_set_quiet_shutdown(SSL *ssl, int mode); +__owur int SSL_get_quiet_shutdown(const SSL *ssl); +void SSL_set_shutdown(SSL *ssl, int mode); +__owur int SSL_get_shutdown(const SSL *ssl); +__owur int SSL_version(const SSL *ssl); +__owur int SSL_client_version(const SSL *s); +__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_store(SSL_CTX *ctx); +__owur int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile); +__owur int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath); +__owur int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore); +__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, + const char *CAfile, + const char *CApath); +# define SSL_get0_session SSL_get_session/* just peek at pointer */ +__owur SSL_SESSION *SSL_get_session(const SSL *ssl); +__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ +__owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); +void SSL_set_info_callback(SSL *ssl, + void (*cb) (const SSL *ssl, int type, int val)); +void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, + int val); +__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); + +void SSL_set_verify_result(SSL *ssl, long v); +__owur long SSL_get_verify_result(const SSL *ssl); +__owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s); + +__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *sess, + unsigned char *out, size_t outlen); +__owur int SSL_SESSION_set1_master_key(SSL_SESSION *sess, + const unsigned char *in, size_t len); +uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *sess); + +#define SSL_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef) +__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data); +void *SSL_get_ex_data(const SSL *ssl, int idx); +#define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef) +__owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); +void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); +#define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef) +__owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); +void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); + +__owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); + +# define SSL_CTX_sess_set_cache_size(ctx,t) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) +# define SSL_CTX_sess_get_cache_size(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) +# define SSL_CTX_set_session_cache_mode(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) +# define SSL_CTX_get_session_cache_mode(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) + +# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) +# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) +# define SSL_CTX_get_read_ahead(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) +# define SSL_CTX_set_read_ahead(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) +# define SSL_CTX_get_max_cert_list(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +# define SSL_CTX_set_max_cert_list(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) +# define SSL_get_max_cert_list(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +# define SSL_set_max_cert_list(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) + +# define SSL_CTX_set_max_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +# define SSL_set_max_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +# define SSL_CTX_set_split_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +# define SSL_set_split_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +# define SSL_CTX_set_max_pipelines(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) +# define SSL_set_max_pipelines(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) +# define SSL_set_retry_verify(ssl) \ + (SSL_ctrl(ssl,SSL_CTRL_SET_RETRY_VERIFY,0,NULL) > 0) + +void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); +void SSL_set_default_read_buffer_len(SSL *s, size_t len); + +# ifndef OPENSSL_NO_DH +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* NB: the |keylength| is only applicable when is_export is true */ +OSSL_DEPRECATEDIN_3_0 +void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, + DH *(*dh) (SSL *ssl, int is_export, + int keylength)); +OSSL_DEPRECATEDIN_3_0 +void SSL_set_tmp_dh_callback(SSL *ssl, + DH *(*dh) (SSL *ssl, int is_export, + int keylength)); +# endif +# endif + +__owur const COMP_METHOD *SSL_get_current_compression(const SSL *s); +__owur const COMP_METHOD *SSL_get_current_expansion(const SSL *s); +__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp); +__owur const char *SSL_COMP_get0_name(const SSL_COMP *comp); +__owur int SSL_COMP_get_id(const SSL_COMP *comp); +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) + *meths); +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define SSL_COMP_free_compression_methods() while(0) continue +# endif +__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); + +const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); +int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); +int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); +int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, + int isv2format, STACK_OF(SSL_CIPHER) **sk, + STACK_OF(SSL_CIPHER) **scsvs); + +/* TLS extensions functions */ +__owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); + +__owur int SSL_set_session_ticket_ext_cb(SSL *s, + tls_session_ticket_ext_cb_fn cb, + void *arg); + +/* Pre-shared secret session resumption functions */ +__owur int SSL_set_session_secret_cb(SSL *s, + tls_session_secret_cb_fn session_secret_cb, + void *arg); + +void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, + int (*cb) (SSL *ssl, + int + is_forward_secure)); + +void SSL_set_not_resumable_session_callback(SSL *ssl, + int (*cb) (SSL *ssl, + int is_forward_secure)); + +void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, + size_t (*cb) (SSL *ssl, int type, + size_t len, void *arg)); +void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); +void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); +int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); +int SSL_CTX_set_block_padding_ex(SSL_CTX *ctx, size_t app_block_size, + size_t hs_block_size); + +int SSL_set_record_padding_callback(SSL *ssl, + size_t (*cb) (SSL *ssl, int type, + size_t len, void *arg)); +void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); +void *SSL_get_record_padding_callback_arg(const SSL *ssl); +int SSL_set_block_padding(SSL *ssl, size_t block_size); +int SSL_set_block_padding_ex(SSL *ssl, size_t app_block_size, + size_t hs_block_size); +int SSL_set_num_tickets(SSL *s, size_t num_tickets); +size_t SSL_get_num_tickets(const SSL *s); +int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); +size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); + +/* QUIC support */ +int SSL_handle_events(SSL *s); +__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite); +__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc); +__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc); +__owur int SSL_net_read_desired(SSL *s); +__owur int SSL_net_write_desired(SSL *s); +__owur int SSL_set_blocking_mode(SSL *s, int blocking); +__owur int SSL_get_blocking_mode(SSL *s); +__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr); +__owur SSL *SSL_get0_connection(SSL *s); +__owur int SSL_is_connection(SSL *s); + +__owur int SSL_is_listener(SSL *ssl); +__owur SSL *SSL_get0_listener(SSL *s); +#define SSL_LISTENER_FLAG_NO_VALIDATE (1UL << 1) +__owur SSL *SSL_new_listener(SSL_CTX *ctx, uint64_t flags); +__owur SSL *SSL_new_listener_from(SSL *ssl, uint64_t flags); +__owur SSL *SSL_new_from_listener(SSL *ssl, uint64_t flags); +#define SSL_ACCEPT_CONNECTION_NO_BLOCK (1UL << 0) +__owur SSL *SSL_accept_connection(SSL *ssl, uint64_t flags); +__owur size_t SSL_get_accept_connection_queue_len(SSL *ssl); +__owur int SSL_listen(SSL *ssl); + +__owur int SSL_is_domain(SSL *s); +__owur SSL *SSL_get0_domain(SSL *s); +__owur SSL *SSL_new_domain(SSL_CTX *ctx, uint64_t flags); + +#define SSL_DOMAIN_FLAG_SINGLE_THREAD (1U << 0) +#define SSL_DOMAIN_FLAG_MULTI_THREAD (1U << 1) +#define SSL_DOMAIN_FLAG_THREAD_ASSISTED (1U << 2) +#define SSL_DOMAIN_FLAG_BLOCKING (1U << 3) +#define SSL_DOMAIN_FLAG_LEGACY_BLOCKING (1U << 4) + +__owur int SSL_CTX_set_domain_flags(SSL_CTX *ctx, uint64_t domain_flags); +__owur int SSL_CTX_get_domain_flags(const SSL_CTX *ctx, uint64_t *domain_flags); +__owur int SSL_get_domain_flags(const SSL *ssl, uint64_t *domain_flags); + +#define SSL_STREAM_TYPE_NONE 0 +#define SSL_STREAM_TYPE_READ (1U << 0) +#define SSL_STREAM_TYPE_WRITE (1U << 1) +#define SSL_STREAM_TYPE_BIDI (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE) +__owur int SSL_get_stream_type(SSL *s); + +__owur uint64_t SSL_get_stream_id(SSL *s); +__owur int SSL_is_stream_local(SSL *s); + +#define SSL_DEFAULT_STREAM_MODE_NONE 0 +#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI 1 +#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI 2 +__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode); + +#define SSL_STREAM_FLAG_UNI (1U << 0) +#define SSL_STREAM_FLAG_NO_BLOCK (1U << 1) +#define SSL_STREAM_FLAG_ADVANCE (1U << 2) +__owur SSL *SSL_new_stream(SSL *s, uint64_t flags); + +#define SSL_INCOMING_STREAM_POLICY_AUTO 0 +#define SSL_INCOMING_STREAM_POLICY_ACCEPT 1 +#define SSL_INCOMING_STREAM_POLICY_REJECT 2 +__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec); + +#define SSL_ACCEPT_STREAM_NO_BLOCK (1U << 0) +__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags); +__owur size_t SSL_get_accept_stream_queue_len(SSL *s); + +# ifndef OPENSSL_NO_QUIC +__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf, + size_t buf_len, + const BIO_ADDR *peer, + const BIO_ADDR *local); +# endif + +typedef struct ssl_shutdown_ex_args_st { + uint64_t quic_error_code; + const char *quic_reason; +} SSL_SHUTDOWN_EX_ARGS; + +#define SSL_SHUTDOWN_FLAG_RAPID (1U << 0) +#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH (1U << 1) +#define SSL_SHUTDOWN_FLAG_NO_BLOCK (1U << 2) +#define SSL_SHUTDOWN_FLAG_WAIT_PEER (1U << 3) + +__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags, + const SSL_SHUTDOWN_EX_ARGS *args, + size_t args_len); + +__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags); + +typedef struct ssl_stream_reset_args_st { + uint64_t quic_error_code; +} SSL_STREAM_RESET_ARGS; + +__owur int SSL_stream_reset(SSL *ssl, + const SSL_STREAM_RESET_ARGS *args, + size_t args_len); + +#define SSL_STREAM_STATE_NONE 0 +#define SSL_STREAM_STATE_OK 1 +#define SSL_STREAM_STATE_WRONG_DIR 2 +#define SSL_STREAM_STATE_FINISHED 3 +#define SSL_STREAM_STATE_RESET_LOCAL 4 +#define SSL_STREAM_STATE_RESET_REMOTE 5 +#define SSL_STREAM_STATE_CONN_CLOSED 6 +__owur int SSL_get_stream_read_state(SSL *ssl); +__owur int SSL_get_stream_write_state(SSL *ssl); + +__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code); +__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code); + +#define SSL_CONN_CLOSE_FLAG_LOCAL (1U << 0) +#define SSL_CONN_CLOSE_FLAG_TRANSPORT (1U << 1) + +typedef struct ssl_conn_close_info_st { + uint64_t error_code, frame_type; + const char *reason; + size_t reason_len; + uint32_t flags; +} SSL_CONN_CLOSE_INFO; + +__owur int SSL_get_conn_close_info(SSL *ssl, + SSL_CONN_CLOSE_INFO *info, + size_t info_len); + +# define SSL_VALUE_CLASS_GENERIC 0 +# define SSL_VALUE_CLASS_FEATURE_REQUEST 1 +# define SSL_VALUE_CLASS_FEATURE_PEER_REQUEST 2 +# define SSL_VALUE_CLASS_FEATURE_NEGOTIATED 3 + +# define SSL_VALUE_NONE 0 +# define SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL 1 +# define SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL 2 +# define SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL 3 +# define SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL 4 +# define SSL_VALUE_QUIC_IDLE_TIMEOUT 5 +# define SSL_VALUE_EVENT_HANDLING_MODE 6 +# define SSL_VALUE_STREAM_WRITE_BUF_SIZE 7 +# define SSL_VALUE_STREAM_WRITE_BUF_USED 8 +# define SSL_VALUE_STREAM_WRITE_BUF_AVAIL 9 + +# define SSL_VALUE_EVENT_HANDLING_MODE_INHERIT 0 +# define SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT 1 +# define SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT 2 + +int SSL_get_value_uint(SSL *s, uint32_t class_, uint32_t id, uint64_t *v); +int SSL_set_value_uint(SSL *s, uint32_t class_, uint32_t id, uint64_t v); + +# define SSL_get_generic_value_uint(ssl, id, v) \ + SSL_get_value_uint((ssl), SSL_VALUE_CLASS_GENERIC, (id), (v)) +# define SSL_set_generic_value_uint(ssl, id, v) \ + SSL_set_value_uint((ssl), SSL_VALUE_CLASS_GENERIC, (id), (v)) +# define SSL_get_feature_request_uint(ssl, id, v) \ + SSL_get_value_uint((ssl), SSL_VALUE_CLASS_FEATURE_REQUEST, (id), (v)) +# define SSL_set_feature_request_uint(ssl, id, v) \ + SSL_set_value_uint((ssl), SSL_VALUE_CLASS_FEATURE_REQUEST, (id), (v)) +# define SSL_get_feature_peer_request_uint(ssl, id, v) \ + SSL_get_value_uint((ssl), SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, (id), (v)) +# define SSL_get_feature_negotiated_uint(ssl, id, v) \ + SSL_get_value_uint((ssl), SSL_VALUE_CLASS_FEATURE_NEGOTIATED, (id), (v)) + +# define SSL_get_quic_stream_bidi_local_avail(ssl, value) \ + SSL_get_generic_value_uint((ssl), SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL, \ + (value)) +# define SSL_get_quic_stream_bidi_remote_avail(ssl, value) \ + SSL_get_generic_value_uint((ssl), SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL, \ + (value)) +# define SSL_get_quic_stream_uni_local_avail(ssl, value) \ + SSL_get_generic_value_uint((ssl), SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL, \ + (value)) +# define SSL_get_quic_stream_uni_remote_avail(ssl, value) \ + SSL_get_generic_value_uint((ssl), SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL, \ + (value)) + +# define SSL_get_event_handling_mode(ssl, value) \ + SSL_get_generic_value_uint((ssl), SSL_VALUE_EVENT_HANDLING_MODE, \ + (value)) +# define SSL_set_event_handling_mode(ssl, value) \ + SSL_set_generic_value_uint((ssl), SSL_VALUE_EVENT_HANDLING_MODE, \ + (value)) + +# define SSL_get_stream_write_buf_size(ssl, value) \ + SSL_get_generic_value_uint((ssl), SSL_VALUE_STREAM_WRITE_BUF_SIZE, \ + (value)) +# define SSL_get_stream_write_buf_used(ssl, value) \ + SSL_get_generic_value_uint((ssl), SSL_VALUE_STREAM_WRITE_BUF_USED, \ + (value)) +# define SSL_get_stream_write_buf_avail(ssl, value) \ + SSL_get_generic_value_uint((ssl), SSL_VALUE_STREAM_WRITE_BUF_AVAIL, \ + (value)) + +# define SSL_POLL_EVENT_NONE 0 + +# define SSL_POLL_EVENT_F (1U << 0) /* F (Failure) */ +# define SSL_POLL_EVENT_EL (1U << 1) /* EL (Exception on Listener) */ +# define SSL_POLL_EVENT_EC (1U << 2) /* EC (Exception on Conn) */ +# define SSL_POLL_EVENT_ECD (1U << 3) /* ECD (Exception on Conn Drained) */ +# define SSL_POLL_EVENT_ER (1U << 4) /* ER (Exception on Read) */ +# define SSL_POLL_EVENT_EW (1U << 5) /* EW (Exception on Write) */ +# define SSL_POLL_EVENT_R (1U << 6) /* R (Readable) */ +# define SSL_POLL_EVENT_W (1U << 7) /* W (Writable) */ +# define SSL_POLL_EVENT_IC (1U << 8) /* IC (Incoming Connection) */ +# define SSL_POLL_EVENT_ISB (1U << 9) /* ISB (Incoming Stream: Bidi) */ +# define SSL_POLL_EVENT_ISU (1U << 10) /* ISU (Incoming Stream: Uni) */ +# define SSL_POLL_EVENT_OSB (1U << 11) /* OSB (Outgoing Stream: Bidi) */ +# define SSL_POLL_EVENT_OSU (1U << 12) /* OSU (Outgoing Stream: Uni) */ + +# define SSL_POLL_EVENT_RW (SSL_POLL_EVENT_R | SSL_POLL_EVENT_W) +# define SSL_POLL_EVENT_RE (SSL_POLL_EVENT_R | SSL_POLL_EVENT_ER) +# define SSL_POLL_EVENT_WE (SSL_POLL_EVENT_W | SSL_POLL_EVENT_EW) +# define SSL_POLL_EVENT_RWE (SSL_POLL_EVENT_RE | SSL_POLL_EVENT_WE) +# define SSL_POLL_EVENT_E (SSL_POLL_EVENT_EL | SSL_POLL_EVENT_EC \ + | SSL_POLL_EVENT_ER | SSL_POLL_EVENT_EW) +# define SSL_POLL_EVENT_IS (SSL_POLL_EVENT_ISB | SSL_POLL_EVENT_ISU) +# define SSL_POLL_EVENT_ISE (SSL_POLL_EVENT_IS | SSL_POLL_EVENT_EC) +# define SSL_POLL_EVENT_I (SSL_POLL_EVENT_IS | SSL_POLL_EVENT_IC) +# define SSL_POLL_EVENT_OS (SSL_POLL_EVENT_OSB | SSL_POLL_EVENT_OSU) +# define SSL_POLL_EVENT_OSE (SSL_POLL_EVENT_OS | SSL_POLL_EVENT_EC) + +typedef struct ssl_poll_item_st { + BIO_POLL_DESCRIPTOR desc; + uint64_t events, revents; +} SSL_POLL_ITEM; + +# define SSL_POLL_FLAG_NO_HANDLE_EVENTS (1U << 0) + +__owur int SSL_poll(SSL_POLL_ITEM *items, + size_t num_items, + size_t stride, + const struct timeval *timeout, + uint64_t flags, + size_t *result_count); + +static ossl_inline ossl_unused BIO_POLL_DESCRIPTOR +SSL_as_poll_descriptor(SSL *s) +{ + BIO_POLL_DESCRIPTOR d; + + d.type = BIO_POLL_DESCRIPTOR_TYPE_SSL; + d.value.ssl = s; + return d; +} + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define SSL_cache_hit(s) SSL_session_reused(s) +# endif + +__owur int SSL_session_reused(const SSL *s); +__owur int SSL_is_server(const SSL *s); + +__owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void); +int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); +void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); +unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); +__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, + unsigned int flags); +__owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); + +void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); +void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); + +__owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); +__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); +__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); + +void SSL_add_ssl_module(void); +int SSL_config(SSL *s, const char *name); +int SSL_CTX_config(SSL_CTX *ctx, const char *name); + +# ifndef OPENSSL_NO_SSL_TRACE +void SSL_trace(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); +# endif + +# ifndef OPENSSL_NO_SOCK +int DTLSv1_listen(SSL *s, BIO_ADDR *client); +# endif + +# ifndef OPENSSL_NO_CT + +/* + * A callback for verifying that the received SCTs are sufficient. + * Expected to return 1 if they are sufficient, otherwise 0. + * May return a negative integer if an error occurs. + * A connection should be aborted if the SCTs are deemed insufficient. + */ +typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, + const STACK_OF(SCT) *scts, void *arg); + +/* + * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate + * the received SCTs. + * If the callback returns a non-positive result, the connection is terminated. + * Call this function before beginning a handshake. + * If a NULL |callback| is provided, SCT validation is disabled. + * |arg| is arbitrary userdata that will be passed to the callback whenever it + * is invoked. Ownership of |arg| remains with the caller. + * + * NOTE: A side-effect of setting a CT callback is that an OCSP stapled response + * will be requested. + */ +int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, + void *arg); +int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, + ssl_ct_validation_cb callback, + void *arg); +#define SSL_disable_ct(s) \ + ((void) SSL_set_validation_callback((s), NULL, NULL)) +#define SSL_CTX_disable_ct(ctx) \ + ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL)) + +/* + * The validation type enumerates the available behaviours of the built-in SSL + * CT validation callback selected via SSL_enable_ct() and SSL_CTX_enable_ct(). + * The underlying callback is a static function in libssl. + */ +enum { + SSL_CT_VALIDATION_PERMISSIVE = 0, + SSL_CT_VALIDATION_STRICT +}; + +/* + * Enable CT by setting up a callback that implements one of the built-in + * validation variants. The SSL_CT_VALIDATION_PERMISSIVE variant always + * continues the handshake, the application can make appropriate decisions at + * handshake completion. The SSL_CT_VALIDATION_STRICT variant requires at + * least one valid SCT, or else handshake termination will be requested. The + * handshake may continue anyway if SSL_VERIFY_NONE is in effect. + */ +int SSL_enable_ct(SSL *s, int validation_mode); +int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); + +/* + * Report whether a non-NULL callback is enabled. + */ +int SSL_ct_is_enabled(const SSL *s); +int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); + +/* Gets the SCTs received from a connection */ +const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); + +/* + * Loads the CT log list from the default location. + * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, + * the log information loaded from this file will be appended to the + * CTLOG_STORE. + * Returns 1 on success, 0 otherwise. + */ +int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); + +/* + * Loads the CT log list from the specified file path. + * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, + * the log information loaded from this file will be appended to the + * CTLOG_STORE. + * Returns 1 on success, 0 otherwise. + */ +int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); + +/* + * Sets the CT log list used by all SSL connections created from this SSL_CTX. + * Ownership of the CTLOG_STORE is transferred to the SSL_CTX. + */ +void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs); + +/* + * Gets the CT log list used by all SSL connections created from this SSL_CTX. + * This will be NULL unless one of the following functions has been called: + * - SSL_CTX_set_default_ctlog_list_file + * - SSL_CTX_set_ctlog_list_file + * - SSL_CTX_set_ctlog_store + */ +const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx); + +# endif /* OPENSSL_NO_CT */ + +/* What the "other" parameter contains in security callback */ +/* Mask for type */ +# define SSL_SECOP_OTHER_TYPE 0xffff0000 +# define SSL_SECOP_OTHER_NONE 0 +# define SSL_SECOP_OTHER_CIPHER (1 << 16) +# define SSL_SECOP_OTHER_CURVE (2 << 16) +# define SSL_SECOP_OTHER_DH (3 << 16) +# define SSL_SECOP_OTHER_PKEY (4 << 16) +# define SSL_SECOP_OTHER_SIGALG (5 << 16) +# define SSL_SECOP_OTHER_CERT (6 << 16) + +/* Indicated operation refers to peer key or certificate */ +# define SSL_SECOP_PEER 0x1000 + +/* Values for "op" parameter in security callback */ + +/* Called to filter ciphers */ +/* Ciphers client supports */ +# define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) +/* Cipher shared by client/server */ +# define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) +/* Sanity check of cipher server selects */ +# define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) +/* Curves supported by client */ +# define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) +/* Curves shared by client/server */ +# define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) +/* Sanity check of curve server selects */ +# define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) +/* Temporary DH key */ +# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) +/* SSL/TLS version */ +# define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) +/* Session tickets */ +# define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) +/* Supported signature algorithms sent to peer */ +# define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) +/* Shared signature algorithm */ +# define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) +/* Sanity check signature algorithm allowed */ +# define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) +/* Used to get mask of supported public key signature algorithms */ +# define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) +/* Use to see if compression is allowed */ +# define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) +/* EE key in certificate */ +# define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) +/* CA key in certificate */ +# define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) +/* CA digest algorithm in certificate */ +# define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) +/* Peer EE key in certificate */ +# define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) +/* Peer CA key in certificate */ +# define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) +/* Peer CA digest algorithm in certificate */ +# define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) + +void SSL_set_security_level(SSL *s, int level); +__owur int SSL_get_security_level(const SSL *s); +void SSL_set_security_callback(SSL *s, + int (*cb) (const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); +int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, + const SSL_CTX *ctx, int op, + int bits, int nid, void *other, + void *ex); +void SSL_set0_security_ex_data(SSL *s, void *ex); +__owur void *SSL_get0_security_ex_data(const SSL *s); + +void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); +__owur int SSL_CTX_get_security_level(const SSL_CTX *ctx); +void SSL_CTX_set_security_callback(SSL_CTX *ctx, + int (*cb) (const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); +int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, + const SSL_CTX *ctx, + int op, int bits, + int nid, + void *other, + void *ex); +void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); +__owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); + +/* OPENSSL_INIT flag 0x010000 reserved for internal use */ +# define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L +# define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L + +# define OPENSSL_INIT_SSL_DEFAULT \ + (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS) + +int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); + +# ifndef OPENSSL_NO_UNIT_TEST +__owur const struct openssl_ssl_test_functions *SSL_test_functions(void); +# endif + +__owur int SSL_free_buffers(SSL *ssl); +__owur int SSL_alloc_buffers(SSL *ssl); + +/* Status codes passed to the decrypt session ticket callback. Some of these + * are for internal use only and are never passed to the callback. */ +typedef int SSL_TICKET_STATUS; + +/* Support for ticket appdata */ +/* fatal error, malloc failure */ +# define SSL_TICKET_FATAL_ERR_MALLOC 0 +/* fatal error, either from parsing or decrypting the ticket */ +# define SSL_TICKET_FATAL_ERR_OTHER 1 +/* No ticket present */ +# define SSL_TICKET_NONE 2 +/* Empty ticket present */ +# define SSL_TICKET_EMPTY 3 +/* the ticket couldn't be decrypted */ +# define SSL_TICKET_NO_DECRYPT 4 +/* a ticket was successfully decrypted */ +# define SSL_TICKET_SUCCESS 5 +/* same as above but the ticket needs to be renewed */ +# define SSL_TICKET_SUCCESS_RENEW 6 + +/* Return codes for the decrypt session ticket callback */ +typedef int SSL_TICKET_RETURN; + +/* An error occurred */ +#define SSL_TICKET_RETURN_ABORT 0 +/* Do not use the ticket, do not send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_IGNORE 1 +/* Do not use the ticket, send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_IGNORE_RENEW 2 +/* Use the ticket, do not send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_USE 3 +/* Use the ticket, send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_USE_RENEW 4 + +typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); +typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, + const unsigned char *keyname, + size_t keyname_length, + SSL_TICKET_STATUS status, + void *arg); +int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, + SSL_CTX_generate_session_ticket_fn gen_cb, + SSL_CTX_decrypt_session_ticket_fn dec_cb, + void *arg); +int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); +int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); + +typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); + +void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); + + +typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); +void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, + SSL_allow_early_data_cb_fn cb, + void *arg); +void SSL_set_allow_early_data_cb(SSL *s, + SSL_allow_early_data_cb_fn cb, + void *arg); + +/* store the default cipher strings inside the library */ +const char *OSSL_default_cipher_list(void); +const char *OSSL_default_ciphersuites(void); + +/* RFC8879 Certificate compression APIs */ + +int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg); +int SSL_compress_certs(SSL *ssl, int alg); + +int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len); +int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len); + +int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data, + size_t comp_length, size_t orig_length); +int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data, + size_t comp_length, size_t orig_length); +size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len); +size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len); + +__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk); +__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s); +__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s); +__owur int SSL_get_negotiated_client_cert_type(const SSL *s); +__owur int SSL_get_negotiated_server_cert_type(const SSL *s); + +__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len); +__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len); +__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len); +__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len); +__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len); +__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len); +__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len); +__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len); + +/* + * Protection level. For <= TLSv1.2 only "NONE" and "APPLICATION" are used. + */ +# define OSSL_RECORD_PROTECTION_LEVEL_NONE 0 +# define OSSL_RECORD_PROTECTION_LEVEL_EARLY 1 +# define OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE 2 +# define OSSL_RECORD_PROTECTION_LEVEL_APPLICATION 3 + +int SSL_set_quic_tls_cbs(SSL *s, const OSSL_DISPATCH *qtdis, void *arg); +int SSL_set_quic_tls_transport_params(SSL *s, + const unsigned char *params, + size_t params_len); + +int SSL_set_quic_tls_early_data_enabled(SSL *s, int enabled); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/ui.h b/contrib/openssl-cmake/common/include/openssl/ui.h new file mode 100644 index 000000000000..e64ec3b37fba --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/ui.h @@ -0,0 +1,407 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/ui.h.in + * + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + + +#ifndef OPENSSL_UI_H +# define OPENSSL_UI_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_UI_H +# endif + +# include + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# endif +# include +# include +# include +# include + +/* For compatibility reasons, the macro OPENSSL_NO_UI is currently retained */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifdef OPENSSL_NO_UI_CONSOLE +# define OPENSSL_NO_UI +# endif +# endif + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * All the following functions return -1 or NULL on error and in some cases + * (UI_process()) -2 if interrupted or in some other way cancelled. When + * everything is fine, they return 0, a positive value or a non-NULL pointer, + * all depending on their purpose. + */ + +/* Creators and destructor. */ +UI *UI_new(void); +UI *UI_new_method(const UI_METHOD *method); +void UI_free(UI *ui); + +/*- + The following functions are used to add strings to be printed and prompt + strings to prompt for data. The names are UI_{add,dup}__string + and UI_{add,dup}_input_boolean. + + UI_{add,dup}__string have the following meanings: + add add a text or prompt string. The pointers given to these + functions are used verbatim, no copying is done. + dup make a copy of the text or prompt string, then add the copy + to the collection of strings in the user interface. + + The function is a name for the functionality that the given + string shall be used for. It can be one of: + input use the string as data prompt. + verify use the string as verification prompt. This + is used to verify a previous input. + info use the string for informational output. + error use the string for error output. + Honestly, there's currently no difference between info and error for the + moment. + + UI_{add,dup}_input_boolean have the same semantics for "add" and "dup", + and are typically used when one wants to prompt for a yes/no response. + + All of the functions in this group take a UI and a prompt string. + The string input and verify addition functions also take a flag argument, + a buffer for the result to end up with, a minimum input size and a maximum + input size (the result buffer MUST be large enough to be able to contain + the maximum number of characters). Additionally, the verify addition + functions takes another buffer to compare the result against. + The boolean input functions take an action description string (which should + be safe to ignore if the expected user action is obvious, for example with + a dialog box with an OK button and a Cancel button), a string of acceptable + characters to mean OK and to mean Cancel. The two last strings are checked + to make sure they don't have common characters. Additionally, the same + flag argument as for the string input is taken, as well as a result buffer. + The result buffer is required to be at least one byte long. Depending on + the answer, the first character from the OK or the Cancel character strings + will be stored in the first byte of the result buffer. No NUL will be + added, so the result is *not* a string. + + On success, the all return an index of the added information. That index + is useful when retrieving results with UI_get0_result(). */ +int UI_add_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_dup_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_add_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, + const char *test_buf); +int UI_dup_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, + const char *test_buf); +int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_add_info_string(UI *ui, const char *text); +int UI_dup_info_string(UI *ui, const char *text); +int UI_add_error_string(UI *ui, const char *text); +int UI_dup_error_string(UI *ui, const char *text); + +/* These are the possible flags. They can be or'ed together. */ +/* Use to have echoing of input */ +# define UI_INPUT_FLAG_ECHO 0x01 +/* + * Use a default password. Where that password is found is completely up to + * the application, it might for example be in the user data set with + * UI_add_user_data(). It is not recommended to have more than one input in + * each UI being marked with this flag, or the application might get + * confused. + */ +# define UI_INPUT_FLAG_DEFAULT_PWD 0x02 + +/*- + * The user of these routines may want to define flags of their own. The core + * UI won't look at those, but will pass them on to the method routines. They + * must use higher bits so they don't get confused with the UI bits above. + * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good + * example of use is this: + * + * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE) + * +*/ +# define UI_INPUT_FLAG_USER_BASE 16 + +/*- + * The following function helps construct a prompt. + * phrase_desc is a textual short description of the phrase to enter, + * for example "pass phrase", and + * object_name is the name of the object + * (which might be a card name or a file name) or NULL. + * The returned string shall always be allocated on the heap with + * OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). + * + * If the ui_method doesn't contain a pointer to a user-defined prompt + * constructor, a default string is built, looking like this: + * + * "Enter {phrase_desc} for {object_name}:" + * + * So, if phrase_desc has the value "pass phrase" and object_name has + * the value "foo.key", the resulting string is: + * + * "Enter pass phrase for foo.key:" +*/ +char *UI_construct_prompt(UI *ui_method, + const char *phrase_desc, const char *object_name); + +/* + * The following function is used to store a pointer to user-specific data. + * Any previous such pointer will be returned and replaced. + * + * For callback purposes, this function makes a lot more sense than using + * ex_data, since the latter requires that different parts of OpenSSL or + * applications share the same ex_data index. + * + * Note that the UI_OpenSSL() method completely ignores the user data. Other + * methods may not, however. + */ +void *UI_add_user_data(UI *ui, void *user_data); +/* + * Alternatively, this function is used to duplicate the user data. + * This uses the duplicator method function. The destroy function will + * be used to free the user data in this case. + */ +int UI_dup_user_data(UI *ui, void *user_data); +/* We need a user data retrieving function as well. */ +void *UI_get0_user_data(UI *ui); + +/* Return the result associated with a prompt given with the index i. */ +const char *UI_get0_result(UI *ui, int i); +int UI_get_result_length(UI *ui, int i); + +/* When all strings have been added, process the whole thing. */ +int UI_process(UI *ui); + +/* + * Give a user interface parameterised control commands. This can be used to + * send down an integer, a data pointer or a function pointer, as well as be + * used to get information from a UI. + */ +int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); + +/* The commands */ +/* + * Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the + * OpenSSL error stack before printing any info or added error messages and + * before any prompting. + */ +# define UI_CTRL_PRINT_ERRORS 1 +/* + * Check if a UI_process() is possible to do again with the same instance of + * a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0 + * if not. + */ +# define UI_CTRL_IS_REDOABLE 2 + +/* Some methods may use extra data */ +# define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) +# define UI_get_app_data(s) UI_get_ex_data(s,0) + +# define UI_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, l, p, newf, dupf, freef) +int UI_set_ex_data(UI *r, int idx, void *arg); +void *UI_get_ex_data(const UI *r, int idx); + +/* Use specific methods instead of the built-in one */ +void UI_set_default_method(const UI_METHOD *meth); +const UI_METHOD *UI_get_default_method(void); +const UI_METHOD *UI_get_method(UI *ui); +const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); + +# ifndef OPENSSL_NO_UI_CONSOLE + +/* The method with all the built-in thingies */ +UI_METHOD *UI_OpenSSL(void); + +# endif + +/* + * NULL method. Literally does nothing, but may serve as a placeholder + * to avoid internal default. + */ +const UI_METHOD *UI_null(void); + +/* ---------- For method writers ---------- */ +/*- + A method contains a number of functions that implement the low level + of the User Interface. The functions are: + + an opener This function starts a session, maybe by opening + a channel to a tty, or by opening a window. + a writer This function is called to write a given string, + maybe to the tty, maybe as a field label in a + window. + a flusher This function is called to flush everything that + has been output so far. It can be used to actually + display a dialog box after it has been built. + a reader This function is called to read a given prompt, + maybe from the tty, maybe from a field in a + window. Note that it's called with all string + structures, not only the prompt ones, so it must + check such things itself. + a closer This function closes the session, maybe by closing + the channel to the tty, or closing the window. + + All these functions are expected to return: + + 0 on error. + 1 on success. + -1 on out-of-band events, for example if some prompting has + been canceled (by pressing Ctrl-C, for example). This is + only checked when returned by the flusher or the reader. + + The way this is used, the opener is first called, then the writer for all + strings, then the flusher, then the reader for all strings and finally the + closer. Note that if you want to prompt from a terminal or other command + line interface, the best is to have the reader also write the prompts + instead of having the writer do it. If you want to prompt from a dialog + box, the writer can be used to build up the contents of the box, and the + flusher to actually display the box and run the event loop until all data + has been given, after which the reader only grabs the given data and puts + them back into the UI strings. + + All method functions take a UI as argument. Additionally, the writer and + the reader take a UI_STRING. +*/ + +/* + * The UI_STRING type is the data structure that contains all the needed info + * about a string or a prompt, including test data for a verification prompt. + */ +typedef struct ui_string_st UI_STRING; + +SKM_DEFINE_STACK_OF_INTERNAL(UI_STRING, UI_STRING, UI_STRING) +#define sk_UI_STRING_num(sk) OPENSSL_sk_num(ossl_check_const_UI_STRING_sk_type(sk)) +#define sk_UI_STRING_value(sk, idx) ((UI_STRING *)OPENSSL_sk_value(ossl_check_const_UI_STRING_sk_type(sk), (idx))) +#define sk_UI_STRING_new(cmp) ((STACK_OF(UI_STRING) *)OPENSSL_sk_new(ossl_check_UI_STRING_compfunc_type(cmp))) +#define sk_UI_STRING_new_null() ((STACK_OF(UI_STRING) *)OPENSSL_sk_new_null()) +#define sk_UI_STRING_new_reserve(cmp, n) ((STACK_OF(UI_STRING) *)OPENSSL_sk_new_reserve(ossl_check_UI_STRING_compfunc_type(cmp), (n))) +#define sk_UI_STRING_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_UI_STRING_sk_type(sk), (n)) +#define sk_UI_STRING_free(sk) OPENSSL_sk_free(ossl_check_UI_STRING_sk_type(sk)) +#define sk_UI_STRING_zero(sk) OPENSSL_sk_zero(ossl_check_UI_STRING_sk_type(sk)) +#define sk_UI_STRING_delete(sk, i) ((UI_STRING *)OPENSSL_sk_delete(ossl_check_UI_STRING_sk_type(sk), (i))) +#define sk_UI_STRING_delete_ptr(sk, ptr) ((UI_STRING *)OPENSSL_sk_delete_ptr(ossl_check_UI_STRING_sk_type(sk), ossl_check_UI_STRING_type(ptr))) +#define sk_UI_STRING_push(sk, ptr) OPENSSL_sk_push(ossl_check_UI_STRING_sk_type(sk), ossl_check_UI_STRING_type(ptr)) +#define sk_UI_STRING_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_UI_STRING_sk_type(sk), ossl_check_UI_STRING_type(ptr)) +#define sk_UI_STRING_pop(sk) ((UI_STRING *)OPENSSL_sk_pop(ossl_check_UI_STRING_sk_type(sk))) +#define sk_UI_STRING_shift(sk) ((UI_STRING *)OPENSSL_sk_shift(ossl_check_UI_STRING_sk_type(sk))) +#define sk_UI_STRING_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_UI_STRING_sk_type(sk),ossl_check_UI_STRING_freefunc_type(freefunc)) +#define sk_UI_STRING_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_UI_STRING_sk_type(sk), ossl_check_UI_STRING_type(ptr), (idx)) +#define sk_UI_STRING_set(sk, idx, ptr) ((UI_STRING *)OPENSSL_sk_set(ossl_check_UI_STRING_sk_type(sk), (idx), ossl_check_UI_STRING_type(ptr))) +#define sk_UI_STRING_find(sk, ptr) OPENSSL_sk_find(ossl_check_UI_STRING_sk_type(sk), ossl_check_UI_STRING_type(ptr)) +#define sk_UI_STRING_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_UI_STRING_sk_type(sk), ossl_check_UI_STRING_type(ptr)) +#define sk_UI_STRING_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_UI_STRING_sk_type(sk), ossl_check_UI_STRING_type(ptr), pnum) +#define sk_UI_STRING_sort(sk) OPENSSL_sk_sort(ossl_check_UI_STRING_sk_type(sk)) +#define sk_UI_STRING_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_UI_STRING_sk_type(sk)) +#define sk_UI_STRING_dup(sk) ((STACK_OF(UI_STRING) *)OPENSSL_sk_dup(ossl_check_const_UI_STRING_sk_type(sk))) +#define sk_UI_STRING_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(UI_STRING) *)OPENSSL_sk_deep_copy(ossl_check_const_UI_STRING_sk_type(sk), ossl_check_UI_STRING_copyfunc_type(copyfunc), ossl_check_UI_STRING_freefunc_type(freefunc))) +#define sk_UI_STRING_set_cmp_func(sk, cmp) ((sk_UI_STRING_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_UI_STRING_sk_type(sk), ossl_check_UI_STRING_compfunc_type(cmp))) + + +/* + * The different types of strings that are currently supported. This is only + * needed by method authors. + */ +enum UI_string_types { + UIT_NONE = 0, + UIT_PROMPT, /* Prompt for a string */ + UIT_VERIFY, /* Prompt for a string and verify */ + UIT_BOOLEAN, /* Prompt for a yes/no response */ + UIT_INFO, /* Send info to the user */ + UIT_ERROR /* Send an error message to the user */ +}; + +/* Create and manipulate methods */ +UI_METHOD *UI_create_method(const char *name); +void UI_destroy_method(UI_METHOD *ui_method); +int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); +int UI_method_set_writer(UI_METHOD *method, + int (*writer) (UI *ui, UI_STRING *uis)); +int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); +int UI_method_set_reader(UI_METHOD *method, + int (*reader) (UI *ui, UI_STRING *uis)); +int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); +int UI_method_set_data_duplicator(UI_METHOD *method, + void *(*duplicator) (UI *ui, void *ui_data), + void (*destructor)(UI *ui, void *ui_data)); +int UI_method_set_prompt_constructor(UI_METHOD *method, + char *(*prompt_constructor) (UI *ui, + const char + *phrase_desc, + const char + *object_name)); +int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data); +int (*UI_method_get_opener(const UI_METHOD *method)) (UI *); +int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *); +int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *); +int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *); +int (*UI_method_get_closer(const UI_METHOD *method)) (UI *); +char *(*UI_method_get_prompt_constructor(const UI_METHOD *method)) + (UI *, const char *, const char *); +void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *); +void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *); +const void *UI_method_get_ex_data(const UI_METHOD *method, int idx); + +/* + * The following functions are helpers for method writers to access relevant + * data from a UI_STRING. + */ + +/* Return type of the UI_STRING */ +enum UI_string_types UI_get_string_type(UI_STRING *uis); +/* Return input flags of the UI_STRING */ +int UI_get_input_flags(UI_STRING *uis); +/* Return the actual string to output (the prompt, info or error) */ +const char *UI_get0_output_string(UI_STRING *uis); +/* + * Return the optional action string to output (the boolean prompt + * instruction) + */ +const char *UI_get0_action_string(UI_STRING *uis); +/* Return the result of a prompt */ +const char *UI_get0_result_string(UI_STRING *uis); +int UI_get_result_string_length(UI_STRING *uis); +/* + * Return the string to test the result against. Only useful with verifies. + */ +const char *UI_get0_test_string(UI_STRING *uis); +/* Return the required minimum size of the result */ +int UI_get_result_minsize(UI_STRING *uis); +/* Return the required maximum size of the result */ +int UI_get_result_maxsize(UI_STRING *uis); +/* Set the result of a UI_STRING. */ +int UI_set_result(UI *ui, UI_STRING *uis, const char *result); +int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len); + +/* A couple of popular utility functions */ +int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, + int verify); +int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, + int verify); +UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/x509.h b/contrib/openssl-cmake/common/include/openssl/x509.h new file mode 100644 index 000000000000..d013458c2264 --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/x509.h @@ -0,0 +1,1303 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/x509.h.in + * + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + + +#ifndef OPENSSL_X509_H +# define OPENSSL_X509_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_X509_H +# endif + +# include +# include +# include +# include +# include +# include +# include +# include +# include + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# include +# include +# endif + +# include +# include +# ifndef OPENSSL_NO_STDIO +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* Needed stacks for types defined in other headers */ +SKM_DEFINE_STACK_OF_INTERNAL(X509_NAME, X509_NAME, X509_NAME) +#define sk_X509_NAME_num(sk) OPENSSL_sk_num(ossl_check_const_X509_NAME_sk_type(sk)) +#define sk_X509_NAME_value(sk, idx) ((X509_NAME *)OPENSSL_sk_value(ossl_check_const_X509_NAME_sk_type(sk), (idx))) +#define sk_X509_NAME_new(cmp) ((STACK_OF(X509_NAME) *)OPENSSL_sk_new(ossl_check_X509_NAME_compfunc_type(cmp))) +#define sk_X509_NAME_new_null() ((STACK_OF(X509_NAME) *)OPENSSL_sk_new_null()) +#define sk_X509_NAME_new_reserve(cmp, n) ((STACK_OF(X509_NAME) *)OPENSSL_sk_new_reserve(ossl_check_X509_NAME_compfunc_type(cmp), (n))) +#define sk_X509_NAME_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_X509_NAME_sk_type(sk), (n)) +#define sk_X509_NAME_free(sk) OPENSSL_sk_free(ossl_check_X509_NAME_sk_type(sk)) +#define sk_X509_NAME_zero(sk) OPENSSL_sk_zero(ossl_check_X509_NAME_sk_type(sk)) +#define sk_X509_NAME_delete(sk, i) ((X509_NAME *)OPENSSL_sk_delete(ossl_check_X509_NAME_sk_type(sk), (i))) +#define sk_X509_NAME_delete_ptr(sk, ptr) ((X509_NAME *)OPENSSL_sk_delete_ptr(ossl_check_X509_NAME_sk_type(sk), ossl_check_X509_NAME_type(ptr))) +#define sk_X509_NAME_push(sk, ptr) OPENSSL_sk_push(ossl_check_X509_NAME_sk_type(sk), ossl_check_X509_NAME_type(ptr)) +#define sk_X509_NAME_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_X509_NAME_sk_type(sk), ossl_check_X509_NAME_type(ptr)) +#define sk_X509_NAME_pop(sk) ((X509_NAME *)OPENSSL_sk_pop(ossl_check_X509_NAME_sk_type(sk))) +#define sk_X509_NAME_shift(sk) ((X509_NAME *)OPENSSL_sk_shift(ossl_check_X509_NAME_sk_type(sk))) +#define sk_X509_NAME_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_X509_NAME_sk_type(sk),ossl_check_X509_NAME_freefunc_type(freefunc)) +#define sk_X509_NAME_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_X509_NAME_sk_type(sk), ossl_check_X509_NAME_type(ptr), (idx)) +#define sk_X509_NAME_set(sk, idx, ptr) ((X509_NAME *)OPENSSL_sk_set(ossl_check_X509_NAME_sk_type(sk), (idx), ossl_check_X509_NAME_type(ptr))) +#define sk_X509_NAME_find(sk, ptr) OPENSSL_sk_find(ossl_check_X509_NAME_sk_type(sk), ossl_check_X509_NAME_type(ptr)) +#define sk_X509_NAME_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_X509_NAME_sk_type(sk), ossl_check_X509_NAME_type(ptr)) +#define sk_X509_NAME_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_X509_NAME_sk_type(sk), ossl_check_X509_NAME_type(ptr), pnum) +#define sk_X509_NAME_sort(sk) OPENSSL_sk_sort(ossl_check_X509_NAME_sk_type(sk)) +#define sk_X509_NAME_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_X509_NAME_sk_type(sk)) +#define sk_X509_NAME_dup(sk) ((STACK_OF(X509_NAME) *)OPENSSL_sk_dup(ossl_check_const_X509_NAME_sk_type(sk))) +#define sk_X509_NAME_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_NAME) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_NAME_sk_type(sk), ossl_check_X509_NAME_copyfunc_type(copyfunc), ossl_check_X509_NAME_freefunc_type(freefunc))) +#define sk_X509_NAME_set_cmp_func(sk, cmp) ((sk_X509_NAME_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_NAME_sk_type(sk), ossl_check_X509_NAME_compfunc_type(cmp))) +SKM_DEFINE_STACK_OF_INTERNAL(X509, X509, X509) +#define sk_X509_num(sk) OPENSSL_sk_num(ossl_check_const_X509_sk_type(sk)) +#define sk_X509_value(sk, idx) ((X509 *)OPENSSL_sk_value(ossl_check_const_X509_sk_type(sk), (idx))) +#define sk_X509_new(cmp) ((STACK_OF(X509) *)OPENSSL_sk_new(ossl_check_X509_compfunc_type(cmp))) +#define sk_X509_new_null() ((STACK_OF(X509) *)OPENSSL_sk_new_null()) +#define sk_X509_new_reserve(cmp, n) ((STACK_OF(X509) *)OPENSSL_sk_new_reserve(ossl_check_X509_compfunc_type(cmp), (n))) +#define sk_X509_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_X509_sk_type(sk), (n)) +#define sk_X509_free(sk) OPENSSL_sk_free(ossl_check_X509_sk_type(sk)) +#define sk_X509_zero(sk) OPENSSL_sk_zero(ossl_check_X509_sk_type(sk)) +#define sk_X509_delete(sk, i) ((X509 *)OPENSSL_sk_delete(ossl_check_X509_sk_type(sk), (i))) +#define sk_X509_delete_ptr(sk, ptr) ((X509 *)OPENSSL_sk_delete_ptr(ossl_check_X509_sk_type(sk), ossl_check_X509_type(ptr))) +#define sk_X509_push(sk, ptr) OPENSSL_sk_push(ossl_check_X509_sk_type(sk), ossl_check_X509_type(ptr)) +#define sk_X509_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_X509_sk_type(sk), ossl_check_X509_type(ptr)) +#define sk_X509_pop(sk) ((X509 *)OPENSSL_sk_pop(ossl_check_X509_sk_type(sk))) +#define sk_X509_shift(sk) ((X509 *)OPENSSL_sk_shift(ossl_check_X509_sk_type(sk))) +#define sk_X509_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_X509_sk_type(sk),ossl_check_X509_freefunc_type(freefunc)) +#define sk_X509_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_X509_sk_type(sk), ossl_check_X509_type(ptr), (idx)) +#define sk_X509_set(sk, idx, ptr) ((X509 *)OPENSSL_sk_set(ossl_check_X509_sk_type(sk), (idx), ossl_check_X509_type(ptr))) +#define sk_X509_find(sk, ptr) OPENSSL_sk_find(ossl_check_X509_sk_type(sk), ossl_check_X509_type(ptr)) +#define sk_X509_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_X509_sk_type(sk), ossl_check_X509_type(ptr)) +#define sk_X509_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_X509_sk_type(sk), ossl_check_X509_type(ptr), pnum) +#define sk_X509_sort(sk) OPENSSL_sk_sort(ossl_check_X509_sk_type(sk)) +#define sk_X509_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_X509_sk_type(sk)) +#define sk_X509_dup(sk) ((STACK_OF(X509) *)OPENSSL_sk_dup(ossl_check_const_X509_sk_type(sk))) +#define sk_X509_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_sk_type(sk), ossl_check_X509_copyfunc_type(copyfunc), ossl_check_X509_freefunc_type(freefunc))) +#define sk_X509_set_cmp_func(sk, cmp) ((sk_X509_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_sk_type(sk), ossl_check_X509_compfunc_type(cmp))) +SKM_DEFINE_STACK_OF_INTERNAL(X509_REVOKED, X509_REVOKED, X509_REVOKED) +#define sk_X509_REVOKED_num(sk) OPENSSL_sk_num(ossl_check_const_X509_REVOKED_sk_type(sk)) +#define sk_X509_REVOKED_value(sk, idx) ((X509_REVOKED *)OPENSSL_sk_value(ossl_check_const_X509_REVOKED_sk_type(sk), (idx))) +#define sk_X509_REVOKED_new(cmp) ((STACK_OF(X509_REVOKED) *)OPENSSL_sk_new(ossl_check_X509_REVOKED_compfunc_type(cmp))) +#define sk_X509_REVOKED_new_null() ((STACK_OF(X509_REVOKED) *)OPENSSL_sk_new_null()) +#define sk_X509_REVOKED_new_reserve(cmp, n) ((STACK_OF(X509_REVOKED) *)OPENSSL_sk_new_reserve(ossl_check_X509_REVOKED_compfunc_type(cmp), (n))) +#define sk_X509_REVOKED_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_X509_REVOKED_sk_type(sk), (n)) +#define sk_X509_REVOKED_free(sk) OPENSSL_sk_free(ossl_check_X509_REVOKED_sk_type(sk)) +#define sk_X509_REVOKED_zero(sk) OPENSSL_sk_zero(ossl_check_X509_REVOKED_sk_type(sk)) +#define sk_X509_REVOKED_delete(sk, i) ((X509_REVOKED *)OPENSSL_sk_delete(ossl_check_X509_REVOKED_sk_type(sk), (i))) +#define sk_X509_REVOKED_delete_ptr(sk, ptr) ((X509_REVOKED *)OPENSSL_sk_delete_ptr(ossl_check_X509_REVOKED_sk_type(sk), ossl_check_X509_REVOKED_type(ptr))) +#define sk_X509_REVOKED_push(sk, ptr) OPENSSL_sk_push(ossl_check_X509_REVOKED_sk_type(sk), ossl_check_X509_REVOKED_type(ptr)) +#define sk_X509_REVOKED_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_X509_REVOKED_sk_type(sk), ossl_check_X509_REVOKED_type(ptr)) +#define sk_X509_REVOKED_pop(sk) ((X509_REVOKED *)OPENSSL_sk_pop(ossl_check_X509_REVOKED_sk_type(sk))) +#define sk_X509_REVOKED_shift(sk) ((X509_REVOKED *)OPENSSL_sk_shift(ossl_check_X509_REVOKED_sk_type(sk))) +#define sk_X509_REVOKED_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_X509_REVOKED_sk_type(sk),ossl_check_X509_REVOKED_freefunc_type(freefunc)) +#define sk_X509_REVOKED_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_X509_REVOKED_sk_type(sk), ossl_check_X509_REVOKED_type(ptr), (idx)) +#define sk_X509_REVOKED_set(sk, idx, ptr) ((X509_REVOKED *)OPENSSL_sk_set(ossl_check_X509_REVOKED_sk_type(sk), (idx), ossl_check_X509_REVOKED_type(ptr))) +#define sk_X509_REVOKED_find(sk, ptr) OPENSSL_sk_find(ossl_check_X509_REVOKED_sk_type(sk), ossl_check_X509_REVOKED_type(ptr)) +#define sk_X509_REVOKED_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_X509_REVOKED_sk_type(sk), ossl_check_X509_REVOKED_type(ptr)) +#define sk_X509_REVOKED_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_X509_REVOKED_sk_type(sk), ossl_check_X509_REVOKED_type(ptr), pnum) +#define sk_X509_REVOKED_sort(sk) OPENSSL_sk_sort(ossl_check_X509_REVOKED_sk_type(sk)) +#define sk_X509_REVOKED_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_X509_REVOKED_sk_type(sk)) +#define sk_X509_REVOKED_dup(sk) ((STACK_OF(X509_REVOKED) *)OPENSSL_sk_dup(ossl_check_const_X509_REVOKED_sk_type(sk))) +#define sk_X509_REVOKED_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_REVOKED) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_REVOKED_sk_type(sk), ossl_check_X509_REVOKED_copyfunc_type(copyfunc), ossl_check_X509_REVOKED_freefunc_type(freefunc))) +#define sk_X509_REVOKED_set_cmp_func(sk, cmp) ((sk_X509_REVOKED_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_REVOKED_sk_type(sk), ossl_check_X509_REVOKED_compfunc_type(cmp))) +SKM_DEFINE_STACK_OF_INTERNAL(X509_CRL, X509_CRL, X509_CRL) +#define sk_X509_CRL_num(sk) OPENSSL_sk_num(ossl_check_const_X509_CRL_sk_type(sk)) +#define sk_X509_CRL_value(sk, idx) ((X509_CRL *)OPENSSL_sk_value(ossl_check_const_X509_CRL_sk_type(sk), (idx))) +#define sk_X509_CRL_new(cmp) ((STACK_OF(X509_CRL) *)OPENSSL_sk_new(ossl_check_X509_CRL_compfunc_type(cmp))) +#define sk_X509_CRL_new_null() ((STACK_OF(X509_CRL) *)OPENSSL_sk_new_null()) +#define sk_X509_CRL_new_reserve(cmp, n) ((STACK_OF(X509_CRL) *)OPENSSL_sk_new_reserve(ossl_check_X509_CRL_compfunc_type(cmp), (n))) +#define sk_X509_CRL_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_X509_CRL_sk_type(sk), (n)) +#define sk_X509_CRL_free(sk) OPENSSL_sk_free(ossl_check_X509_CRL_sk_type(sk)) +#define sk_X509_CRL_zero(sk) OPENSSL_sk_zero(ossl_check_X509_CRL_sk_type(sk)) +#define sk_X509_CRL_delete(sk, i) ((X509_CRL *)OPENSSL_sk_delete(ossl_check_X509_CRL_sk_type(sk), (i))) +#define sk_X509_CRL_delete_ptr(sk, ptr) ((X509_CRL *)OPENSSL_sk_delete_ptr(ossl_check_X509_CRL_sk_type(sk), ossl_check_X509_CRL_type(ptr))) +#define sk_X509_CRL_push(sk, ptr) OPENSSL_sk_push(ossl_check_X509_CRL_sk_type(sk), ossl_check_X509_CRL_type(ptr)) +#define sk_X509_CRL_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_X509_CRL_sk_type(sk), ossl_check_X509_CRL_type(ptr)) +#define sk_X509_CRL_pop(sk) ((X509_CRL *)OPENSSL_sk_pop(ossl_check_X509_CRL_sk_type(sk))) +#define sk_X509_CRL_shift(sk) ((X509_CRL *)OPENSSL_sk_shift(ossl_check_X509_CRL_sk_type(sk))) +#define sk_X509_CRL_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_X509_CRL_sk_type(sk),ossl_check_X509_CRL_freefunc_type(freefunc)) +#define sk_X509_CRL_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_X509_CRL_sk_type(sk), ossl_check_X509_CRL_type(ptr), (idx)) +#define sk_X509_CRL_set(sk, idx, ptr) ((X509_CRL *)OPENSSL_sk_set(ossl_check_X509_CRL_sk_type(sk), (idx), ossl_check_X509_CRL_type(ptr))) +#define sk_X509_CRL_find(sk, ptr) OPENSSL_sk_find(ossl_check_X509_CRL_sk_type(sk), ossl_check_X509_CRL_type(ptr)) +#define sk_X509_CRL_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_X509_CRL_sk_type(sk), ossl_check_X509_CRL_type(ptr)) +#define sk_X509_CRL_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_X509_CRL_sk_type(sk), ossl_check_X509_CRL_type(ptr), pnum) +#define sk_X509_CRL_sort(sk) OPENSSL_sk_sort(ossl_check_X509_CRL_sk_type(sk)) +#define sk_X509_CRL_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_X509_CRL_sk_type(sk)) +#define sk_X509_CRL_dup(sk) ((STACK_OF(X509_CRL) *)OPENSSL_sk_dup(ossl_check_const_X509_CRL_sk_type(sk))) +#define sk_X509_CRL_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_CRL) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_CRL_sk_type(sk), ossl_check_X509_CRL_copyfunc_type(copyfunc), ossl_check_X509_CRL_freefunc_type(freefunc))) +#define sk_X509_CRL_set_cmp_func(sk, cmp) ((sk_X509_CRL_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_CRL_sk_type(sk), ossl_check_X509_CRL_compfunc_type(cmp))) + + +/* Flags for X509_get_signature_info() */ +/* Signature info is valid */ +# define X509_SIG_INFO_VALID 0x1 +/* Signature is suitable for TLS use */ +# define X509_SIG_INFO_TLS 0x2 + +# define X509_FILETYPE_PEM 1 +# define X509_FILETYPE_ASN1 2 +# define X509_FILETYPE_DEFAULT 3 + +/*- + * : + * The KeyUsage BITSTRING is treated as a little-endian integer, hence bit `0` + * is 0x80, while bit `7` is 0x01 (the LSB of the integer value), bit `8` is + * then the MSB of the second octet, or 0x8000. + */ +# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 /* (0) */ +# define X509v3_KU_NON_REPUDIATION 0x0040 /* (1) */ +# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 /* (2) */ +# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 /* (3) */ +# define X509v3_KU_KEY_AGREEMENT 0x0008 /* (4) */ +# define X509v3_KU_KEY_CERT_SIGN 0x0004 /* (5) */ +# define X509v3_KU_CRL_SIGN 0x0002 /* (6) */ +# define X509v3_KU_ENCIPHER_ONLY 0x0001 /* (7) */ +# define X509v3_KU_DECIPHER_ONLY 0x8000 /* (8) */ +# ifndef OPENSSL_NO_DEPRECATED_3_4 +# define X509v3_KU_UNDEF 0xffff /* vestigial, not used */ +# endif + +struct X509_algor_st { + ASN1_OBJECT *algorithm; + ASN1_TYPE *parameter; +} /* X509_ALGOR */ ; + +typedef STACK_OF(X509_ALGOR) X509_ALGORS; + +typedef struct X509_val_st { + ASN1_TIME *notBefore; + ASN1_TIME *notAfter; +} X509_VAL; + +typedef struct X509_sig_st X509_SIG; + +typedef struct X509_name_entry_st X509_NAME_ENTRY; + +SKM_DEFINE_STACK_OF_INTERNAL(X509_NAME_ENTRY, X509_NAME_ENTRY, X509_NAME_ENTRY) +#define sk_X509_NAME_ENTRY_num(sk) OPENSSL_sk_num(ossl_check_const_X509_NAME_ENTRY_sk_type(sk)) +#define sk_X509_NAME_ENTRY_value(sk, idx) ((X509_NAME_ENTRY *)OPENSSL_sk_value(ossl_check_const_X509_NAME_ENTRY_sk_type(sk), (idx))) +#define sk_X509_NAME_ENTRY_new(cmp) ((STACK_OF(X509_NAME_ENTRY) *)OPENSSL_sk_new(ossl_check_X509_NAME_ENTRY_compfunc_type(cmp))) +#define sk_X509_NAME_ENTRY_new_null() ((STACK_OF(X509_NAME_ENTRY) *)OPENSSL_sk_new_null()) +#define sk_X509_NAME_ENTRY_new_reserve(cmp, n) ((STACK_OF(X509_NAME_ENTRY) *)OPENSSL_sk_new_reserve(ossl_check_X509_NAME_ENTRY_compfunc_type(cmp), (n))) +#define sk_X509_NAME_ENTRY_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_X509_NAME_ENTRY_sk_type(sk), (n)) +#define sk_X509_NAME_ENTRY_free(sk) OPENSSL_sk_free(ossl_check_X509_NAME_ENTRY_sk_type(sk)) +#define sk_X509_NAME_ENTRY_zero(sk) OPENSSL_sk_zero(ossl_check_X509_NAME_ENTRY_sk_type(sk)) +#define sk_X509_NAME_ENTRY_delete(sk, i) ((X509_NAME_ENTRY *)OPENSSL_sk_delete(ossl_check_X509_NAME_ENTRY_sk_type(sk), (i))) +#define sk_X509_NAME_ENTRY_delete_ptr(sk, ptr) ((X509_NAME_ENTRY *)OPENSSL_sk_delete_ptr(ossl_check_X509_NAME_ENTRY_sk_type(sk), ossl_check_X509_NAME_ENTRY_type(ptr))) +#define sk_X509_NAME_ENTRY_push(sk, ptr) OPENSSL_sk_push(ossl_check_X509_NAME_ENTRY_sk_type(sk), ossl_check_X509_NAME_ENTRY_type(ptr)) +#define sk_X509_NAME_ENTRY_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_X509_NAME_ENTRY_sk_type(sk), ossl_check_X509_NAME_ENTRY_type(ptr)) +#define sk_X509_NAME_ENTRY_pop(sk) ((X509_NAME_ENTRY *)OPENSSL_sk_pop(ossl_check_X509_NAME_ENTRY_sk_type(sk))) +#define sk_X509_NAME_ENTRY_shift(sk) ((X509_NAME_ENTRY *)OPENSSL_sk_shift(ossl_check_X509_NAME_ENTRY_sk_type(sk))) +#define sk_X509_NAME_ENTRY_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_X509_NAME_ENTRY_sk_type(sk),ossl_check_X509_NAME_ENTRY_freefunc_type(freefunc)) +#define sk_X509_NAME_ENTRY_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_X509_NAME_ENTRY_sk_type(sk), ossl_check_X509_NAME_ENTRY_type(ptr), (idx)) +#define sk_X509_NAME_ENTRY_set(sk, idx, ptr) ((X509_NAME_ENTRY *)OPENSSL_sk_set(ossl_check_X509_NAME_ENTRY_sk_type(sk), (idx), ossl_check_X509_NAME_ENTRY_type(ptr))) +#define sk_X509_NAME_ENTRY_find(sk, ptr) OPENSSL_sk_find(ossl_check_X509_NAME_ENTRY_sk_type(sk), ossl_check_X509_NAME_ENTRY_type(ptr)) +#define sk_X509_NAME_ENTRY_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_X509_NAME_ENTRY_sk_type(sk), ossl_check_X509_NAME_ENTRY_type(ptr)) +#define sk_X509_NAME_ENTRY_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_X509_NAME_ENTRY_sk_type(sk), ossl_check_X509_NAME_ENTRY_type(ptr), pnum) +#define sk_X509_NAME_ENTRY_sort(sk) OPENSSL_sk_sort(ossl_check_X509_NAME_ENTRY_sk_type(sk)) +#define sk_X509_NAME_ENTRY_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_X509_NAME_ENTRY_sk_type(sk)) +#define sk_X509_NAME_ENTRY_dup(sk) ((STACK_OF(X509_NAME_ENTRY) *)OPENSSL_sk_dup(ossl_check_const_X509_NAME_ENTRY_sk_type(sk))) +#define sk_X509_NAME_ENTRY_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_NAME_ENTRY) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_NAME_ENTRY_sk_type(sk), ossl_check_X509_NAME_ENTRY_copyfunc_type(copyfunc), ossl_check_X509_NAME_ENTRY_freefunc_type(freefunc))) +#define sk_X509_NAME_ENTRY_set_cmp_func(sk, cmp) ((sk_X509_NAME_ENTRY_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_NAME_ENTRY_sk_type(sk), ossl_check_X509_NAME_ENTRY_compfunc_type(cmp))) + + +# define X509_EX_V_NETSCAPE_HACK 0x8000 +# define X509_EX_V_INIT 0x0001 +typedef struct X509_extension_st X509_EXTENSION; +SKM_DEFINE_STACK_OF_INTERNAL(X509_EXTENSION, X509_EXTENSION, X509_EXTENSION) +#define sk_X509_EXTENSION_num(sk) OPENSSL_sk_num(ossl_check_const_X509_EXTENSION_sk_type(sk)) +#define sk_X509_EXTENSION_value(sk, idx) ((X509_EXTENSION *)OPENSSL_sk_value(ossl_check_const_X509_EXTENSION_sk_type(sk), (idx))) +#define sk_X509_EXTENSION_new(cmp) ((STACK_OF(X509_EXTENSION) *)OPENSSL_sk_new(ossl_check_X509_EXTENSION_compfunc_type(cmp))) +#define sk_X509_EXTENSION_new_null() ((STACK_OF(X509_EXTENSION) *)OPENSSL_sk_new_null()) +#define sk_X509_EXTENSION_new_reserve(cmp, n) ((STACK_OF(X509_EXTENSION) *)OPENSSL_sk_new_reserve(ossl_check_X509_EXTENSION_compfunc_type(cmp), (n))) +#define sk_X509_EXTENSION_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_X509_EXTENSION_sk_type(sk), (n)) +#define sk_X509_EXTENSION_free(sk) OPENSSL_sk_free(ossl_check_X509_EXTENSION_sk_type(sk)) +#define sk_X509_EXTENSION_zero(sk) OPENSSL_sk_zero(ossl_check_X509_EXTENSION_sk_type(sk)) +#define sk_X509_EXTENSION_delete(sk, i) ((X509_EXTENSION *)OPENSSL_sk_delete(ossl_check_X509_EXTENSION_sk_type(sk), (i))) +#define sk_X509_EXTENSION_delete_ptr(sk, ptr) ((X509_EXTENSION *)OPENSSL_sk_delete_ptr(ossl_check_X509_EXTENSION_sk_type(sk), ossl_check_X509_EXTENSION_type(ptr))) +#define sk_X509_EXTENSION_push(sk, ptr) OPENSSL_sk_push(ossl_check_X509_EXTENSION_sk_type(sk), ossl_check_X509_EXTENSION_type(ptr)) +#define sk_X509_EXTENSION_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_X509_EXTENSION_sk_type(sk), ossl_check_X509_EXTENSION_type(ptr)) +#define sk_X509_EXTENSION_pop(sk) ((X509_EXTENSION *)OPENSSL_sk_pop(ossl_check_X509_EXTENSION_sk_type(sk))) +#define sk_X509_EXTENSION_shift(sk) ((X509_EXTENSION *)OPENSSL_sk_shift(ossl_check_X509_EXTENSION_sk_type(sk))) +#define sk_X509_EXTENSION_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_X509_EXTENSION_sk_type(sk),ossl_check_X509_EXTENSION_freefunc_type(freefunc)) +#define sk_X509_EXTENSION_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_X509_EXTENSION_sk_type(sk), ossl_check_X509_EXTENSION_type(ptr), (idx)) +#define sk_X509_EXTENSION_set(sk, idx, ptr) ((X509_EXTENSION *)OPENSSL_sk_set(ossl_check_X509_EXTENSION_sk_type(sk), (idx), ossl_check_X509_EXTENSION_type(ptr))) +#define sk_X509_EXTENSION_find(sk, ptr) OPENSSL_sk_find(ossl_check_X509_EXTENSION_sk_type(sk), ossl_check_X509_EXTENSION_type(ptr)) +#define sk_X509_EXTENSION_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_X509_EXTENSION_sk_type(sk), ossl_check_X509_EXTENSION_type(ptr)) +#define sk_X509_EXTENSION_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_X509_EXTENSION_sk_type(sk), ossl_check_X509_EXTENSION_type(ptr), pnum) +#define sk_X509_EXTENSION_sort(sk) OPENSSL_sk_sort(ossl_check_X509_EXTENSION_sk_type(sk)) +#define sk_X509_EXTENSION_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_X509_EXTENSION_sk_type(sk)) +#define sk_X509_EXTENSION_dup(sk) ((STACK_OF(X509_EXTENSION) *)OPENSSL_sk_dup(ossl_check_const_X509_EXTENSION_sk_type(sk))) +#define sk_X509_EXTENSION_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_EXTENSION) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_EXTENSION_sk_type(sk), ossl_check_X509_EXTENSION_copyfunc_type(copyfunc), ossl_check_X509_EXTENSION_freefunc_type(freefunc))) +#define sk_X509_EXTENSION_set_cmp_func(sk, cmp) ((sk_X509_EXTENSION_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_EXTENSION_sk_type(sk), ossl_check_X509_EXTENSION_compfunc_type(cmp))) + +typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; +typedef struct x509_attributes_st X509_ATTRIBUTE; +SKM_DEFINE_STACK_OF_INTERNAL(X509_ATTRIBUTE, X509_ATTRIBUTE, X509_ATTRIBUTE) +#define sk_X509_ATTRIBUTE_num(sk) OPENSSL_sk_num(ossl_check_const_X509_ATTRIBUTE_sk_type(sk)) +#define sk_X509_ATTRIBUTE_value(sk, idx) ((X509_ATTRIBUTE *)OPENSSL_sk_value(ossl_check_const_X509_ATTRIBUTE_sk_type(sk), (idx))) +#define sk_X509_ATTRIBUTE_new(cmp) ((STACK_OF(X509_ATTRIBUTE) *)OPENSSL_sk_new(ossl_check_X509_ATTRIBUTE_compfunc_type(cmp))) +#define sk_X509_ATTRIBUTE_new_null() ((STACK_OF(X509_ATTRIBUTE) *)OPENSSL_sk_new_null()) +#define sk_X509_ATTRIBUTE_new_reserve(cmp, n) ((STACK_OF(X509_ATTRIBUTE) *)OPENSSL_sk_new_reserve(ossl_check_X509_ATTRIBUTE_compfunc_type(cmp), (n))) +#define sk_X509_ATTRIBUTE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_X509_ATTRIBUTE_sk_type(sk), (n)) +#define sk_X509_ATTRIBUTE_free(sk) OPENSSL_sk_free(ossl_check_X509_ATTRIBUTE_sk_type(sk)) +#define sk_X509_ATTRIBUTE_zero(sk) OPENSSL_sk_zero(ossl_check_X509_ATTRIBUTE_sk_type(sk)) +#define sk_X509_ATTRIBUTE_delete(sk, i) ((X509_ATTRIBUTE *)OPENSSL_sk_delete(ossl_check_X509_ATTRIBUTE_sk_type(sk), (i))) +#define sk_X509_ATTRIBUTE_delete_ptr(sk, ptr) ((X509_ATTRIBUTE *)OPENSSL_sk_delete_ptr(ossl_check_X509_ATTRIBUTE_sk_type(sk), ossl_check_X509_ATTRIBUTE_type(ptr))) +#define sk_X509_ATTRIBUTE_push(sk, ptr) OPENSSL_sk_push(ossl_check_X509_ATTRIBUTE_sk_type(sk), ossl_check_X509_ATTRIBUTE_type(ptr)) +#define sk_X509_ATTRIBUTE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_X509_ATTRIBUTE_sk_type(sk), ossl_check_X509_ATTRIBUTE_type(ptr)) +#define sk_X509_ATTRIBUTE_pop(sk) ((X509_ATTRIBUTE *)OPENSSL_sk_pop(ossl_check_X509_ATTRIBUTE_sk_type(sk))) +#define sk_X509_ATTRIBUTE_shift(sk) ((X509_ATTRIBUTE *)OPENSSL_sk_shift(ossl_check_X509_ATTRIBUTE_sk_type(sk))) +#define sk_X509_ATTRIBUTE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_X509_ATTRIBUTE_sk_type(sk),ossl_check_X509_ATTRIBUTE_freefunc_type(freefunc)) +#define sk_X509_ATTRIBUTE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_X509_ATTRIBUTE_sk_type(sk), ossl_check_X509_ATTRIBUTE_type(ptr), (idx)) +#define sk_X509_ATTRIBUTE_set(sk, idx, ptr) ((X509_ATTRIBUTE *)OPENSSL_sk_set(ossl_check_X509_ATTRIBUTE_sk_type(sk), (idx), ossl_check_X509_ATTRIBUTE_type(ptr))) +#define sk_X509_ATTRIBUTE_find(sk, ptr) OPENSSL_sk_find(ossl_check_X509_ATTRIBUTE_sk_type(sk), ossl_check_X509_ATTRIBUTE_type(ptr)) +#define sk_X509_ATTRIBUTE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_X509_ATTRIBUTE_sk_type(sk), ossl_check_X509_ATTRIBUTE_type(ptr)) +#define sk_X509_ATTRIBUTE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_X509_ATTRIBUTE_sk_type(sk), ossl_check_X509_ATTRIBUTE_type(ptr), pnum) +#define sk_X509_ATTRIBUTE_sort(sk) OPENSSL_sk_sort(ossl_check_X509_ATTRIBUTE_sk_type(sk)) +#define sk_X509_ATTRIBUTE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_X509_ATTRIBUTE_sk_type(sk)) +#define sk_X509_ATTRIBUTE_dup(sk) ((STACK_OF(X509_ATTRIBUTE) *)OPENSSL_sk_dup(ossl_check_const_X509_ATTRIBUTE_sk_type(sk))) +#define sk_X509_ATTRIBUTE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_ATTRIBUTE) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_ATTRIBUTE_sk_type(sk), ossl_check_X509_ATTRIBUTE_copyfunc_type(copyfunc), ossl_check_X509_ATTRIBUTE_freefunc_type(freefunc))) +#define sk_X509_ATTRIBUTE_set_cmp_func(sk, cmp) ((sk_X509_ATTRIBUTE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_ATTRIBUTE_sk_type(sk), ossl_check_X509_ATTRIBUTE_compfunc_type(cmp))) + +typedef struct X509_req_info_st X509_REQ_INFO; +typedef struct X509_req_st X509_REQ; +typedef struct x509_cert_aux_st X509_CERT_AUX; +typedef struct x509_cinf_st X509_CINF; + +/* Flags for X509_print_ex() */ + +# define X509_FLAG_COMPAT 0 +# define X509_FLAG_NO_HEADER 1L +# define X509_FLAG_NO_VERSION (1L << 1) +# define X509_FLAG_NO_SERIAL (1L << 2) +# define X509_FLAG_NO_SIGNAME (1L << 3) +# define X509_FLAG_NO_ISSUER (1L << 4) +# define X509_FLAG_NO_VALIDITY (1L << 5) +# define X509_FLAG_NO_SUBJECT (1L << 6) +# define X509_FLAG_NO_PUBKEY (1L << 7) +# define X509_FLAG_NO_EXTENSIONS (1L << 8) +# define X509_FLAG_NO_SIGDUMP (1L << 9) +# define X509_FLAG_NO_AUX (1L << 10) +# define X509_FLAG_NO_ATTRIBUTES (1L << 11) +# define X509_FLAG_NO_IDS (1L << 12) +# define X509_FLAG_EXTENSIONS_ONLY_KID (1L << 13) + +/* Flags specific to X509_NAME_print_ex() */ + +/* The field separator information */ + +# define XN_FLAG_SEP_MASK (0xf << 16) + +# define XN_FLAG_COMPAT 0/* Traditional; use old X509_NAME_print */ +# define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */ +# define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */ +# define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */ +# define XN_FLAG_SEP_MULTILINE (4 << 16)/* One line per field */ + +# define XN_FLAG_DN_REV (1 << 20)/* Reverse DN order */ + +/* How the field name is shown */ + +# define XN_FLAG_FN_MASK (0x3 << 21) + +# define XN_FLAG_FN_SN 0/* Object short name */ +# define XN_FLAG_FN_LN (1 << 21)/* Object long name */ +# define XN_FLAG_FN_OID (2 << 21)/* Always use OIDs */ +# define XN_FLAG_FN_NONE (3 << 21)/* No field names */ + +# define XN_FLAG_SPC_EQ (1 << 23)/* Put spaces round '=' */ + +/* + * This determines if we dump fields we don't recognise: RFC2253 requires + * this. + */ + +# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) + +# define XN_FLAG_FN_ALIGN (1 << 25)/* Align field names to 20 + * characters */ + +/* Complete set of RFC2253 flags */ + +# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ + XN_FLAG_SEP_COMMA_PLUS | \ + XN_FLAG_DN_REV | \ + XN_FLAG_FN_SN | \ + XN_FLAG_DUMP_UNKNOWN_FIELDS) + +/* readable oneline form */ + +# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ + ASN1_STRFLGS_ESC_QUOTE | \ + XN_FLAG_SEP_CPLUS_SPC | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_SN) + +/* readable multiline form */ + +# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + XN_FLAG_SEP_MULTILINE | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_LN | \ + XN_FLAG_FN_ALIGN) + +typedef struct X509_crl_info_st X509_CRL_INFO; + +typedef struct private_key_st { + int version; + /* The PKCS#8 data types */ + X509_ALGOR *enc_algor; + ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ + /* When decrypted, the following will not be NULL */ + EVP_PKEY *dec_pkey; + /* used to encrypt and decrypt */ + int key_length; + char *key_data; + int key_free; /* true if we should auto free key_data */ + /* expanded version of 'enc_algor' */ + EVP_CIPHER_INFO cipher; +} X509_PKEY; + +typedef struct X509_info_st { + X509 *x509; + X509_CRL *crl; + X509_PKEY *x_pkey; + EVP_CIPHER_INFO enc_cipher; + int enc_len; + char *enc_data; +} X509_INFO; +SKM_DEFINE_STACK_OF_INTERNAL(X509_INFO, X509_INFO, X509_INFO) +#define sk_X509_INFO_num(sk) OPENSSL_sk_num(ossl_check_const_X509_INFO_sk_type(sk)) +#define sk_X509_INFO_value(sk, idx) ((X509_INFO *)OPENSSL_sk_value(ossl_check_const_X509_INFO_sk_type(sk), (idx))) +#define sk_X509_INFO_new(cmp) ((STACK_OF(X509_INFO) *)OPENSSL_sk_new(ossl_check_X509_INFO_compfunc_type(cmp))) +#define sk_X509_INFO_new_null() ((STACK_OF(X509_INFO) *)OPENSSL_sk_new_null()) +#define sk_X509_INFO_new_reserve(cmp, n) ((STACK_OF(X509_INFO) *)OPENSSL_sk_new_reserve(ossl_check_X509_INFO_compfunc_type(cmp), (n))) +#define sk_X509_INFO_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_X509_INFO_sk_type(sk), (n)) +#define sk_X509_INFO_free(sk) OPENSSL_sk_free(ossl_check_X509_INFO_sk_type(sk)) +#define sk_X509_INFO_zero(sk) OPENSSL_sk_zero(ossl_check_X509_INFO_sk_type(sk)) +#define sk_X509_INFO_delete(sk, i) ((X509_INFO *)OPENSSL_sk_delete(ossl_check_X509_INFO_sk_type(sk), (i))) +#define sk_X509_INFO_delete_ptr(sk, ptr) ((X509_INFO *)OPENSSL_sk_delete_ptr(ossl_check_X509_INFO_sk_type(sk), ossl_check_X509_INFO_type(ptr))) +#define sk_X509_INFO_push(sk, ptr) OPENSSL_sk_push(ossl_check_X509_INFO_sk_type(sk), ossl_check_X509_INFO_type(ptr)) +#define sk_X509_INFO_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_X509_INFO_sk_type(sk), ossl_check_X509_INFO_type(ptr)) +#define sk_X509_INFO_pop(sk) ((X509_INFO *)OPENSSL_sk_pop(ossl_check_X509_INFO_sk_type(sk))) +#define sk_X509_INFO_shift(sk) ((X509_INFO *)OPENSSL_sk_shift(ossl_check_X509_INFO_sk_type(sk))) +#define sk_X509_INFO_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_X509_INFO_sk_type(sk),ossl_check_X509_INFO_freefunc_type(freefunc)) +#define sk_X509_INFO_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_X509_INFO_sk_type(sk), ossl_check_X509_INFO_type(ptr), (idx)) +#define sk_X509_INFO_set(sk, idx, ptr) ((X509_INFO *)OPENSSL_sk_set(ossl_check_X509_INFO_sk_type(sk), (idx), ossl_check_X509_INFO_type(ptr))) +#define sk_X509_INFO_find(sk, ptr) OPENSSL_sk_find(ossl_check_X509_INFO_sk_type(sk), ossl_check_X509_INFO_type(ptr)) +#define sk_X509_INFO_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_X509_INFO_sk_type(sk), ossl_check_X509_INFO_type(ptr)) +#define sk_X509_INFO_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_X509_INFO_sk_type(sk), ossl_check_X509_INFO_type(ptr), pnum) +#define sk_X509_INFO_sort(sk) OPENSSL_sk_sort(ossl_check_X509_INFO_sk_type(sk)) +#define sk_X509_INFO_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_X509_INFO_sk_type(sk)) +#define sk_X509_INFO_dup(sk) ((STACK_OF(X509_INFO) *)OPENSSL_sk_dup(ossl_check_const_X509_INFO_sk_type(sk))) +#define sk_X509_INFO_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_INFO) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_INFO_sk_type(sk), ossl_check_X509_INFO_copyfunc_type(copyfunc), ossl_check_X509_INFO_freefunc_type(freefunc))) +#define sk_X509_INFO_set_cmp_func(sk, cmp) ((sk_X509_INFO_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_INFO_sk_type(sk), ossl_check_X509_INFO_compfunc_type(cmp))) + + +/* + * The next 2 structures and their 8 routines are used to manipulate Netscape's + * spki structures - useful if you are writing a CA web page + */ +typedef struct Netscape_spkac_st { + X509_PUBKEY *pubkey; + ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ +} NETSCAPE_SPKAC; + +typedef struct Netscape_spki_st { + NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ + X509_ALGOR sig_algor; + ASN1_BIT_STRING *signature; +} NETSCAPE_SPKI; + +/* Netscape certificate sequence structure */ +typedef struct Netscape_certificate_sequence { + ASN1_OBJECT *type; + STACK_OF(X509) *certs; +} NETSCAPE_CERT_SEQUENCE; + +/*- Unused (and iv length is wrong) +typedef struct CBCParameter_st + { + unsigned char iv[8]; + } CBC_PARAM; +*/ + +/* Password based encryption structure */ + +typedef struct PBEPARAM_st { + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *iter; +} PBEPARAM; + +/* Password based encryption V2 structures */ + +typedef struct PBE2PARAM_st { + X509_ALGOR *keyfunc; + X509_ALGOR *encryption; +} PBE2PARAM; + +typedef struct PBKDF2PARAM_st { +/* Usually OCTET STRING but could be anything */ + ASN1_TYPE *salt; + ASN1_INTEGER *iter; + ASN1_INTEGER *keylength; + X509_ALGOR *prf; +} PBKDF2PARAM; + +typedef struct { + X509_ALGOR *keyDerivationFunc; + X509_ALGOR *messageAuthScheme; +} PBMAC1PARAM; + +# ifndef OPENSSL_NO_SCRYPT +typedef struct SCRYPT_PARAMS_st { + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *costParameter; + ASN1_INTEGER *blockSize; + ASN1_INTEGER *parallelizationParameter; + ASN1_INTEGER *keyLength; +} SCRYPT_PARAMS; +# endif + +#ifdef __cplusplus +} +#endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define X509_EXT_PACK_UNKNOWN 1 +# define X509_EXT_PACK_STRING 2 + +# define X509_extract_key(x) X509_get_pubkey(x)/*****/ +# define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) +# define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) + +void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); +X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), + int (*crl_free) (X509_CRL *crl), + int (*crl_lookup) (X509_CRL *crl, + X509_REVOKED **ret, + const + ASN1_INTEGER *serial, + const + X509_NAME *issuer), + int (*crl_verify) (X509_CRL *crl, + EVP_PKEY *pk)); +void X509_CRL_METHOD_free(X509_CRL_METHOD *m); + +void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); +void *X509_CRL_get_meth_data(X509_CRL *crl); + +const char *X509_verify_cert_error_string(long n); + +int X509_verify(X509 *a, EVP_PKEY *r); +int X509_self_signed(X509 *cert, int verify_signature); + +int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *r, OSSL_LIB_CTX *libctx, + const char *propq); +int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); +int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); +int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); + +NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len); +char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); +EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x); +int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); + +int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); + +int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent); +int X509_signature_print(BIO *bp, const X509_ALGOR *alg, + const ASN1_STRING *sig); + +int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); +int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); +int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); +int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); + +int X509_pubkey_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert, + EVP_MD **md_used, int *md_is_fallback); +int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); + +X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); +X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# include /* OSSL_HTTP_REQ_CTX_nbio_d2i */ +# define X509_http_nbio(rctx, pcert) \ + OSSL_HTTP_REQ_CTX_nbio_d2i(rctx, pcert, ASN1_ITEM_rptr(X509)) +# define X509_CRL_http_nbio(rctx, pcrl) \ + OSSL_HTTP_REQ_CTX_nbio_d2i(rctx, pcrl, ASN1_ITEM_rptr(X509_CRL)) +# endif + +# ifndef OPENSSL_NO_STDIO +X509 *d2i_X509_fp(FILE *fp, X509 **x509); +int i2d_X509_fp(FILE *fp, const X509 *x509); +X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); +int i2d_X509_CRL_fp(FILE *fp, const X509_CRL *crl); +X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req); +int i2d_X509_REQ_fp(FILE *fp, const X509_REQ *req); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa); +OSSL_DEPRECATEDIN_3_0 int i2d_RSAPrivateKey_fp(FILE *fp, const RSA *rsa); +OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa); +OSSL_DEPRECATEDIN_3_0 int i2d_RSAPublicKey_fp(FILE *fp, const RSA *rsa); +OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa); +OSSL_DEPRECATEDIN_3_0 int i2d_RSA_PUBKEY_fp(FILE *fp, const RSA *rsa); +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_DSA +OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); +OSSL_DEPRECATEDIN_3_0 int i2d_DSA_PUBKEY_fp(FILE *fp, const DSA *dsa); +OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); +OSSL_DEPRECATEDIN_3_0 int i2d_DSAPrivateKey_fp(FILE *fp, const DSA *dsa); +# endif +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_EC +OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); +OSSL_DEPRECATEDIN_3_0 int i2d_EC_PUBKEY_fp(FILE *fp, const EC_KEY *eckey); +OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); +OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey_fp(FILE *fp, const EC_KEY *eckey); +# endif /* OPENSSL_NO_EC */ +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8); +int i2d_PKCS8_fp(FILE *fp, const X509_SIG *p8); +X509_PUBKEY *d2i_X509_PUBKEY_fp(FILE *fp, X509_PUBKEY **xpk); +int i2d_X509_PUBKEY_fp(FILE *fp, const X509_PUBKEY *xpk); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, const PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, const EVP_PKEY *key); +int i2d_PrivateKey_fp(FILE *fp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, + const char *propq); +EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); +int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, + const char *propq); +EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); +# endif + +X509 *d2i_X509_bio(BIO *bp, X509 **x509); +int i2d_X509_bio(BIO *bp, const X509 *x509); +X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); +int i2d_X509_CRL_bio(BIO *bp, const X509_CRL *crl); +X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req); +int i2d_X509_REQ_bio(BIO *bp, const X509_REQ *req); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa); +OSSL_DEPRECATEDIN_3_0 int i2d_RSAPrivateKey_bio(BIO *bp, const RSA *rsa); +OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa); +OSSL_DEPRECATEDIN_3_0 int i2d_RSAPublicKey_bio(BIO *bp, const RSA *rsa); +OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa); +OSSL_DEPRECATEDIN_3_0 int i2d_RSA_PUBKEY_bio(BIO *bp, const RSA *rsa); +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_DSA +OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); +OSSL_DEPRECATEDIN_3_0 int i2d_DSA_PUBKEY_bio(BIO *bp, const DSA *dsa); +OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); +OSSL_DEPRECATEDIN_3_0 int i2d_DSAPrivateKey_bio(BIO *bp, const DSA *dsa); +# endif +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_EC +OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); +OSSL_DEPRECATEDIN_3_0 int i2d_EC_PUBKEY_bio(BIO *bp, const EC_KEY *eckey); +OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); +OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey); +# endif /* OPENSSL_NO_EC */ +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8); +int i2d_PKCS8_bio(BIO *bp, const X509_SIG *p8); +X509_PUBKEY *d2i_X509_PUBKEY_bio(BIO *bp, X509_PUBKEY **xpk); +int i2d_X509_PUBKEY_bio(BIO *bp, const X509_PUBKEY *xpk); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, const PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, const EVP_PKEY *key); +int i2d_PrivateKey_bio(BIO *bp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, + const char *propq); +EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); +int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, + const char *propq); +EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); + +DECLARE_ASN1_DUP_FUNCTION(X509) +DECLARE_ASN1_DUP_FUNCTION(X509_ALGOR) +DECLARE_ASN1_DUP_FUNCTION(X509_ATTRIBUTE) +DECLARE_ASN1_DUP_FUNCTION(X509_CRL) +DECLARE_ASN1_DUP_FUNCTION(X509_EXTENSION) +DECLARE_ASN1_DUP_FUNCTION(X509_PUBKEY) +DECLARE_ASN1_DUP_FUNCTION(X509_REQ) +DECLARE_ASN1_DUP_FUNCTION(X509_REVOKED) +int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, + void *pval); +void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, + const void **ppval, const X509_ALGOR *algor); +void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); +int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src); + +DECLARE_ASN1_DUP_FUNCTION(X509_NAME) +DECLARE_ASN1_DUP_FUNCTION(X509_NAME_ENTRY) + +int X509_cmp_time(const ASN1_TIME *s, time_t *t); +int X509_cmp_current_time(const ASN1_TIME *s); +int X509_cmp_timeframe(const X509_VERIFY_PARAM *vpm, + const ASN1_TIME *start, const ASN1_TIME *end); +ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t); +ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, + int offset_day, long offset_sec, time_t *t); +ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj); + +const char *X509_get_default_cert_area(void); +const char *X509_get_default_cert_dir(void); +const char *X509_get_default_cert_file(void); +const char *X509_get_default_cert_dir_env(void); +const char *X509_get_default_cert_file_env(void); +const char *X509_get_default_private_dir(void); + +X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey); + +DECLARE_ASN1_FUNCTIONS(X509_ALGOR) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS) +DECLARE_ASN1_FUNCTIONS(X509_VAL) + +DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) + +X509_PUBKEY *X509_PUBKEY_new_ex(OSSL_LIB_CTX *libctx, const char *propq); +int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +EVP_PKEY *X509_PUBKEY_get0(const X509_PUBKEY *key); +EVP_PKEY *X509_PUBKEY_get(const X509_PUBKEY *key); +int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain); +long X509_get_pathlen(X509 *x); +DECLARE_ASN1_ENCODE_FUNCTIONS_only(EVP_PKEY, PUBKEY) +EVP_PKEY *d2i_PUBKEY_ex(EVP_PKEY **a, const unsigned char **pp, long length, + OSSL_LIB_CTX *libctx, const char *propq); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,RSA, RSA_PUBKEY) +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_DSA +DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,DSA, DSA_PUBKEY) +# endif +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_EC +DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, EC_KEY, EC_PUBKEY) +# endif +# endif + +DECLARE_ASN1_FUNCTIONS(X509_SIG) +void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, + const ASN1_OCTET_STRING **pdigest); +void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, + ASN1_OCTET_STRING **pdigest); + +DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) +DECLARE_ASN1_FUNCTIONS(X509_REQ) +X509_REQ *X509_REQ_new_ex(OSSL_LIB_CTX *libctx, const char *propq); + +DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE) +X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); + +DECLARE_ASN1_FUNCTIONS(X509_EXTENSION) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) + +DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) + +DECLARE_ASN1_FUNCTIONS(X509_NAME) + +int X509_NAME_set(X509_NAME **xn, const X509_NAME *name); + +DECLARE_ASN1_FUNCTIONS(X509_CINF) +DECLARE_ASN1_FUNCTIONS(X509) +X509 *X509_new_ex(OSSL_LIB_CTX *libctx, const char *propq); +DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) + +#define X509_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef) +int X509_set_ex_data(X509 *r, int idx, void *arg); +void *X509_get_ex_data(const X509 *r, int idx); +DECLARE_ASN1_ENCODE_FUNCTIONS_only(X509,X509_AUX) + +int i2d_re_X509_tbs(X509 *x, unsigned char **pp); + +int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, + int *secbits, uint32_t *flags); +void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, + int secbits, uint32_t flags); + +int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, + uint32_t *flags); + +void X509_get0_signature(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x); +int X509_get_signature_nid(const X509 *x); + +void X509_set0_distinguishing_id(X509 *x, ASN1_OCTET_STRING *d_id); +ASN1_OCTET_STRING *X509_get0_distinguishing_id(X509 *x); +void X509_REQ_set0_distinguishing_id(X509_REQ *x, ASN1_OCTET_STRING *d_id); +ASN1_OCTET_STRING *X509_REQ_get0_distinguishing_id(X509_REQ *x); + +int X509_alias_set1(X509 *x, const unsigned char *name, int len); +int X509_keyid_set1(X509 *x, const unsigned char *id, int len); +unsigned char *X509_alias_get0(X509 *x, int *len); +unsigned char *X509_keyid_get0(X509 *x, int *len); + +DECLARE_ASN1_FUNCTIONS(X509_REVOKED) +DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) +DECLARE_ASN1_FUNCTIONS(X509_CRL) +X509_CRL *X509_CRL_new_ex(OSSL_LIB_CTX *libctx, const char *propq); + +int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +int X509_CRL_get0_by_serial(X509_CRL *crl, + X509_REVOKED **ret, const ASN1_INTEGER *serial); +int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); + +X509_PKEY *X509_PKEY_new(void); +void X509_PKEY_free(X509_PKEY *a); + +DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) + +X509_INFO *X509_INFO_new(void); +void X509_INFO_free(X509_INFO *a); +char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); + +#ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey); +OSSL_DEPRECATEDIN_3_0 +int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, + unsigned char *md, unsigned int *len); +OSSL_DEPRECATEDIN_3_0 +int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, + const EVP_MD *type); +#endif +int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data, + unsigned char *md, unsigned int *len); +int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *alg, + const ASN1_BIT_STRING *signature, const void *data, + EVP_PKEY *pkey); +int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, + const ASN1_BIT_STRING *signature, const void *data, + EVP_MD_CTX *ctx); +int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, const void *data, + EVP_PKEY *pkey, const EVP_MD *md); +int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + const void *data, EVP_MD_CTX *ctx); + +#define X509_VERSION_1 0 +#define X509_VERSION_2 1 +#define X509_VERSION_3 2 + +long X509_get_version(const X509 *x); +int X509_set_version(X509 *x, long version); +int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); +ASN1_INTEGER *X509_get_serialNumber(X509 *x); +const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); +int X509_set_issuer_name(X509 *x, const X509_NAME *name); +X509_NAME *X509_get_issuer_name(const X509 *a); +int X509_set_subject_name(X509 *x, const X509_NAME *name); +X509_NAME *X509_get_subject_name(const X509 *a); +const ASN1_TIME * X509_get0_notBefore(const X509 *x); +ASN1_TIME *X509_getm_notBefore(const X509 *x); +int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); +const ASN1_TIME *X509_get0_notAfter(const X509 *x); +ASN1_TIME *X509_getm_notAfter(const X509 *x); +int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); +int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +int X509_up_ref(X509 *x); +int X509_get_signature_type(const X509 *x); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define X509_get_notBefore X509_getm_notBefore +# define X509_get_notAfter X509_getm_notAfter +# define X509_set_notBefore X509_set1_notBefore +# define X509_set_notAfter X509_set1_notAfter +#endif + + +/* + * This one is only used so that a binary form can output, as in + * i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf) + */ +X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); +const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); +void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, + const ASN1_BIT_STRING **psuid); +const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); + +EVP_PKEY *X509_get0_pubkey(const X509 *x); +EVP_PKEY *X509_get_pubkey(X509 *x); +ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); + +#define X509_REQ_VERSION_1 0 + +long X509_REQ_get_version(const X509_REQ *req); +int X509_REQ_set_version(X509_REQ *x, long version); +X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); +int X509_REQ_set_subject_name(X509_REQ *req, const X509_NAME *name); +void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); +void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig); +int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg); +int X509_REQ_get_signature_nid(const X509_REQ *req); +int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); +int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); +EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); +EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req); +X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req); +int X509_REQ_extension_nid(int nid); +int *X509_REQ_get_extension_nids(void); +void X509_REQ_set_extension_nids(int *nids); +STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(OSSL_FUTURE_CONST X509_REQ *req); +int X509_REQ_add_extensions_nid(X509_REQ *req, + const STACK_OF(X509_EXTENSION) *exts, int nid); +int X509_REQ_add_extensions(X509_REQ *req, const STACK_OF(X509_EXTENSION) *ext); +int X509_REQ_get_attr_count(const X509_REQ *req); +int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); +int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); +X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); +int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); +int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_NID(X509_REQ *req, + int nid, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_txt(X509_REQ *req, + const char *attrname, int type, + const unsigned char *bytes, int len); + +#define X509_CRL_VERSION_1 0 +#define X509_CRL_VERSION_2 1 + +int X509_CRL_set_version(X509_CRL *x, long version); +int X509_CRL_set_issuer_name(X509_CRL *x, const X509_NAME *name); +int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_sort(X509_CRL *crl); +int X509_CRL_up_ref(X509_CRL *crl); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate +# define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate +#endif + +long X509_CRL_get_version(const X509_CRL *crl); +const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); +const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +OSSL_DEPRECATEDIN_1_1_0 ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl); +OSSL_DEPRECATEDIN_1_1_0 ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl); +#endif +X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); +const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); +STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); +void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); +int X509_CRL_get_signature_nid(const X509_CRL *crl); +int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp); + +const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x); +int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); +const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x); +int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +const STACK_OF(X509_EXTENSION) * +X509_REVOKED_get0_extensions(const X509_REVOKED *r); + +X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, + EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); + +int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey); + +int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey); +int X509_chain_check_suiteb(int *perror_depth, + X509 *x, STACK_OF(X509) *chain, + unsigned long flags); +int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); +void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs); +STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); + +int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_and_serial_hash(X509 *a); + +int X509_issuer_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_name_hash(X509 *a); + +int X509_subject_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_subject_name_hash(X509 *x); + +# ifndef OPENSSL_NO_MD5 +unsigned long X509_issuer_name_hash_old(X509 *a); +unsigned long X509_subject_name_hash_old(X509 *x); +# endif + +# define X509_ADD_FLAG_DEFAULT 0 +# define X509_ADD_FLAG_UP_REF 0x1 +# define X509_ADD_FLAG_PREPEND 0x2 +# define X509_ADD_FLAG_NO_DUP 0x4 +# define X509_ADD_FLAG_NO_SS 0x8 +int X509_add_cert(STACK_OF(X509) *sk, X509 *cert, int flags); +int X509_add_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, int flags); + +int X509_cmp(const X509 *a, const X509 *b); +int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); +#ifndef OPENSSL_NO_DEPRECATED_3_0 +# define X509_NAME_hash(x) X509_NAME_hash_ex(x, NULL, NULL, NULL) +OSSL_DEPRECATEDIN_3_0 int X509_certificate_type(const X509 *x, + const EVP_PKEY *pubkey); +#endif +unsigned long X509_NAME_hash_ex(const X509_NAME *x, OSSL_LIB_CTX *libctx, + const char *propq, int *ok); +unsigned long X509_NAME_hash_old(const X509_NAME *x); + +int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); +int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); +int X509_aux_print(BIO *out, X509 *x, int indent); +# ifndef OPENSSL_NO_STDIO +int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); +int X509_print_fp(FILE *bp, X509 *x); +int X509_CRL_print_fp(FILE *bp, X509_CRL *x); +int X509_REQ_print_fp(FILE *bp, X509_REQ *req); +int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, + unsigned long flags); +# endif + +int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); +int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, + unsigned long flags); +int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); +int X509_print(BIO *bp, X509 *x); +int X509_ocspid_print(BIO *bp, X509 *x); +int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag); +int X509_CRL_print(BIO *bp, X509_CRL *x); +int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, + unsigned long cflag); +int X509_REQ_print(BIO *bp, X509_REQ *req); + +int X509_NAME_entry_count(const X509_NAME *name); +int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid, + char *buf, int len); +int X509_NAME_get_text_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, + char *buf, int len); + +/* + * NOTE: you should be passing -1, not 0 as lastpos. The functions that use + * lastpos, search after that position on. + */ +int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos); +int X509_NAME_get_index_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, + int lastpos); +X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); +X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, + int loc, int set); +int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len, int loc, + int set); +int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, + const unsigned char *bytes, int len, int loc, + int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, + const char *field, int type, + const unsigned char *bytes, + int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, + int type, + const unsigned char *bytes, + int len); +int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + const unsigned char *bytes, int len, int loc, + int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, + int len); +int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); +int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, + const unsigned char *bytes, int len); +ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); +ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); +int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne); + +int X509_NAME_get0_der(const X509_NAME *nm, const unsigned char **pder, + size_t *pderlen); + +int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); +int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, + int nid, int lastpos); +int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, + const ASN1_OBJECT *obj, int lastpos); +int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, + int crit, int lastpos); +X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); +X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); +STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, + X509_EXTENSION *ex, int loc); +STACK_OF(X509_EXTENSION) *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **target, + const STACK_OF(X509_EXTENSION) *exts); + +int X509_get_ext_count(const X509 *x); +int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); +int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos); +int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); +X509_EXTENSION *X509_get_ext(const X509 *x, int loc); +X509_EXTENSION *X509_delete_ext(X509 *x, int loc); +int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); +int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, + unsigned long flags); + +int X509_CRL_get_ext_count(const X509_CRL *x); +int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); +int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, + int lastpos); +int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); +X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); +X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); +int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); +void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx); +int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, + unsigned long flags); + +int X509_REVOKED_get_ext_count(const X509_REVOKED *x); +int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); +int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, + int lastpos); +int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, + int lastpos); +X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); +X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); +int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); +void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, + int *idx); +int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, + unsigned long flags); + +X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, + int nid, int crit, + ASN1_OCTET_STRING *data); +X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, + const ASN1_OBJECT *obj, int crit, + ASN1_OCTET_STRING *data); +int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); +int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); +int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); +ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); +ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); +int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); + +int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); +int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, + int lastpos); +int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, + const ASN1_OBJECT *obj, int lastpos); +X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); +X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) + **x, const ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) + **x, int nid, int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) + **x, const char *attrname, + int type, + const unsigned char *bytes, + int len); +void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x, + const ASN1_OBJECT *obj, int lastpos, int type); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, + int atrtype, const void *data, + int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, + const ASN1_OBJECT *obj, + int atrtype, const void *data, + int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, + const char *atrname, int type, + const unsigned char *bytes, + int len); +int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); +int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, + const void *data, int len); +void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, + void *data); +int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr); +ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); +ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); + +int EVP_PKEY_get_attr_count(const EVP_PKEY *key); +int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos); +int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); +X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); +int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); +int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, + int nid, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, + const char *attrname, int type, + const unsigned char *bytes, int len); + +/* lookup a cert from a X509 STACK */ +X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, const X509_NAME *name, + const ASN1_INTEGER *serial); +X509 *X509_find_by_subject(STACK_OF(X509) *sk, const X509_NAME *name); + +DECLARE_ASN1_FUNCTIONS(PBEPARAM) +DECLARE_ASN1_FUNCTIONS(PBE2PARAM) +DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) +DECLARE_ASN1_FUNCTIONS(PBMAC1PARAM) +# ifndef OPENSSL_NO_SCRYPT +DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS) +# endif + +int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, + const unsigned char *salt, int saltlen); +int PKCS5_pbe_set0_algor_ex(X509_ALGOR *algor, int alg, int iter, + const unsigned char *salt, int saltlen, + OSSL_LIB_CTX *libctx); + +X509_ALGOR *PKCS5_pbe_set(int alg, int iter, + const unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe_set_ex(int alg, int iter, + const unsigned char *salt, int saltlen, + OSSL_LIB_CTX *libctx); + +X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid); +X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid, + OSSL_LIB_CTX *libctx); + +#ifndef OPENSSL_NO_SCRYPT +X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, + const unsigned char *salt, int saltlen, + unsigned char *aiv, uint64_t N, uint64_t r, + uint64_t p); +#endif + +X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, + int prf_nid, int keylen); +X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen, + int prf_nid, int keylen, + OSSL_LIB_CTX *libctx); + +PBKDF2PARAM *PBMAC1_get1_pbkdf2_param(const X509_ALGOR *macalg); +/* PKCS#8 utilities */ + +DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) + +EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8); +EVP_PKEY *EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO *p8, OSSL_LIB_CTX *libctx, + const char *propq); +PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey); + +int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, + int version, int ptype, void *pval, + unsigned char *penc, int penclen); +int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8); + +const STACK_OF(X509_ATTRIBUTE) * +PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8); +int PKCS8_pkey_add1_attr(PKCS8_PRIV_KEY_INFO *p8, X509_ATTRIBUTE *attr); +int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, + const unsigned char *bytes, int len); +int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj, + int type, const unsigned char *bytes, int len); + + +void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub, + unsigned char *penc, int penclen); +int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, + int ptype, void *pval, + unsigned char *penc, int penclen); +int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, const X509_PUBKEY *pub); +int X509_PUBKEY_eq(const X509_PUBKEY *a, const X509_PUBKEY *b); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/x509_acert.h b/contrib/openssl-cmake/common/include/openssl/x509_acert.h new file mode 100644 index 000000000000..9dde625677f9 --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/x509_acert.h @@ -0,0 +1,294 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/x509_acert.h.in + * + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + + +#ifndef OPENSSL_X509_ACERT_H +# define OPENSSL_X509_ACERT_H +# pragma once + +# include +# include +# include + +typedef struct X509_acert_st X509_ACERT; +typedef struct X509_acert_info_st X509_ACERT_INFO; +typedef struct ossl_object_digest_info_st OSSL_OBJECT_DIGEST_INFO; +typedef struct ossl_issuer_serial_st OSSL_ISSUER_SERIAL; +typedef struct X509_acert_issuer_v2form_st X509_ACERT_ISSUER_V2FORM; + +DECLARE_ASN1_FUNCTIONS(X509_ACERT) +DECLARE_ASN1_DUP_FUNCTION(X509_ACERT) +DECLARE_ASN1_ITEM(X509_ACERT_INFO) +DECLARE_ASN1_ALLOC_FUNCTIONS(X509_ACERT_INFO) +DECLARE_ASN1_ALLOC_FUNCTIONS(OSSL_OBJECT_DIGEST_INFO) +DECLARE_ASN1_ALLOC_FUNCTIONS(OSSL_ISSUER_SERIAL) +DECLARE_ASN1_ALLOC_FUNCTIONS(X509_ACERT_ISSUER_V2FORM) + +# ifndef OPENSSL_NO_STDIO +X509_ACERT *d2i_X509_ACERT_fp(FILE *fp, X509_ACERT **acert); +int i2d_X509_ACERT_fp(FILE *fp, const X509_ACERT *acert); +# endif + +DECLARE_PEM_rw(X509_ACERT, X509_ACERT) + +X509_ACERT *d2i_X509_ACERT_bio(BIO *bp, X509_ACERT **acert); +int i2d_X509_ACERT_bio(BIO *bp, const X509_ACERT *acert); + +int X509_ACERT_sign(X509_ACERT *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_ACERT_sign_ctx(X509_ACERT *x, EVP_MD_CTX *ctx); +int X509_ACERT_verify(X509_ACERT *a, EVP_PKEY *r); + +# define X509_ACERT_VERSION_2 1 + +const GENERAL_NAMES *X509_ACERT_get0_holder_entityName(const X509_ACERT *x); +const OSSL_ISSUER_SERIAL *X509_ACERT_get0_holder_baseCertId(const X509_ACERT *x); +const OSSL_OBJECT_DIGEST_INFO * X509_ACERT_get0_holder_digest(const X509_ACERT *x); +const X509_NAME *X509_ACERT_get0_issuerName(const X509_ACERT *x); +long X509_ACERT_get_version(const X509_ACERT *x); +void X509_ACERT_get0_signature(const X509_ACERT *x, + const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); +int X509_ACERT_get_signature_nid(const X509_ACERT *x); +const X509_ALGOR *X509_ACERT_get0_info_sigalg(const X509_ACERT *x); +const ASN1_INTEGER *X509_ACERT_get0_serialNumber(const X509_ACERT *x); +const ASN1_TIME *X509_ACERT_get0_notBefore(const X509_ACERT *x); +const ASN1_TIME *X509_ACERT_get0_notAfter(const X509_ACERT *x); +const ASN1_BIT_STRING *X509_ACERT_get0_issuerUID(const X509_ACERT *x); + +int X509_ACERT_print(BIO *bp, X509_ACERT *x); +int X509_ACERT_print_ex(BIO *bp, X509_ACERT *x, unsigned long nmflags, + unsigned long cflag); + +int X509_ACERT_get_attr_count(const X509_ACERT *x); +int X509_ACERT_get_attr_by_NID(const X509_ACERT *x, int nid, int lastpos); +int X509_ACERT_get_attr_by_OBJ(const X509_ACERT *x, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *X509_ACERT_get_attr(const X509_ACERT *x, int loc); +X509_ATTRIBUTE *X509_ACERT_delete_attr(X509_ACERT *x, int loc); + +void *X509_ACERT_get_ext_d2i(const X509_ACERT *x, int nid, int *crit, int *idx); +int X509_ACERT_add1_ext_i2d(X509_ACERT *x, int nid, void *value, int crit, + unsigned long flags); +const STACK_OF(X509_EXTENSION) *X509_ACERT_get0_extensions(const X509_ACERT *x); + +# define OSSL_OBJECT_DIGEST_INFO_PUBLIC_KEY 0 +# define OSSL_OBJECT_DIGEST_INFO_PUBLIC_KEY_CERT 1 +# define OSSL_OBJECT_DIGEST_INFO_OTHER 2 /* must not be used in RFC 5755 profile */ +int X509_ACERT_set_version(X509_ACERT *x, long version); +void X509_ACERT_set0_holder_entityName(X509_ACERT *x, GENERAL_NAMES *name); +void X509_ACERT_set0_holder_baseCertId(X509_ACERT *x, OSSL_ISSUER_SERIAL *isss); +void X509_ACERT_set0_holder_digest(X509_ACERT *x, + OSSL_OBJECT_DIGEST_INFO *dinfo); + +int X509_ACERT_add1_attr(X509_ACERT *x, X509_ATTRIBUTE *attr); +int X509_ACERT_add1_attr_by_OBJ(X509_ACERT *x, const ASN1_OBJECT *obj, + int type, const void *bytes, int len); +int X509_ACERT_add1_attr_by_NID(X509_ACERT *x, int nid, int type, + const void *bytes, int len); +int X509_ACERT_add1_attr_by_txt(X509_ACERT *x, const char *attrname, int type, + const unsigned char *bytes, int len); +int X509_ACERT_add_attr_nconf(CONF *conf, const char *section, + X509_ACERT *acert); + +int X509_ACERT_set1_issuerName(X509_ACERT *x, const X509_NAME *name); +int X509_ACERT_set1_serialNumber(X509_ACERT *x, const ASN1_INTEGER *serial); +int X509_ACERT_set1_notBefore(X509_ACERT *x, const ASN1_GENERALIZEDTIME *time); +int X509_ACERT_set1_notAfter(X509_ACERT *x, const ASN1_GENERALIZEDTIME *time); + +void OSSL_OBJECT_DIGEST_INFO_get0_digest(const OSSL_OBJECT_DIGEST_INFO *o, + int *digestedObjectType, + const X509_ALGOR **digestAlgorithm, + const ASN1_BIT_STRING **digest); + +int OSSL_OBJECT_DIGEST_INFO_set1_digest(OSSL_OBJECT_DIGEST_INFO *o, + int digestedObjectType, + X509_ALGOR *digestAlgorithm, + ASN1_BIT_STRING *digest); + +const X509_NAME *OSSL_ISSUER_SERIAL_get0_issuer(const OSSL_ISSUER_SERIAL *isss); +const ASN1_INTEGER *OSSL_ISSUER_SERIAL_get0_serial(const OSSL_ISSUER_SERIAL *isss); +const ASN1_BIT_STRING *OSSL_ISSUER_SERIAL_get0_issuerUID(const OSSL_ISSUER_SERIAL *isss); + +int OSSL_ISSUER_SERIAL_set1_issuer(OSSL_ISSUER_SERIAL *isss, + const X509_NAME *issuer); +int OSSL_ISSUER_SERIAL_set1_serial(OSSL_ISSUER_SERIAL *isss, + const ASN1_INTEGER *serial); +int OSSL_ISSUER_SERIAL_set1_issuerUID(OSSL_ISSUER_SERIAL *isss, + const ASN1_BIT_STRING *uid); + +# define OSSL_IETFAS_OCTETS 0 +# define OSSL_IETFAS_OID 1 +# define OSSL_IETFAS_STRING 2 + +typedef struct OSSL_IETF_ATTR_SYNTAX_VALUE_st OSSL_IETF_ATTR_SYNTAX_VALUE; +typedef struct OSSL_IETF_ATTR_SYNTAX_st OSSL_IETF_ATTR_SYNTAX; +SKM_DEFINE_STACK_OF_INTERNAL(OSSL_IETF_ATTR_SYNTAX_VALUE, OSSL_IETF_ATTR_SYNTAX_VALUE, OSSL_IETF_ATTR_SYNTAX_VALUE) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk)) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_value(sk, idx) ((OSSL_IETF_ATTR_SYNTAX_VALUE *)OPENSSL_sk_value(ossl_check_const_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), (idx))) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_new(cmp) ((STACK_OF(OSSL_IETF_ATTR_SYNTAX_VALUE) *)OPENSSL_sk_new(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_compfunc_type(cmp))) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_new_null() ((STACK_OF(OSSL_IETF_ATTR_SYNTAX_VALUE) *)OPENSSL_sk_new_null()) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_new_reserve(cmp, n) ((STACK_OF(OSSL_IETF_ATTR_SYNTAX_VALUE) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_compfunc_type(cmp), (n))) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), (n)) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_free(sk) OPENSSL_sk_free(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk)) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk)) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_delete(sk, i) ((OSSL_IETF_ATTR_SYNTAX_VALUE *)OPENSSL_sk_delete(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), (i))) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_delete_ptr(sk, ptr) ((OSSL_IETF_ATTR_SYNTAX_VALUE *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_type(ptr))) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_type(ptr)) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_type(ptr)) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_pop(sk) ((OSSL_IETF_ATTR_SYNTAX_VALUE *)OPENSSL_sk_pop(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk))) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_shift(sk) ((OSSL_IETF_ATTR_SYNTAX_VALUE *)OPENSSL_sk_shift(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk))) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk),ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_freefunc_type(freefunc)) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_type(ptr), (idx)) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_set(sk, idx, ptr) ((OSSL_IETF_ATTR_SYNTAX_VALUE *)OPENSSL_sk_set(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), (idx), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_type(ptr))) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_type(ptr)) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_type(ptr)) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_type(ptr), pnum) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk)) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk)) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_dup(sk) ((STACK_OF(OSSL_IETF_ATTR_SYNTAX_VALUE) *)OPENSSL_sk_dup(ossl_check_const_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk))) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_IETF_ATTR_SYNTAX_VALUE) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_copyfunc_type(copyfunc), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_freefunc_type(freefunc))) +#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_set_cmp_func(sk, cmp) ((sk_OSSL_IETF_ATTR_SYNTAX_VALUE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_compfunc_type(cmp))) + + +DECLARE_ASN1_ITEM(OSSL_IETF_ATTR_SYNTAX_VALUE) +DECLARE_ASN1_ALLOC_FUNCTIONS(OSSL_IETF_ATTR_SYNTAX_VALUE) +DECLARE_ASN1_FUNCTIONS(OSSL_IETF_ATTR_SYNTAX) + +const GENERAL_NAMES * +OSSL_IETF_ATTR_SYNTAX_get0_policyAuthority(const OSSL_IETF_ATTR_SYNTAX *a); +void OSSL_IETF_ATTR_SYNTAX_set0_policyAuthority(OSSL_IETF_ATTR_SYNTAX *a, + GENERAL_NAMES *names); + +int OSSL_IETF_ATTR_SYNTAX_get_value_num(const OSSL_IETF_ATTR_SYNTAX *a); +void *OSSL_IETF_ATTR_SYNTAX_get0_value(const OSSL_IETF_ATTR_SYNTAX *a, + int ind, int *type); +int OSSL_IETF_ATTR_SYNTAX_add1_value(OSSL_IETF_ATTR_SYNTAX *a, int type, + void *data); +int OSSL_IETF_ATTR_SYNTAX_print(BIO *bp, OSSL_IETF_ATTR_SYNTAX *a, int indent); + +struct TARGET_CERT_st { + OSSL_ISSUER_SERIAL *targetCertificate; + GENERAL_NAME *targetName; + OSSL_OBJECT_DIGEST_INFO *certDigestInfo; +}; + +typedef struct TARGET_CERT_st OSSL_TARGET_CERT; + +# define OSSL_TGT_TARGET_NAME 0 +# define OSSL_TGT_TARGET_GROUP 1 +# define OSSL_TGT_TARGET_CERT 2 + +typedef struct TARGET_st { + int type; + union { + GENERAL_NAME *targetName; + GENERAL_NAME *targetGroup; + OSSL_TARGET_CERT *targetCert; + } choice; +} OSSL_TARGET; + +typedef STACK_OF(OSSL_TARGET) OSSL_TARGETS; +typedef STACK_OF(OSSL_TARGETS) OSSL_TARGETING_INFORMATION; + +SKM_DEFINE_STACK_OF_INTERNAL(OSSL_TARGET, OSSL_TARGET, OSSL_TARGET) +#define sk_OSSL_TARGET_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_TARGET_sk_type(sk)) +#define sk_OSSL_TARGET_value(sk, idx) ((OSSL_TARGET *)OPENSSL_sk_value(ossl_check_const_OSSL_TARGET_sk_type(sk), (idx))) +#define sk_OSSL_TARGET_new(cmp) ((STACK_OF(OSSL_TARGET) *)OPENSSL_sk_new(ossl_check_OSSL_TARGET_compfunc_type(cmp))) +#define sk_OSSL_TARGET_new_null() ((STACK_OF(OSSL_TARGET) *)OPENSSL_sk_new_null()) +#define sk_OSSL_TARGET_new_reserve(cmp, n) ((STACK_OF(OSSL_TARGET) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_TARGET_compfunc_type(cmp), (n))) +#define sk_OSSL_TARGET_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_TARGET_sk_type(sk), (n)) +#define sk_OSSL_TARGET_free(sk) OPENSSL_sk_free(ossl_check_OSSL_TARGET_sk_type(sk)) +#define sk_OSSL_TARGET_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_TARGET_sk_type(sk)) +#define sk_OSSL_TARGET_delete(sk, i) ((OSSL_TARGET *)OPENSSL_sk_delete(ossl_check_OSSL_TARGET_sk_type(sk), (i))) +#define sk_OSSL_TARGET_delete_ptr(sk, ptr) ((OSSL_TARGET *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_TARGET_sk_type(sk), ossl_check_OSSL_TARGET_type(ptr))) +#define sk_OSSL_TARGET_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_TARGET_sk_type(sk), ossl_check_OSSL_TARGET_type(ptr)) +#define sk_OSSL_TARGET_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_TARGET_sk_type(sk), ossl_check_OSSL_TARGET_type(ptr)) +#define sk_OSSL_TARGET_pop(sk) ((OSSL_TARGET *)OPENSSL_sk_pop(ossl_check_OSSL_TARGET_sk_type(sk))) +#define sk_OSSL_TARGET_shift(sk) ((OSSL_TARGET *)OPENSSL_sk_shift(ossl_check_OSSL_TARGET_sk_type(sk))) +#define sk_OSSL_TARGET_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_TARGET_sk_type(sk),ossl_check_OSSL_TARGET_freefunc_type(freefunc)) +#define sk_OSSL_TARGET_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_TARGET_sk_type(sk), ossl_check_OSSL_TARGET_type(ptr), (idx)) +#define sk_OSSL_TARGET_set(sk, idx, ptr) ((OSSL_TARGET *)OPENSSL_sk_set(ossl_check_OSSL_TARGET_sk_type(sk), (idx), ossl_check_OSSL_TARGET_type(ptr))) +#define sk_OSSL_TARGET_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_TARGET_sk_type(sk), ossl_check_OSSL_TARGET_type(ptr)) +#define sk_OSSL_TARGET_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_TARGET_sk_type(sk), ossl_check_OSSL_TARGET_type(ptr)) +#define sk_OSSL_TARGET_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_TARGET_sk_type(sk), ossl_check_OSSL_TARGET_type(ptr), pnum) +#define sk_OSSL_TARGET_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_TARGET_sk_type(sk)) +#define sk_OSSL_TARGET_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_TARGET_sk_type(sk)) +#define sk_OSSL_TARGET_dup(sk) ((STACK_OF(OSSL_TARGET) *)OPENSSL_sk_dup(ossl_check_const_OSSL_TARGET_sk_type(sk))) +#define sk_OSSL_TARGET_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_TARGET) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_TARGET_sk_type(sk), ossl_check_OSSL_TARGET_copyfunc_type(copyfunc), ossl_check_OSSL_TARGET_freefunc_type(freefunc))) +#define sk_OSSL_TARGET_set_cmp_func(sk, cmp) ((sk_OSSL_TARGET_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_TARGET_sk_type(sk), ossl_check_OSSL_TARGET_compfunc_type(cmp))) + + +SKM_DEFINE_STACK_OF_INTERNAL(OSSL_TARGETS, OSSL_TARGETS, OSSL_TARGETS) +#define sk_OSSL_TARGETS_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_TARGETS_sk_type(sk)) +#define sk_OSSL_TARGETS_value(sk, idx) ((OSSL_TARGETS *)OPENSSL_sk_value(ossl_check_const_OSSL_TARGETS_sk_type(sk), (idx))) +#define sk_OSSL_TARGETS_new(cmp) ((STACK_OF(OSSL_TARGETS) *)OPENSSL_sk_new(ossl_check_OSSL_TARGETS_compfunc_type(cmp))) +#define sk_OSSL_TARGETS_new_null() ((STACK_OF(OSSL_TARGETS) *)OPENSSL_sk_new_null()) +#define sk_OSSL_TARGETS_new_reserve(cmp, n) ((STACK_OF(OSSL_TARGETS) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_TARGETS_compfunc_type(cmp), (n))) +#define sk_OSSL_TARGETS_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_TARGETS_sk_type(sk), (n)) +#define sk_OSSL_TARGETS_free(sk) OPENSSL_sk_free(ossl_check_OSSL_TARGETS_sk_type(sk)) +#define sk_OSSL_TARGETS_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_TARGETS_sk_type(sk)) +#define sk_OSSL_TARGETS_delete(sk, i) ((OSSL_TARGETS *)OPENSSL_sk_delete(ossl_check_OSSL_TARGETS_sk_type(sk), (i))) +#define sk_OSSL_TARGETS_delete_ptr(sk, ptr) ((OSSL_TARGETS *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_TARGETS_sk_type(sk), ossl_check_OSSL_TARGETS_type(ptr))) +#define sk_OSSL_TARGETS_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_TARGETS_sk_type(sk), ossl_check_OSSL_TARGETS_type(ptr)) +#define sk_OSSL_TARGETS_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_TARGETS_sk_type(sk), ossl_check_OSSL_TARGETS_type(ptr)) +#define sk_OSSL_TARGETS_pop(sk) ((OSSL_TARGETS *)OPENSSL_sk_pop(ossl_check_OSSL_TARGETS_sk_type(sk))) +#define sk_OSSL_TARGETS_shift(sk) ((OSSL_TARGETS *)OPENSSL_sk_shift(ossl_check_OSSL_TARGETS_sk_type(sk))) +#define sk_OSSL_TARGETS_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_TARGETS_sk_type(sk),ossl_check_OSSL_TARGETS_freefunc_type(freefunc)) +#define sk_OSSL_TARGETS_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_TARGETS_sk_type(sk), ossl_check_OSSL_TARGETS_type(ptr), (idx)) +#define sk_OSSL_TARGETS_set(sk, idx, ptr) ((OSSL_TARGETS *)OPENSSL_sk_set(ossl_check_OSSL_TARGETS_sk_type(sk), (idx), ossl_check_OSSL_TARGETS_type(ptr))) +#define sk_OSSL_TARGETS_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_TARGETS_sk_type(sk), ossl_check_OSSL_TARGETS_type(ptr)) +#define sk_OSSL_TARGETS_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_TARGETS_sk_type(sk), ossl_check_OSSL_TARGETS_type(ptr)) +#define sk_OSSL_TARGETS_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_TARGETS_sk_type(sk), ossl_check_OSSL_TARGETS_type(ptr), pnum) +#define sk_OSSL_TARGETS_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_TARGETS_sk_type(sk)) +#define sk_OSSL_TARGETS_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_TARGETS_sk_type(sk)) +#define sk_OSSL_TARGETS_dup(sk) ((STACK_OF(OSSL_TARGETS) *)OPENSSL_sk_dup(ossl_check_const_OSSL_TARGETS_sk_type(sk))) +#define sk_OSSL_TARGETS_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_TARGETS) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_TARGETS_sk_type(sk), ossl_check_OSSL_TARGETS_copyfunc_type(copyfunc), ossl_check_OSSL_TARGETS_freefunc_type(freefunc))) +#define sk_OSSL_TARGETS_set_cmp_func(sk, cmp) ((sk_OSSL_TARGETS_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_TARGETS_sk_type(sk), ossl_check_OSSL_TARGETS_compfunc_type(cmp))) + + +DECLARE_ASN1_FUNCTIONS(OSSL_TARGET) +DECLARE_ASN1_FUNCTIONS(OSSL_TARGETS) +DECLARE_ASN1_FUNCTIONS(OSSL_TARGETING_INFORMATION) + +typedef STACK_OF(OSSL_ISSUER_SERIAL) OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX; +DECLARE_ASN1_FUNCTIONS(OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX) + +SKM_DEFINE_STACK_OF_INTERNAL(OSSL_ISSUER_SERIAL, OSSL_ISSUER_SERIAL, OSSL_ISSUER_SERIAL) +#define sk_OSSL_ISSUER_SERIAL_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_ISSUER_SERIAL_sk_type(sk)) +#define sk_OSSL_ISSUER_SERIAL_value(sk, idx) ((OSSL_ISSUER_SERIAL *)OPENSSL_sk_value(ossl_check_const_OSSL_ISSUER_SERIAL_sk_type(sk), (idx))) +#define sk_OSSL_ISSUER_SERIAL_new(cmp) ((STACK_OF(OSSL_ISSUER_SERIAL) *)OPENSSL_sk_new(ossl_check_OSSL_ISSUER_SERIAL_compfunc_type(cmp))) +#define sk_OSSL_ISSUER_SERIAL_new_null() ((STACK_OF(OSSL_ISSUER_SERIAL) *)OPENSSL_sk_new_null()) +#define sk_OSSL_ISSUER_SERIAL_new_reserve(cmp, n) ((STACK_OF(OSSL_ISSUER_SERIAL) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_ISSUER_SERIAL_compfunc_type(cmp), (n))) +#define sk_OSSL_ISSUER_SERIAL_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_ISSUER_SERIAL_sk_type(sk), (n)) +#define sk_OSSL_ISSUER_SERIAL_free(sk) OPENSSL_sk_free(ossl_check_OSSL_ISSUER_SERIAL_sk_type(sk)) +#define sk_OSSL_ISSUER_SERIAL_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_ISSUER_SERIAL_sk_type(sk)) +#define sk_OSSL_ISSUER_SERIAL_delete(sk, i) ((OSSL_ISSUER_SERIAL *)OPENSSL_sk_delete(ossl_check_OSSL_ISSUER_SERIAL_sk_type(sk), (i))) +#define sk_OSSL_ISSUER_SERIAL_delete_ptr(sk, ptr) ((OSSL_ISSUER_SERIAL *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_ISSUER_SERIAL_sk_type(sk), ossl_check_OSSL_ISSUER_SERIAL_type(ptr))) +#define sk_OSSL_ISSUER_SERIAL_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_ISSUER_SERIAL_sk_type(sk), ossl_check_OSSL_ISSUER_SERIAL_type(ptr)) +#define sk_OSSL_ISSUER_SERIAL_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_ISSUER_SERIAL_sk_type(sk), ossl_check_OSSL_ISSUER_SERIAL_type(ptr)) +#define sk_OSSL_ISSUER_SERIAL_pop(sk) ((OSSL_ISSUER_SERIAL *)OPENSSL_sk_pop(ossl_check_OSSL_ISSUER_SERIAL_sk_type(sk))) +#define sk_OSSL_ISSUER_SERIAL_shift(sk) ((OSSL_ISSUER_SERIAL *)OPENSSL_sk_shift(ossl_check_OSSL_ISSUER_SERIAL_sk_type(sk))) +#define sk_OSSL_ISSUER_SERIAL_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_ISSUER_SERIAL_sk_type(sk),ossl_check_OSSL_ISSUER_SERIAL_freefunc_type(freefunc)) +#define sk_OSSL_ISSUER_SERIAL_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_ISSUER_SERIAL_sk_type(sk), ossl_check_OSSL_ISSUER_SERIAL_type(ptr), (idx)) +#define sk_OSSL_ISSUER_SERIAL_set(sk, idx, ptr) ((OSSL_ISSUER_SERIAL *)OPENSSL_sk_set(ossl_check_OSSL_ISSUER_SERIAL_sk_type(sk), (idx), ossl_check_OSSL_ISSUER_SERIAL_type(ptr))) +#define sk_OSSL_ISSUER_SERIAL_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_ISSUER_SERIAL_sk_type(sk), ossl_check_OSSL_ISSUER_SERIAL_type(ptr)) +#define sk_OSSL_ISSUER_SERIAL_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_ISSUER_SERIAL_sk_type(sk), ossl_check_OSSL_ISSUER_SERIAL_type(ptr)) +#define sk_OSSL_ISSUER_SERIAL_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_ISSUER_SERIAL_sk_type(sk), ossl_check_OSSL_ISSUER_SERIAL_type(ptr), pnum) +#define sk_OSSL_ISSUER_SERIAL_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_ISSUER_SERIAL_sk_type(sk)) +#define sk_OSSL_ISSUER_SERIAL_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_ISSUER_SERIAL_sk_type(sk)) +#define sk_OSSL_ISSUER_SERIAL_dup(sk) ((STACK_OF(OSSL_ISSUER_SERIAL) *)OPENSSL_sk_dup(ossl_check_const_OSSL_ISSUER_SERIAL_sk_type(sk))) +#define sk_OSSL_ISSUER_SERIAL_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_ISSUER_SERIAL) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_ISSUER_SERIAL_sk_type(sk), ossl_check_OSSL_ISSUER_SERIAL_copyfunc_type(copyfunc), ossl_check_OSSL_ISSUER_SERIAL_freefunc_type(freefunc))) +#define sk_OSSL_ISSUER_SERIAL_set_cmp_func(sk, cmp) ((sk_OSSL_ISSUER_SERIAL_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_ISSUER_SERIAL_sk_type(sk), ossl_check_OSSL_ISSUER_SERIAL_compfunc_type(cmp))) + + +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/x509_vfy.h b/contrib/openssl-cmake/common/include/openssl/x509_vfy.h new file mode 100644 index 000000000000..c9bdc3b39d68 --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/x509_vfy.h @@ -0,0 +1,903 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/x509_vfy.h.in + * + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + + +#ifndef OPENSSL_X509_VFY_H +# define OPENSSL_X509_VFY_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_X509_VFY_H +# endif + +/* + * Protect against recursion, x509.h and x509_vfy.h each include the other. + */ +# ifndef OPENSSL_X509_H +# include +# endif + +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/*- +SSL_CTX -> X509_STORE + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + +SSL -> X509_STORE_CTX + ->X509_STORE + +The X509_STORE holds the tables etc for verification stuff. +A X509_STORE_CTX is used while validating a single certificate. +The X509_STORE has X509_LOOKUPs for looking up certs. +The X509_STORE then calls a function to actually verify the +certificate chain. +*/ + +typedef enum { + X509_LU_NONE = 0, + X509_LU_X509, X509_LU_CRL +} X509_LOOKUP_TYPE; + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define X509_LU_RETRY -1 +#define X509_LU_FAIL 0 +#endif + +SKM_DEFINE_STACK_OF_INTERNAL(X509_LOOKUP, X509_LOOKUP, X509_LOOKUP) +#define sk_X509_LOOKUP_num(sk) OPENSSL_sk_num(ossl_check_const_X509_LOOKUP_sk_type(sk)) +#define sk_X509_LOOKUP_value(sk, idx) ((X509_LOOKUP *)OPENSSL_sk_value(ossl_check_const_X509_LOOKUP_sk_type(sk), (idx))) +#define sk_X509_LOOKUP_new(cmp) ((STACK_OF(X509_LOOKUP) *)OPENSSL_sk_new(ossl_check_X509_LOOKUP_compfunc_type(cmp))) +#define sk_X509_LOOKUP_new_null() ((STACK_OF(X509_LOOKUP) *)OPENSSL_sk_new_null()) +#define sk_X509_LOOKUP_new_reserve(cmp, n) ((STACK_OF(X509_LOOKUP) *)OPENSSL_sk_new_reserve(ossl_check_X509_LOOKUP_compfunc_type(cmp), (n))) +#define sk_X509_LOOKUP_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_X509_LOOKUP_sk_type(sk), (n)) +#define sk_X509_LOOKUP_free(sk) OPENSSL_sk_free(ossl_check_X509_LOOKUP_sk_type(sk)) +#define sk_X509_LOOKUP_zero(sk) OPENSSL_sk_zero(ossl_check_X509_LOOKUP_sk_type(sk)) +#define sk_X509_LOOKUP_delete(sk, i) ((X509_LOOKUP *)OPENSSL_sk_delete(ossl_check_X509_LOOKUP_sk_type(sk), (i))) +#define sk_X509_LOOKUP_delete_ptr(sk, ptr) ((X509_LOOKUP *)OPENSSL_sk_delete_ptr(ossl_check_X509_LOOKUP_sk_type(sk), ossl_check_X509_LOOKUP_type(ptr))) +#define sk_X509_LOOKUP_push(sk, ptr) OPENSSL_sk_push(ossl_check_X509_LOOKUP_sk_type(sk), ossl_check_X509_LOOKUP_type(ptr)) +#define sk_X509_LOOKUP_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_X509_LOOKUP_sk_type(sk), ossl_check_X509_LOOKUP_type(ptr)) +#define sk_X509_LOOKUP_pop(sk) ((X509_LOOKUP *)OPENSSL_sk_pop(ossl_check_X509_LOOKUP_sk_type(sk))) +#define sk_X509_LOOKUP_shift(sk) ((X509_LOOKUP *)OPENSSL_sk_shift(ossl_check_X509_LOOKUP_sk_type(sk))) +#define sk_X509_LOOKUP_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_X509_LOOKUP_sk_type(sk),ossl_check_X509_LOOKUP_freefunc_type(freefunc)) +#define sk_X509_LOOKUP_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_X509_LOOKUP_sk_type(sk), ossl_check_X509_LOOKUP_type(ptr), (idx)) +#define sk_X509_LOOKUP_set(sk, idx, ptr) ((X509_LOOKUP *)OPENSSL_sk_set(ossl_check_X509_LOOKUP_sk_type(sk), (idx), ossl_check_X509_LOOKUP_type(ptr))) +#define sk_X509_LOOKUP_find(sk, ptr) OPENSSL_sk_find(ossl_check_X509_LOOKUP_sk_type(sk), ossl_check_X509_LOOKUP_type(ptr)) +#define sk_X509_LOOKUP_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_X509_LOOKUP_sk_type(sk), ossl_check_X509_LOOKUP_type(ptr)) +#define sk_X509_LOOKUP_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_X509_LOOKUP_sk_type(sk), ossl_check_X509_LOOKUP_type(ptr), pnum) +#define sk_X509_LOOKUP_sort(sk) OPENSSL_sk_sort(ossl_check_X509_LOOKUP_sk_type(sk)) +#define sk_X509_LOOKUP_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_X509_LOOKUP_sk_type(sk)) +#define sk_X509_LOOKUP_dup(sk) ((STACK_OF(X509_LOOKUP) *)OPENSSL_sk_dup(ossl_check_const_X509_LOOKUP_sk_type(sk))) +#define sk_X509_LOOKUP_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_LOOKUP) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_LOOKUP_sk_type(sk), ossl_check_X509_LOOKUP_copyfunc_type(copyfunc), ossl_check_X509_LOOKUP_freefunc_type(freefunc))) +#define sk_X509_LOOKUP_set_cmp_func(sk, cmp) ((sk_X509_LOOKUP_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_LOOKUP_sk_type(sk), ossl_check_X509_LOOKUP_compfunc_type(cmp))) +SKM_DEFINE_STACK_OF_INTERNAL(X509_OBJECT, X509_OBJECT, X509_OBJECT) +#define sk_X509_OBJECT_num(sk) OPENSSL_sk_num(ossl_check_const_X509_OBJECT_sk_type(sk)) +#define sk_X509_OBJECT_value(sk, idx) ((X509_OBJECT *)OPENSSL_sk_value(ossl_check_const_X509_OBJECT_sk_type(sk), (idx))) +#define sk_X509_OBJECT_new(cmp) ((STACK_OF(X509_OBJECT) *)OPENSSL_sk_new(ossl_check_X509_OBJECT_compfunc_type(cmp))) +#define sk_X509_OBJECT_new_null() ((STACK_OF(X509_OBJECT) *)OPENSSL_sk_new_null()) +#define sk_X509_OBJECT_new_reserve(cmp, n) ((STACK_OF(X509_OBJECT) *)OPENSSL_sk_new_reserve(ossl_check_X509_OBJECT_compfunc_type(cmp), (n))) +#define sk_X509_OBJECT_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_X509_OBJECT_sk_type(sk), (n)) +#define sk_X509_OBJECT_free(sk) OPENSSL_sk_free(ossl_check_X509_OBJECT_sk_type(sk)) +#define sk_X509_OBJECT_zero(sk) OPENSSL_sk_zero(ossl_check_X509_OBJECT_sk_type(sk)) +#define sk_X509_OBJECT_delete(sk, i) ((X509_OBJECT *)OPENSSL_sk_delete(ossl_check_X509_OBJECT_sk_type(sk), (i))) +#define sk_X509_OBJECT_delete_ptr(sk, ptr) ((X509_OBJECT *)OPENSSL_sk_delete_ptr(ossl_check_X509_OBJECT_sk_type(sk), ossl_check_X509_OBJECT_type(ptr))) +#define sk_X509_OBJECT_push(sk, ptr) OPENSSL_sk_push(ossl_check_X509_OBJECT_sk_type(sk), ossl_check_X509_OBJECT_type(ptr)) +#define sk_X509_OBJECT_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_X509_OBJECT_sk_type(sk), ossl_check_X509_OBJECT_type(ptr)) +#define sk_X509_OBJECT_pop(sk) ((X509_OBJECT *)OPENSSL_sk_pop(ossl_check_X509_OBJECT_sk_type(sk))) +#define sk_X509_OBJECT_shift(sk) ((X509_OBJECT *)OPENSSL_sk_shift(ossl_check_X509_OBJECT_sk_type(sk))) +#define sk_X509_OBJECT_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_X509_OBJECT_sk_type(sk),ossl_check_X509_OBJECT_freefunc_type(freefunc)) +#define sk_X509_OBJECT_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_X509_OBJECT_sk_type(sk), ossl_check_X509_OBJECT_type(ptr), (idx)) +#define sk_X509_OBJECT_set(sk, idx, ptr) ((X509_OBJECT *)OPENSSL_sk_set(ossl_check_X509_OBJECT_sk_type(sk), (idx), ossl_check_X509_OBJECT_type(ptr))) +#define sk_X509_OBJECT_find(sk, ptr) OPENSSL_sk_find(ossl_check_X509_OBJECT_sk_type(sk), ossl_check_X509_OBJECT_type(ptr)) +#define sk_X509_OBJECT_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_X509_OBJECT_sk_type(sk), ossl_check_X509_OBJECT_type(ptr)) +#define sk_X509_OBJECT_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_X509_OBJECT_sk_type(sk), ossl_check_X509_OBJECT_type(ptr), pnum) +#define sk_X509_OBJECT_sort(sk) OPENSSL_sk_sort(ossl_check_X509_OBJECT_sk_type(sk)) +#define sk_X509_OBJECT_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_X509_OBJECT_sk_type(sk)) +#define sk_X509_OBJECT_dup(sk) ((STACK_OF(X509_OBJECT) *)OPENSSL_sk_dup(ossl_check_const_X509_OBJECT_sk_type(sk))) +#define sk_X509_OBJECT_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_OBJECT) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_OBJECT_sk_type(sk), ossl_check_X509_OBJECT_copyfunc_type(copyfunc), ossl_check_X509_OBJECT_freefunc_type(freefunc))) +#define sk_X509_OBJECT_set_cmp_func(sk, cmp) ((sk_X509_OBJECT_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_OBJECT_sk_type(sk), ossl_check_X509_OBJECT_compfunc_type(cmp))) +SKM_DEFINE_STACK_OF_INTERNAL(X509_VERIFY_PARAM, X509_VERIFY_PARAM, X509_VERIFY_PARAM) +#define sk_X509_VERIFY_PARAM_num(sk) OPENSSL_sk_num(ossl_check_const_X509_VERIFY_PARAM_sk_type(sk)) +#define sk_X509_VERIFY_PARAM_value(sk, idx) ((X509_VERIFY_PARAM *)OPENSSL_sk_value(ossl_check_const_X509_VERIFY_PARAM_sk_type(sk), (idx))) +#define sk_X509_VERIFY_PARAM_new(cmp) ((STACK_OF(X509_VERIFY_PARAM) *)OPENSSL_sk_new(ossl_check_X509_VERIFY_PARAM_compfunc_type(cmp))) +#define sk_X509_VERIFY_PARAM_new_null() ((STACK_OF(X509_VERIFY_PARAM) *)OPENSSL_sk_new_null()) +#define sk_X509_VERIFY_PARAM_new_reserve(cmp, n) ((STACK_OF(X509_VERIFY_PARAM) *)OPENSSL_sk_new_reserve(ossl_check_X509_VERIFY_PARAM_compfunc_type(cmp), (n))) +#define sk_X509_VERIFY_PARAM_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_X509_VERIFY_PARAM_sk_type(sk), (n)) +#define sk_X509_VERIFY_PARAM_free(sk) OPENSSL_sk_free(ossl_check_X509_VERIFY_PARAM_sk_type(sk)) +#define sk_X509_VERIFY_PARAM_zero(sk) OPENSSL_sk_zero(ossl_check_X509_VERIFY_PARAM_sk_type(sk)) +#define sk_X509_VERIFY_PARAM_delete(sk, i) ((X509_VERIFY_PARAM *)OPENSSL_sk_delete(ossl_check_X509_VERIFY_PARAM_sk_type(sk), (i))) +#define sk_X509_VERIFY_PARAM_delete_ptr(sk, ptr) ((X509_VERIFY_PARAM *)OPENSSL_sk_delete_ptr(ossl_check_X509_VERIFY_PARAM_sk_type(sk), ossl_check_X509_VERIFY_PARAM_type(ptr))) +#define sk_X509_VERIFY_PARAM_push(sk, ptr) OPENSSL_sk_push(ossl_check_X509_VERIFY_PARAM_sk_type(sk), ossl_check_X509_VERIFY_PARAM_type(ptr)) +#define sk_X509_VERIFY_PARAM_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_X509_VERIFY_PARAM_sk_type(sk), ossl_check_X509_VERIFY_PARAM_type(ptr)) +#define sk_X509_VERIFY_PARAM_pop(sk) ((X509_VERIFY_PARAM *)OPENSSL_sk_pop(ossl_check_X509_VERIFY_PARAM_sk_type(sk))) +#define sk_X509_VERIFY_PARAM_shift(sk) ((X509_VERIFY_PARAM *)OPENSSL_sk_shift(ossl_check_X509_VERIFY_PARAM_sk_type(sk))) +#define sk_X509_VERIFY_PARAM_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_X509_VERIFY_PARAM_sk_type(sk),ossl_check_X509_VERIFY_PARAM_freefunc_type(freefunc)) +#define sk_X509_VERIFY_PARAM_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_X509_VERIFY_PARAM_sk_type(sk), ossl_check_X509_VERIFY_PARAM_type(ptr), (idx)) +#define sk_X509_VERIFY_PARAM_set(sk, idx, ptr) ((X509_VERIFY_PARAM *)OPENSSL_sk_set(ossl_check_X509_VERIFY_PARAM_sk_type(sk), (idx), ossl_check_X509_VERIFY_PARAM_type(ptr))) +#define sk_X509_VERIFY_PARAM_find(sk, ptr) OPENSSL_sk_find(ossl_check_X509_VERIFY_PARAM_sk_type(sk), ossl_check_X509_VERIFY_PARAM_type(ptr)) +#define sk_X509_VERIFY_PARAM_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_X509_VERIFY_PARAM_sk_type(sk), ossl_check_X509_VERIFY_PARAM_type(ptr)) +#define sk_X509_VERIFY_PARAM_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_X509_VERIFY_PARAM_sk_type(sk), ossl_check_X509_VERIFY_PARAM_type(ptr), pnum) +#define sk_X509_VERIFY_PARAM_sort(sk) OPENSSL_sk_sort(ossl_check_X509_VERIFY_PARAM_sk_type(sk)) +#define sk_X509_VERIFY_PARAM_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_X509_VERIFY_PARAM_sk_type(sk)) +#define sk_X509_VERIFY_PARAM_dup(sk) ((STACK_OF(X509_VERIFY_PARAM) *)OPENSSL_sk_dup(ossl_check_const_X509_VERIFY_PARAM_sk_type(sk))) +#define sk_X509_VERIFY_PARAM_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_VERIFY_PARAM) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_VERIFY_PARAM_sk_type(sk), ossl_check_X509_VERIFY_PARAM_copyfunc_type(copyfunc), ossl_check_X509_VERIFY_PARAM_freefunc_type(freefunc))) +#define sk_X509_VERIFY_PARAM_set_cmp_func(sk, cmp) ((sk_X509_VERIFY_PARAM_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_VERIFY_PARAM_sk_type(sk), ossl_check_X509_VERIFY_PARAM_compfunc_type(cmp))) + + +/* This is used for a table of trust checking functions */ +typedef struct x509_trust_st { + int trust; + int flags; + int (*check_trust) (struct x509_trust_st *, X509 *, int); + char *name; + int arg1; + void *arg2; +} X509_TRUST; +SKM_DEFINE_STACK_OF_INTERNAL(X509_TRUST, X509_TRUST, X509_TRUST) +#define sk_X509_TRUST_num(sk) OPENSSL_sk_num(ossl_check_const_X509_TRUST_sk_type(sk)) +#define sk_X509_TRUST_value(sk, idx) ((X509_TRUST *)OPENSSL_sk_value(ossl_check_const_X509_TRUST_sk_type(sk), (idx))) +#define sk_X509_TRUST_new(cmp) ((STACK_OF(X509_TRUST) *)OPENSSL_sk_new(ossl_check_X509_TRUST_compfunc_type(cmp))) +#define sk_X509_TRUST_new_null() ((STACK_OF(X509_TRUST) *)OPENSSL_sk_new_null()) +#define sk_X509_TRUST_new_reserve(cmp, n) ((STACK_OF(X509_TRUST) *)OPENSSL_sk_new_reserve(ossl_check_X509_TRUST_compfunc_type(cmp), (n))) +#define sk_X509_TRUST_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_X509_TRUST_sk_type(sk), (n)) +#define sk_X509_TRUST_free(sk) OPENSSL_sk_free(ossl_check_X509_TRUST_sk_type(sk)) +#define sk_X509_TRUST_zero(sk) OPENSSL_sk_zero(ossl_check_X509_TRUST_sk_type(sk)) +#define sk_X509_TRUST_delete(sk, i) ((X509_TRUST *)OPENSSL_sk_delete(ossl_check_X509_TRUST_sk_type(sk), (i))) +#define sk_X509_TRUST_delete_ptr(sk, ptr) ((X509_TRUST *)OPENSSL_sk_delete_ptr(ossl_check_X509_TRUST_sk_type(sk), ossl_check_X509_TRUST_type(ptr))) +#define sk_X509_TRUST_push(sk, ptr) OPENSSL_sk_push(ossl_check_X509_TRUST_sk_type(sk), ossl_check_X509_TRUST_type(ptr)) +#define sk_X509_TRUST_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_X509_TRUST_sk_type(sk), ossl_check_X509_TRUST_type(ptr)) +#define sk_X509_TRUST_pop(sk) ((X509_TRUST *)OPENSSL_sk_pop(ossl_check_X509_TRUST_sk_type(sk))) +#define sk_X509_TRUST_shift(sk) ((X509_TRUST *)OPENSSL_sk_shift(ossl_check_X509_TRUST_sk_type(sk))) +#define sk_X509_TRUST_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_X509_TRUST_sk_type(sk),ossl_check_X509_TRUST_freefunc_type(freefunc)) +#define sk_X509_TRUST_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_X509_TRUST_sk_type(sk), ossl_check_X509_TRUST_type(ptr), (idx)) +#define sk_X509_TRUST_set(sk, idx, ptr) ((X509_TRUST *)OPENSSL_sk_set(ossl_check_X509_TRUST_sk_type(sk), (idx), ossl_check_X509_TRUST_type(ptr))) +#define sk_X509_TRUST_find(sk, ptr) OPENSSL_sk_find(ossl_check_X509_TRUST_sk_type(sk), ossl_check_X509_TRUST_type(ptr)) +#define sk_X509_TRUST_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_X509_TRUST_sk_type(sk), ossl_check_X509_TRUST_type(ptr)) +#define sk_X509_TRUST_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_X509_TRUST_sk_type(sk), ossl_check_X509_TRUST_type(ptr), pnum) +#define sk_X509_TRUST_sort(sk) OPENSSL_sk_sort(ossl_check_X509_TRUST_sk_type(sk)) +#define sk_X509_TRUST_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_X509_TRUST_sk_type(sk)) +#define sk_X509_TRUST_dup(sk) ((STACK_OF(X509_TRUST) *)OPENSSL_sk_dup(ossl_check_const_X509_TRUST_sk_type(sk))) +#define sk_X509_TRUST_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_TRUST) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_TRUST_sk_type(sk), ossl_check_X509_TRUST_copyfunc_type(copyfunc), ossl_check_X509_TRUST_freefunc_type(freefunc))) +#define sk_X509_TRUST_set_cmp_func(sk, cmp) ((sk_X509_TRUST_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_TRUST_sk_type(sk), ossl_check_X509_TRUST_compfunc_type(cmp))) + + +/* standard trust ids */ +# define X509_TRUST_DEFAULT 0 /* Only valid in purpose settings */ +# define X509_TRUST_COMPAT 1 +# define X509_TRUST_SSL_CLIENT 2 +# define X509_TRUST_SSL_SERVER 3 +# define X509_TRUST_EMAIL 4 +# define X509_TRUST_OBJECT_SIGN 5 +# define X509_TRUST_OCSP_SIGN 6 +# define X509_TRUST_OCSP_REQUEST 7 +# define X509_TRUST_TSA 8 +/* Keep these up to date! */ +# define X509_TRUST_MIN 1 +# define X509_TRUST_MAX 8 + +/* trust_flags values */ +# define X509_TRUST_DYNAMIC (1U << 0) +# define X509_TRUST_DYNAMIC_NAME (1U << 1) +/* No compat trust if self-signed, preempts "DO_SS" */ +# define X509_TRUST_NO_SS_COMPAT (1U << 2) +/* Compat trust if no explicit accepted trust EKUs */ +# define X509_TRUST_DO_SS_COMPAT (1U << 3) +/* Accept "anyEKU" as a wildcard rejection OID and as a wildcard trust OID */ +# define X509_TRUST_OK_ANY_EKU (1U << 4) + +/* check_trust return codes */ +# define X509_TRUST_TRUSTED 1 +# define X509_TRUST_REJECTED 2 +# define X509_TRUST_UNTRUSTED 3 + +int X509_TRUST_set(int *t, int trust); +int X509_TRUST_get_count(void); +X509_TRUST *X509_TRUST_get0(int idx); +int X509_TRUST_get_by_id(int id); +int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), + const char *name, int arg1, void *arg2); +void X509_TRUST_cleanup(void); +int X509_TRUST_get_flags(const X509_TRUST *xp); +char *X509_TRUST_get0_name(const X509_TRUST *xp); +int X509_TRUST_get_trust(const X509_TRUST *xp); + +int X509_trusted(const X509 *x); +int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj); +int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj); +void X509_trust_clear(X509 *x); +void X509_reject_clear(X509 *x); +STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x); +STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x); + +int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, + int); +int X509_check_trust(X509 *x, int id, int flags); + +int X509_verify_cert(X509_STORE_CTX *ctx); +int X509_STORE_CTX_verify(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_build_chain(X509 *target, STACK_OF(X509) *certs, + X509_STORE *store, int with_self_signed, + OSSL_LIB_CTX *libctx, const char *propq); + +int X509_STORE_set_depth(X509_STORE *store, int depth); + +typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); +int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx); +typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); +typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, + X509_STORE_CTX *ctx, X509 *x); +typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, + X509 *x, X509 *issuer); +typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx); +typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, + X509_CRL **crl, X509 *x); +typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); +typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, + X509_CRL *crl, X509 *x); +typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); +typedef STACK_OF(X509) + *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, + const X509_NAME *nm); +typedef STACK_OF(X509_CRL) + *(*X509_STORE_CTX_lookup_crls_fn)(const X509_STORE_CTX *ctx, + const X509_NAME *nm); +typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); + +void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + +# define X509_STORE_CTX_set_app_data(ctx,data) \ + X509_STORE_CTX_set_ex_data(ctx,0,data) +# define X509_STORE_CTX_get_app_data(ctx) \ + X509_STORE_CTX_get_ex_data(ctx,0) + +# define X509_L_FILE_LOAD 1 +# define X509_L_ADD_DIR 2 +# define X509_L_ADD_STORE 3 +# define X509_L_LOAD_STORE 4 + +# define X509_LOOKUP_load_file(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) + +# define X509_LOOKUP_add_dir(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) + +# define X509_LOOKUP_add_store(x,name) \ + X509_LOOKUP_ctrl((x),X509_L_ADD_STORE,(name),0,NULL) + +# define X509_LOOKUP_load_store(x,name) \ + X509_LOOKUP_ctrl((x),X509_L_LOAD_STORE,(name),0,NULL) + +# define X509_LOOKUP_load_file_ex(x, name, type, libctx, propq) \ +X509_LOOKUP_ctrl_ex((x), X509_L_FILE_LOAD, (name), (long)(type), NULL,\ + (libctx), (propq)) + +# define X509_LOOKUP_load_store_ex(x, name, libctx, propq) \ +X509_LOOKUP_ctrl_ex((x), X509_L_LOAD_STORE, (name), 0, NULL, \ + (libctx), (propq)) + +# define X509_LOOKUP_add_store_ex(x, name, libctx, propq) \ +X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL, \ + (libctx), (propq)) + +# define X509_V_OK 0 +# define X509_V_ERR_UNSPECIFIED 1 +# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 +# define X509_V_ERR_UNABLE_TO_GET_CRL 3 +# define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 +# define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 +# define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 +# define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 +# define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 +# define X509_V_ERR_CERT_NOT_YET_VALID 9 +# define X509_V_ERR_CERT_HAS_EXPIRED 10 +# define X509_V_ERR_CRL_NOT_YET_VALID 11 +# define X509_V_ERR_CRL_HAS_EXPIRED 12 +# define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 +# define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 +# define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 +# define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 +# define X509_V_ERR_OUT_OF_MEM 17 +# define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 +# define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 +# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 +# define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 +# define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 +# define X509_V_ERR_CERT_REVOKED 23 +# define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 24 +# define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 +# define X509_V_ERR_INVALID_PURPOSE 26 +# define X509_V_ERR_CERT_UNTRUSTED 27 +# define X509_V_ERR_CERT_REJECTED 28 + +/* These are 'informational' when looking for issuer cert */ +# define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 +# define X509_V_ERR_AKID_SKID_MISMATCH 30 +# define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 +# define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 +# define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 +# define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 +# define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 +# define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +# define X509_V_ERR_INVALID_NON_CA 37 +# define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 +# define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 +# define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 +# define X509_V_ERR_INVALID_EXTENSION 41 +# define X509_V_ERR_INVALID_POLICY_EXTENSION 42 +# define X509_V_ERR_NO_EXPLICIT_POLICY 43 +# define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 +# define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 +# define X509_V_ERR_UNNESTED_RESOURCE 46 +# define X509_V_ERR_PERMITTED_VIOLATION 47 +# define X509_V_ERR_EXCLUDED_VIOLATION 48 +# define X509_V_ERR_SUBTREE_MINMAX 49 +/* The application is not happy */ +# define X509_V_ERR_APPLICATION_VERIFICATION 50 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 +# define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 +# define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 +/* Another issuer check debug option */ +# define X509_V_ERR_PATH_LOOP 55 +/* Suite B mode algorithm violation */ +# define X509_V_ERR_SUITE_B_INVALID_VERSION 56 +# define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 +# define X509_V_ERR_SUITE_B_INVALID_CURVE 58 +# define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 +# define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 +# define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 +/* Host, email and IP check errors */ +# define X509_V_ERR_HOSTNAME_MISMATCH 62 +# define X509_V_ERR_EMAIL_MISMATCH 63 +# define X509_V_ERR_IP_ADDRESS_MISMATCH 64 +/* DANE TLSA errors */ +# define X509_V_ERR_DANE_NO_MATCH 65 +/* security level errors */ +# define X509_V_ERR_EE_KEY_TOO_SMALL 66 +# define X509_V_ERR_CA_KEY_TOO_SMALL 67 +# define X509_V_ERR_CA_MD_TOO_WEAK 68 +/* Caller error */ +# define X509_V_ERR_INVALID_CALL 69 +/* Issuer lookup error */ +# define X509_V_ERR_STORE_LOOKUP 70 +/* Certificate transparency */ +# define X509_V_ERR_NO_VALID_SCTS 71 + +# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 +/* OCSP status errors */ +# define X509_V_ERR_OCSP_VERIFY_NEEDED 73 /* Need OCSP verification */ +# define X509_V_ERR_OCSP_VERIFY_FAILED 74 /* Couldn't verify cert through OCSP */ +# define X509_V_ERR_OCSP_CERT_UNKNOWN 75 /* Certificate wasn't recognized by the OCSP responder */ + +# define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 76 +# define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 77 + +/* Errors in case a check in X509_V_FLAG_X509_STRICT mode fails */ +# define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY 78 +# define X509_V_ERR_INVALID_CA 79 +# define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA 80 +# define X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN 81 +# define X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA 82 +# define X509_V_ERR_ISSUER_NAME_EMPTY 83 +# define X509_V_ERR_SUBJECT_NAME_EMPTY 84 +# define X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER 85 +# define X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER 86 +# define X509_V_ERR_EMPTY_SUBJECT_ALT_NAME 87 +# define X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL 88 +# define X509_V_ERR_CA_BCONS_NOT_CRITICAL 89 +# define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL 90 +# define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL 91 +# define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE 92 +# define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 93 +# define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 94 +# define X509_V_ERR_RPK_UNTRUSTED 95 + +/* Certificate verify flags */ +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */ +# endif +/* Use check time instead of current time */ +# define X509_V_FLAG_USE_CHECK_TIME 0x2 +/* Lookup CRLs */ +# define X509_V_FLAG_CRL_CHECK 0x4 +/* Lookup CRLs for whole chain */ +# define X509_V_FLAG_CRL_CHECK_ALL 0x8 +/* Ignore unhandled critical extensions */ +# define X509_V_FLAG_IGNORE_CRITICAL 0x10 +/* Disable workarounds for broken certificates */ +# define X509_V_FLAG_X509_STRICT 0x20 +/* Enable proxy certificate validation */ +# define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 +/* Enable policy checking */ +# define X509_V_FLAG_POLICY_CHECK 0x80 +/* Policy variable require-explicit-policy */ +# define X509_V_FLAG_EXPLICIT_POLICY 0x100 +/* Policy variable inhibit-any-policy */ +# define X509_V_FLAG_INHIBIT_ANY 0x200 +/* Policy variable inhibit-policy-mapping */ +# define X509_V_FLAG_INHIBIT_MAP 0x400 +/* Notify callback that policy is OK */ +# define X509_V_FLAG_NOTIFY_POLICY 0x800 +/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */ +# define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 +/* Delta CRL support */ +# define X509_V_FLAG_USE_DELTAS 0x2000 +/* Check self-signed CA signature */ +# define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 +/* Use trusted store first */ +# define X509_V_FLAG_TRUSTED_FIRST 0x8000 +/* Suite B 128 bit only mode: not normally used */ +# define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000 +/* Suite B 192 bit only mode */ +# define X509_V_FLAG_SUITEB_192_LOS 0x20000 +/* Suite B 128 bit mode allowing 192 bit algorithms */ +# define X509_V_FLAG_SUITEB_128_LOS 0x30000 +/* Allow partial chains if at least one certificate is in trusted store */ +# define X509_V_FLAG_PARTIAL_CHAIN 0x80000 +/* + * If the initial chain is not trusted, do not attempt to build an alternative + * chain. Alternate chain checking was introduced in 1.1.0. Setting this flag + * will force the behaviour to match that of previous versions. + */ +# define X509_V_FLAG_NO_ALT_CHAINS 0x100000 +/* Do not check certificate/CRL validity against current time */ +# define X509_V_FLAG_NO_CHECK_TIME 0x200000 + +# define X509_VP_FLAG_DEFAULT 0x1 +# define X509_VP_FLAG_OVERWRITE 0x2 +# define X509_VP_FLAG_RESET_FLAGS 0x4 +# define X509_VP_FLAG_LOCKED 0x8 +# define X509_VP_FLAG_ONCE 0x10 + +/* Internal use: mask of policy related options */ +# define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ + | X509_V_FLAG_EXPLICIT_POLICY \ + | X509_V_FLAG_INHIBIT_ANY \ + | X509_V_FLAG_INHIBIT_MAP) + +int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, + const X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, + X509_LOOKUP_TYPE type, + const X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, + X509_OBJECT *x); +int X509_OBJECT_up_ref_count(X509_OBJECT *a); +X509_OBJECT *X509_OBJECT_new(void); +void X509_OBJECT_free(X509_OBJECT *a); +X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); +X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); +int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); +X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a); +int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); +X509_STORE *X509_STORE_new(void); +void X509_STORE_free(X509_STORE *xs); +int X509_STORE_lock(X509_STORE *xs); +int X509_STORE_unlock(X509_STORE *xs); +int X509_STORE_up_ref(X509_STORE *xs); +STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs); +STACK_OF(X509_OBJECT) *X509_STORE_get1_objects(X509_STORE *xs); +STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs); +STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs, + const X509_NAME *nm); +STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st, + const X509_NAME *nm); +int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags); +int X509_STORE_set_purpose(X509_STORE *xs, int purpose); +int X509_STORE_set_trust(X509_STORE *xs, int trust); +int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm); +X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs); + +void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify); +#define X509_STORE_set_verify_func(ctx, func) \ + X509_STORE_set_verify((ctx),(func)) +void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, + X509_STORE_CTX_verify_fn verify); +X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs); +void X509_STORE_set_verify_cb(X509_STORE *xs, + X509_STORE_CTX_verify_cb verify_cb); +# define X509_STORE_set_verify_cb_func(ctx,func) \ + X509_STORE_set_verify_cb((ctx),(func)) +X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs); +void X509_STORE_set_get_issuer(X509_STORE *xs, + X509_STORE_CTX_get_issuer_fn get_issuer); +X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs); +void X509_STORE_set_check_issued(X509_STORE *xs, + X509_STORE_CTX_check_issued_fn check_issued); +X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s); +void X509_STORE_set_check_revocation(X509_STORE *xs, + X509_STORE_CTX_check_revocation_fn check_revocation); +X509_STORE_CTX_check_revocation_fn + X509_STORE_get_check_revocation(const X509_STORE *xs); +void X509_STORE_set_get_crl(X509_STORE *xs, + X509_STORE_CTX_get_crl_fn get_crl); +X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs); +void X509_STORE_set_check_crl(X509_STORE *xs, + X509_STORE_CTX_check_crl_fn check_crl); +X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs); +void X509_STORE_set_cert_crl(X509_STORE *xs, + X509_STORE_CTX_cert_crl_fn cert_crl); +X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs); +void X509_STORE_set_check_policy(X509_STORE *xs, + X509_STORE_CTX_check_policy_fn check_policy); +X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s); +void X509_STORE_set_lookup_certs(X509_STORE *xs, + X509_STORE_CTX_lookup_certs_fn lookup_certs); +X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s); +void X509_STORE_set_lookup_crls(X509_STORE *xs, + X509_STORE_CTX_lookup_crls_fn lookup_crls); +#define X509_STORE_set_lookup_crls_cb(ctx, func) \ + X509_STORE_set_lookup_crls((ctx), (func)) +X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs); +void X509_STORE_set_cleanup(X509_STORE *xs, + X509_STORE_CTX_cleanup_fn cleanup); +X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs); + +#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef) +int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data); +void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx); + +X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq); +X509_STORE_CTX *X509_STORE_CTX_new(void); + +int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + +void X509_STORE_CTX_free(X509_STORE_CTX *ctx); +int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store, + X509 *target, STACK_OF(X509) *untrusted); +int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store, + EVP_PKEY* rpk); +void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); + +X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx); +EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx); +STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, + X509_STORE_CTX_verify_cb verify); +X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(const X509_STORE_CTX *ctx); +X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx); +X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx); +X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx); +X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx, + X509_STORE_CTX_get_crl_fn get_crl); +X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx); +X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx); +X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx); +X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(const X509_STORE_CTX *ctx); +X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(const X509_STORE_CTX *ctx); +X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(const X509_STORE_CTX *ctx); +X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx); + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain +# define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted +# define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack +# define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject +# define X509_STORE_get1_certs X509_STORE_CTX_get1_certs +# define X509_STORE_get1_crls X509_STORE_CTX_get1_crls +/* the following macro is misspelled; use X509_STORE_get1_certs instead */ +# define X509_STORE_get1_cert X509_STORE_CTX_get1_certs +/* the following macro is misspelled; use X509_STORE_get1_crls instead */ +# define X509_STORE_get1_crl X509_STORE_CTX_get1_crls +#endif + +X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m); +X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); +X509_LOOKUP_METHOD *X509_LOOKUP_file(void); +X509_LOOKUP_METHOD *X509_LOOKUP_store(void); + +typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); +typedef int (*X509_LOOKUP_ctrl_ex_fn)( + X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret, + OSSL_LIB_CTX *libctx, const char *propq); + +typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const X509_NAME *name, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_subject_ex_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const X509_NAME *name, + X509_OBJECT *ret, + OSSL_LIB_CTX *libctx, + const char *propq); +typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const X509_NAME *name, + const ASN1_INTEGER *serial, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const unsigned char* bytes, + int len, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const char *str, + int len, + X509_OBJECT *ret); + +X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); +void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, + int (*new_item) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, + void (*free_fn) (X509_LOOKUP *ctx)); +void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, + int (*init) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, + int (*shutdown) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, + X509_LOOKUP_ctrl_fn ctrl_fn); +X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_subject_fn fn); +X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_issuer_serial_fn fn); +X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_fingerprint_fn fn); +X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_alias_fn fn); +X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( + const X509_LOOKUP_METHOD *method); + + +int X509_STORE_add_cert(X509_STORE *xs, X509 *x); +int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x); + +int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs, + X509_LOOKUP_TYPE type, + const X509_NAME *name, X509_OBJECT *ret); +X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, + X509_LOOKUP_TYPE type, + const X509_NAME *name); + +int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); +int X509_LOOKUP_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, + char **ret, OSSL_LIB_CTX *libctx, const char *propq); + +int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_cert_file_ex(X509_LOOKUP *ctx, const char *file, int type, + OSSL_LIB_CTX *libctx, const char *propq); +int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_cert_crl_file_ex(X509_LOOKUP *ctx, const char *file, int type, + OSSL_LIB_CTX *libctx, const char *propq); + +X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); +void X509_LOOKUP_free(X509_LOOKUP *ctx); +int X509_LOOKUP_init(X509_LOOKUP *ctx); +int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const X509_NAME *name, X509_OBJECT *ret); +int X509_LOOKUP_by_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const X509_NAME *name, X509_OBJECT *ret, + OSSL_LIB_CTX *libctx, const char *propq); +int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const X509_NAME *name, + const ASN1_INTEGER *serial, + X509_OBJECT *ret); +int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const unsigned char *bytes, int len, + X509_OBJECT *ret); +int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const char *str, int len, X509_OBJECT *ret); +int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); +void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); +X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); +int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); + +int X509_STORE_load_file(X509_STORE *xs, const char *file); +int X509_STORE_load_path(X509_STORE *xs, const char *path); +int X509_STORE_load_store(X509_STORE *xs, const char *store); +int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir); +int X509_STORE_set_default_paths(X509_STORE *xs); + +int X509_STORE_load_file_ex(X509_STORE *xs, const char *file, + OSSL_LIB_CTX *libctx, const char *propq); +int X509_STORE_load_store_ex(X509_STORE *xs, const char *store, + OSSL_LIB_CTX *libctx, const char *propq); +int X509_STORE_load_locations_ex(X509_STORE *xs, + const char *file, const char *dir, + OSSL_LIB_CTX *libctx, const char *propq); +int X509_STORE_set_default_paths_ex(X509_STORE *xs, + OSSL_LIB_CTX *libctx, const char *propq); + +#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef) +int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data); +void *X509_STORE_CTX_get_ex_data(const X509_STORE_CTX *ctx, int idx); +int X509_STORE_CTX_get_error(const X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); +int X509_STORE_CTX_get_error_depth(const X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); +X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); +X509 *X509_STORE_CTX_get0_current_issuer(const X509_STORE_CTX *ctx); +X509_CRL *X509_STORE_CTX_get0_current_crl(const X509_STORE_CTX *ctx); +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target); +void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target); +void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); +void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); +int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); +int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); +int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, + int purpose, int trust); +void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); +void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, + time_t t); +void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx, + unsigned int current_reasons); + +X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_num_untrusted(const X509_STORE_CTX *ctx); + +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(const X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); +int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); + +/* + * Bridge opacity barrier between libcrypt and libssl, also needed to support + * offline testing in test/danetest.c + */ +void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane); +#define DANE_FLAG_NO_DANE_EE_NAMECHECKS (1L << 0) + +/* X509_VERIFY_PARAM functions */ + +X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); +void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name); +int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +unsigned long X509_VERIFY_PARAM_get_flags(const X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); +int X509_VERIFY_PARAM_get_purpose(const X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); +void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level); +time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); +void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); +int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, + ASN1_OBJECT *policy); +int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + STACK_OF(ASN1_OBJECT) *policies); + +int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, + uint32_t flags); +uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); + +char *X509_VERIFY_PARAM_get0_host(X509_VERIFY_PARAM *param, int idx); +int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); +int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); +void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, + unsigned int flags); +unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); +char *X509_VERIFY_PARAM_get0_peername(const X509_VERIFY_PARAM *param); +void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); +char *X509_VERIFY_PARAM_get0_email(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, + const char *email, size_t emaillen); +char *X509_VERIFY_PARAM_get1_ip_asc(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, + const unsigned char *ip, size_t iplen); +int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, + const char *ipasc); + +int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); +const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param); + +int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_get_count(void); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); +void X509_VERIFY_PARAM_table_cleanup(void); + +/* Non positive return values are errors */ +#define X509_PCY_TREE_FAILURE -2 /* Failure to satisfy explicit policy */ +#define X509_PCY_TREE_INVALID -1 /* Inconsistent or invalid extensions */ +#define X509_PCY_TREE_INTERNAL 0 /* Internal error, most likely malloc */ + +/* + * Positive return values form a bit mask, all but the first are internal to + * the library and don't appear in results from X509_policy_check(). + */ +#define X509_PCY_TREE_VALID 1 /* The policy tree is valid */ +#define X509_PCY_TREE_EMPTY 2 /* The policy tree is empty */ +#define X509_PCY_TREE_EXPLICIT 4 /* Explicit policy required */ + +int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, + STACK_OF(X509) *certs, + STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags); + +void X509_policy_tree_free(X509_POLICY_TREE *tree); + +int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); +X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, + int i); + +STACK_OF(X509_POLICY_NODE) + *X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree); + +STACK_OF(X509_POLICY_NODE) + *X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree); + +int X509_policy_level_node_count(X509_POLICY_LEVEL *level); + +X509_POLICY_NODE *X509_policy_level_get0_node(const X509_POLICY_LEVEL *level, + int i); + +const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node); + +STACK_OF(POLICYQUALINFO) + *X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node); +const X509_POLICY_NODE + *X509_policy_node_get0_parent(const X509_POLICY_NODE *node); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/contrib/openssl-cmake/common/include/openssl/x509v3.h b/contrib/openssl-cmake/common/include/openssl/x509v3.h new file mode 100644 index 000000000000..b8dabac35a49 --- /dev/null +++ b/contrib/openssl-cmake/common/include/openssl/x509v3.h @@ -0,0 +1,1968 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/x509v3.h.in + * + * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + + +#ifndef OPENSSL_X509V3_H +# define OPENSSL_X509V3_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_X509V3_H +# endif + +# include +# include +# include +# include +# ifndef OPENSSL_NO_STDIO +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* Forward reference */ +struct v3_ext_method; +struct v3_ext_ctx; + +/* Useful typedefs */ + +typedef void *(*X509V3_EXT_NEW)(void); +typedef void (*X509V3_EXT_FREE) (void *); +typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); +typedef int (*X509V3_EXT_I2D) (const void *, unsigned char **); +typedef STACK_OF(CONF_VALUE) * + (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext, + STACK_OF(CONF_VALUE) *extlist); +typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values); +typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method, + void *ext); +typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); +typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext, + BIO *out, int indent); +typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); + +/* V3 extension structure */ + +struct v3_ext_method { + int ext_nid; + int ext_flags; +/* If this is set the following four fields are ignored */ + ASN1_ITEM_EXP *it; +/* Old style ASN1 calls */ + X509V3_EXT_NEW ext_new; + X509V3_EXT_FREE ext_free; + X509V3_EXT_D2I d2i; + X509V3_EXT_I2D i2d; +/* The following pair is used for string extensions */ + X509V3_EXT_I2S i2s; + X509V3_EXT_S2I s2i; +/* The following pair is used for multi-valued extensions */ + X509V3_EXT_I2V i2v; + X509V3_EXT_V2I v2i; +/* The following are used for raw extensions */ + X509V3_EXT_I2R i2r; + X509V3_EXT_R2I r2i; + void *usr_data; /* Any extension specific data */ +}; + +typedef struct X509V3_CONF_METHOD_st { + char *(*get_string) (void *db, const char *section, const char *value); + STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section); + void (*free_string) (void *db, char *string); + void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section); +} X509V3_CONF_METHOD; + +/* Context specific info for producing X509 v3 extensions*/ +struct v3_ext_ctx { +# define X509V3_CTX_TEST 0x1 +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define CTX_TEST X509V3_CTX_TEST +# endif +# define X509V3_CTX_REPLACE 0x2 + int flags; + X509 *issuer_cert; + X509 *subject_cert; + X509_REQ *subject_req; + X509_CRL *crl; + X509V3_CONF_METHOD *db_meth; + void *db; + EVP_PKEY *issuer_pkey; +/* Maybe more here */ +}; + +typedef struct v3_ext_method X509V3_EXT_METHOD; + +SKM_DEFINE_STACK_OF_INTERNAL(X509V3_EXT_METHOD, X509V3_EXT_METHOD, X509V3_EXT_METHOD) +#define sk_X509V3_EXT_METHOD_num(sk) OPENSSL_sk_num(ossl_check_const_X509V3_EXT_METHOD_sk_type(sk)) +#define sk_X509V3_EXT_METHOD_value(sk, idx) ((X509V3_EXT_METHOD *)OPENSSL_sk_value(ossl_check_const_X509V3_EXT_METHOD_sk_type(sk), (idx))) +#define sk_X509V3_EXT_METHOD_new(cmp) ((STACK_OF(X509V3_EXT_METHOD) *)OPENSSL_sk_new(ossl_check_X509V3_EXT_METHOD_compfunc_type(cmp))) +#define sk_X509V3_EXT_METHOD_new_null() ((STACK_OF(X509V3_EXT_METHOD) *)OPENSSL_sk_new_null()) +#define sk_X509V3_EXT_METHOD_new_reserve(cmp, n) ((STACK_OF(X509V3_EXT_METHOD) *)OPENSSL_sk_new_reserve(ossl_check_X509V3_EXT_METHOD_compfunc_type(cmp), (n))) +#define sk_X509V3_EXT_METHOD_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_X509V3_EXT_METHOD_sk_type(sk), (n)) +#define sk_X509V3_EXT_METHOD_free(sk) OPENSSL_sk_free(ossl_check_X509V3_EXT_METHOD_sk_type(sk)) +#define sk_X509V3_EXT_METHOD_zero(sk) OPENSSL_sk_zero(ossl_check_X509V3_EXT_METHOD_sk_type(sk)) +#define sk_X509V3_EXT_METHOD_delete(sk, i) ((X509V3_EXT_METHOD *)OPENSSL_sk_delete(ossl_check_X509V3_EXT_METHOD_sk_type(sk), (i))) +#define sk_X509V3_EXT_METHOD_delete_ptr(sk, ptr) ((X509V3_EXT_METHOD *)OPENSSL_sk_delete_ptr(ossl_check_X509V3_EXT_METHOD_sk_type(sk), ossl_check_X509V3_EXT_METHOD_type(ptr))) +#define sk_X509V3_EXT_METHOD_push(sk, ptr) OPENSSL_sk_push(ossl_check_X509V3_EXT_METHOD_sk_type(sk), ossl_check_X509V3_EXT_METHOD_type(ptr)) +#define sk_X509V3_EXT_METHOD_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_X509V3_EXT_METHOD_sk_type(sk), ossl_check_X509V3_EXT_METHOD_type(ptr)) +#define sk_X509V3_EXT_METHOD_pop(sk) ((X509V3_EXT_METHOD *)OPENSSL_sk_pop(ossl_check_X509V3_EXT_METHOD_sk_type(sk))) +#define sk_X509V3_EXT_METHOD_shift(sk) ((X509V3_EXT_METHOD *)OPENSSL_sk_shift(ossl_check_X509V3_EXT_METHOD_sk_type(sk))) +#define sk_X509V3_EXT_METHOD_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_X509V3_EXT_METHOD_sk_type(sk),ossl_check_X509V3_EXT_METHOD_freefunc_type(freefunc)) +#define sk_X509V3_EXT_METHOD_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_X509V3_EXT_METHOD_sk_type(sk), ossl_check_X509V3_EXT_METHOD_type(ptr), (idx)) +#define sk_X509V3_EXT_METHOD_set(sk, idx, ptr) ((X509V3_EXT_METHOD *)OPENSSL_sk_set(ossl_check_X509V3_EXT_METHOD_sk_type(sk), (idx), ossl_check_X509V3_EXT_METHOD_type(ptr))) +#define sk_X509V3_EXT_METHOD_find(sk, ptr) OPENSSL_sk_find(ossl_check_X509V3_EXT_METHOD_sk_type(sk), ossl_check_X509V3_EXT_METHOD_type(ptr)) +#define sk_X509V3_EXT_METHOD_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_X509V3_EXT_METHOD_sk_type(sk), ossl_check_X509V3_EXT_METHOD_type(ptr)) +#define sk_X509V3_EXT_METHOD_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_X509V3_EXT_METHOD_sk_type(sk), ossl_check_X509V3_EXT_METHOD_type(ptr), pnum) +#define sk_X509V3_EXT_METHOD_sort(sk) OPENSSL_sk_sort(ossl_check_X509V3_EXT_METHOD_sk_type(sk)) +#define sk_X509V3_EXT_METHOD_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_X509V3_EXT_METHOD_sk_type(sk)) +#define sk_X509V3_EXT_METHOD_dup(sk) ((STACK_OF(X509V3_EXT_METHOD) *)OPENSSL_sk_dup(ossl_check_const_X509V3_EXT_METHOD_sk_type(sk))) +#define sk_X509V3_EXT_METHOD_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509V3_EXT_METHOD) *)OPENSSL_sk_deep_copy(ossl_check_const_X509V3_EXT_METHOD_sk_type(sk), ossl_check_X509V3_EXT_METHOD_copyfunc_type(copyfunc), ossl_check_X509V3_EXT_METHOD_freefunc_type(freefunc))) +#define sk_X509V3_EXT_METHOD_set_cmp_func(sk, cmp) ((sk_X509V3_EXT_METHOD_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509V3_EXT_METHOD_sk_type(sk), ossl_check_X509V3_EXT_METHOD_compfunc_type(cmp))) + + +/* ext_flags values */ +# define X509V3_EXT_DYNAMIC 0x1 +# define X509V3_EXT_CTX_DEP 0x2 +# define X509V3_EXT_MULTILINE 0x4 + +typedef BIT_STRING_BITNAME ENUMERATED_NAMES; + +typedef struct BASIC_CONSTRAINTS_st { + int ca; + ASN1_INTEGER *pathlen; +} BASIC_CONSTRAINTS; + +typedef struct OSSL_BASIC_ATTR_CONSTRAINTS_st { + int authority; + ASN1_INTEGER *pathlen; +} OSSL_BASIC_ATTR_CONSTRAINTS; + +typedef struct PKEY_USAGE_PERIOD_st { + ASN1_GENERALIZEDTIME *notBefore; + ASN1_GENERALIZEDTIME *notAfter; +} PKEY_USAGE_PERIOD; + +typedef struct otherName_st { + ASN1_OBJECT *type_id; + ASN1_TYPE *value; +} OTHERNAME; + +typedef struct EDIPartyName_st { + ASN1_STRING *nameAssigner; + ASN1_STRING *partyName; +} EDIPARTYNAME; + +typedef struct GENERAL_NAME_st { +# define GEN_OTHERNAME 0 +# define GEN_EMAIL 1 +# define GEN_DNS 2 +# define GEN_X400 3 +# define GEN_DIRNAME 4 +# define GEN_EDIPARTY 5 +# define GEN_URI 6 +# define GEN_IPADD 7 +# define GEN_RID 8 + int type; + union { + char *ptr; + OTHERNAME *otherName; /* otherName */ + ASN1_IA5STRING *rfc822Name; + ASN1_IA5STRING *dNSName; + ASN1_STRING *x400Address; + X509_NAME *directoryName; + EDIPARTYNAME *ediPartyName; + ASN1_IA5STRING *uniformResourceIdentifier; + ASN1_OCTET_STRING *iPAddress; + ASN1_OBJECT *registeredID; + /* Old names */ + ASN1_OCTET_STRING *ip; /* iPAddress */ + X509_NAME *dirn; /* dirn */ + ASN1_IA5STRING *ia5; /* rfc822Name, dNSName, + * uniformResourceIdentifier */ + ASN1_OBJECT *rid; /* registeredID */ + ASN1_TYPE *other; /* x400Address */ + } d; +} GENERAL_NAME; + +typedef struct ACCESS_DESCRIPTION_st { + ASN1_OBJECT *method; + GENERAL_NAME *location; +} ACCESS_DESCRIPTION; + +int GENERAL_NAME_set1_X509_NAME(GENERAL_NAME **tgt, const X509_NAME *src); + +SKM_DEFINE_STACK_OF_INTERNAL(ACCESS_DESCRIPTION, ACCESS_DESCRIPTION, ACCESS_DESCRIPTION) +#define sk_ACCESS_DESCRIPTION_num(sk) OPENSSL_sk_num(ossl_check_const_ACCESS_DESCRIPTION_sk_type(sk)) +#define sk_ACCESS_DESCRIPTION_value(sk, idx) ((ACCESS_DESCRIPTION *)OPENSSL_sk_value(ossl_check_const_ACCESS_DESCRIPTION_sk_type(sk), (idx))) +#define sk_ACCESS_DESCRIPTION_new(cmp) ((STACK_OF(ACCESS_DESCRIPTION) *)OPENSSL_sk_new(ossl_check_ACCESS_DESCRIPTION_compfunc_type(cmp))) +#define sk_ACCESS_DESCRIPTION_new_null() ((STACK_OF(ACCESS_DESCRIPTION) *)OPENSSL_sk_new_null()) +#define sk_ACCESS_DESCRIPTION_new_reserve(cmp, n) ((STACK_OF(ACCESS_DESCRIPTION) *)OPENSSL_sk_new_reserve(ossl_check_ACCESS_DESCRIPTION_compfunc_type(cmp), (n))) +#define sk_ACCESS_DESCRIPTION_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ACCESS_DESCRIPTION_sk_type(sk), (n)) +#define sk_ACCESS_DESCRIPTION_free(sk) OPENSSL_sk_free(ossl_check_ACCESS_DESCRIPTION_sk_type(sk)) +#define sk_ACCESS_DESCRIPTION_zero(sk) OPENSSL_sk_zero(ossl_check_ACCESS_DESCRIPTION_sk_type(sk)) +#define sk_ACCESS_DESCRIPTION_delete(sk, i) ((ACCESS_DESCRIPTION *)OPENSSL_sk_delete(ossl_check_ACCESS_DESCRIPTION_sk_type(sk), (i))) +#define sk_ACCESS_DESCRIPTION_delete_ptr(sk, ptr) ((ACCESS_DESCRIPTION *)OPENSSL_sk_delete_ptr(ossl_check_ACCESS_DESCRIPTION_sk_type(sk), ossl_check_ACCESS_DESCRIPTION_type(ptr))) +#define sk_ACCESS_DESCRIPTION_push(sk, ptr) OPENSSL_sk_push(ossl_check_ACCESS_DESCRIPTION_sk_type(sk), ossl_check_ACCESS_DESCRIPTION_type(ptr)) +#define sk_ACCESS_DESCRIPTION_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ACCESS_DESCRIPTION_sk_type(sk), ossl_check_ACCESS_DESCRIPTION_type(ptr)) +#define sk_ACCESS_DESCRIPTION_pop(sk) ((ACCESS_DESCRIPTION *)OPENSSL_sk_pop(ossl_check_ACCESS_DESCRIPTION_sk_type(sk))) +#define sk_ACCESS_DESCRIPTION_shift(sk) ((ACCESS_DESCRIPTION *)OPENSSL_sk_shift(ossl_check_ACCESS_DESCRIPTION_sk_type(sk))) +#define sk_ACCESS_DESCRIPTION_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ACCESS_DESCRIPTION_sk_type(sk),ossl_check_ACCESS_DESCRIPTION_freefunc_type(freefunc)) +#define sk_ACCESS_DESCRIPTION_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ACCESS_DESCRIPTION_sk_type(sk), ossl_check_ACCESS_DESCRIPTION_type(ptr), (idx)) +#define sk_ACCESS_DESCRIPTION_set(sk, idx, ptr) ((ACCESS_DESCRIPTION *)OPENSSL_sk_set(ossl_check_ACCESS_DESCRIPTION_sk_type(sk), (idx), ossl_check_ACCESS_DESCRIPTION_type(ptr))) +#define sk_ACCESS_DESCRIPTION_find(sk, ptr) OPENSSL_sk_find(ossl_check_ACCESS_DESCRIPTION_sk_type(sk), ossl_check_ACCESS_DESCRIPTION_type(ptr)) +#define sk_ACCESS_DESCRIPTION_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ACCESS_DESCRIPTION_sk_type(sk), ossl_check_ACCESS_DESCRIPTION_type(ptr)) +#define sk_ACCESS_DESCRIPTION_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ACCESS_DESCRIPTION_sk_type(sk), ossl_check_ACCESS_DESCRIPTION_type(ptr), pnum) +#define sk_ACCESS_DESCRIPTION_sort(sk) OPENSSL_sk_sort(ossl_check_ACCESS_DESCRIPTION_sk_type(sk)) +#define sk_ACCESS_DESCRIPTION_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ACCESS_DESCRIPTION_sk_type(sk)) +#define sk_ACCESS_DESCRIPTION_dup(sk) ((STACK_OF(ACCESS_DESCRIPTION) *)OPENSSL_sk_dup(ossl_check_const_ACCESS_DESCRIPTION_sk_type(sk))) +#define sk_ACCESS_DESCRIPTION_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ACCESS_DESCRIPTION) *)OPENSSL_sk_deep_copy(ossl_check_const_ACCESS_DESCRIPTION_sk_type(sk), ossl_check_ACCESS_DESCRIPTION_copyfunc_type(copyfunc), ossl_check_ACCESS_DESCRIPTION_freefunc_type(freefunc))) +#define sk_ACCESS_DESCRIPTION_set_cmp_func(sk, cmp) ((sk_ACCESS_DESCRIPTION_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ACCESS_DESCRIPTION_sk_type(sk), ossl_check_ACCESS_DESCRIPTION_compfunc_type(cmp))) +SKM_DEFINE_STACK_OF_INTERNAL(GENERAL_NAME, GENERAL_NAME, GENERAL_NAME) +#define sk_GENERAL_NAME_num(sk) OPENSSL_sk_num(ossl_check_const_GENERAL_NAME_sk_type(sk)) +#define sk_GENERAL_NAME_value(sk, idx) ((GENERAL_NAME *)OPENSSL_sk_value(ossl_check_const_GENERAL_NAME_sk_type(sk), (idx))) +#define sk_GENERAL_NAME_new(cmp) ((STACK_OF(GENERAL_NAME) *)OPENSSL_sk_new(ossl_check_GENERAL_NAME_compfunc_type(cmp))) +#define sk_GENERAL_NAME_new_null() ((STACK_OF(GENERAL_NAME) *)OPENSSL_sk_new_null()) +#define sk_GENERAL_NAME_new_reserve(cmp, n) ((STACK_OF(GENERAL_NAME) *)OPENSSL_sk_new_reserve(ossl_check_GENERAL_NAME_compfunc_type(cmp), (n))) +#define sk_GENERAL_NAME_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_GENERAL_NAME_sk_type(sk), (n)) +#define sk_GENERAL_NAME_free(sk) OPENSSL_sk_free(ossl_check_GENERAL_NAME_sk_type(sk)) +#define sk_GENERAL_NAME_zero(sk) OPENSSL_sk_zero(ossl_check_GENERAL_NAME_sk_type(sk)) +#define sk_GENERAL_NAME_delete(sk, i) ((GENERAL_NAME *)OPENSSL_sk_delete(ossl_check_GENERAL_NAME_sk_type(sk), (i))) +#define sk_GENERAL_NAME_delete_ptr(sk, ptr) ((GENERAL_NAME *)OPENSSL_sk_delete_ptr(ossl_check_GENERAL_NAME_sk_type(sk), ossl_check_GENERAL_NAME_type(ptr))) +#define sk_GENERAL_NAME_push(sk, ptr) OPENSSL_sk_push(ossl_check_GENERAL_NAME_sk_type(sk), ossl_check_GENERAL_NAME_type(ptr)) +#define sk_GENERAL_NAME_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_GENERAL_NAME_sk_type(sk), ossl_check_GENERAL_NAME_type(ptr)) +#define sk_GENERAL_NAME_pop(sk) ((GENERAL_NAME *)OPENSSL_sk_pop(ossl_check_GENERAL_NAME_sk_type(sk))) +#define sk_GENERAL_NAME_shift(sk) ((GENERAL_NAME *)OPENSSL_sk_shift(ossl_check_GENERAL_NAME_sk_type(sk))) +#define sk_GENERAL_NAME_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_GENERAL_NAME_sk_type(sk),ossl_check_GENERAL_NAME_freefunc_type(freefunc)) +#define sk_GENERAL_NAME_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_GENERAL_NAME_sk_type(sk), ossl_check_GENERAL_NAME_type(ptr), (idx)) +#define sk_GENERAL_NAME_set(sk, idx, ptr) ((GENERAL_NAME *)OPENSSL_sk_set(ossl_check_GENERAL_NAME_sk_type(sk), (idx), ossl_check_GENERAL_NAME_type(ptr))) +#define sk_GENERAL_NAME_find(sk, ptr) OPENSSL_sk_find(ossl_check_GENERAL_NAME_sk_type(sk), ossl_check_GENERAL_NAME_type(ptr)) +#define sk_GENERAL_NAME_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_GENERAL_NAME_sk_type(sk), ossl_check_GENERAL_NAME_type(ptr)) +#define sk_GENERAL_NAME_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_GENERAL_NAME_sk_type(sk), ossl_check_GENERAL_NAME_type(ptr), pnum) +#define sk_GENERAL_NAME_sort(sk) OPENSSL_sk_sort(ossl_check_GENERAL_NAME_sk_type(sk)) +#define sk_GENERAL_NAME_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_GENERAL_NAME_sk_type(sk)) +#define sk_GENERAL_NAME_dup(sk) ((STACK_OF(GENERAL_NAME) *)OPENSSL_sk_dup(ossl_check_const_GENERAL_NAME_sk_type(sk))) +#define sk_GENERAL_NAME_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(GENERAL_NAME) *)OPENSSL_sk_deep_copy(ossl_check_const_GENERAL_NAME_sk_type(sk), ossl_check_GENERAL_NAME_copyfunc_type(copyfunc), ossl_check_GENERAL_NAME_freefunc_type(freefunc))) +#define sk_GENERAL_NAME_set_cmp_func(sk, cmp) ((sk_GENERAL_NAME_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_GENERAL_NAME_sk_type(sk), ossl_check_GENERAL_NAME_compfunc_type(cmp))) + + +typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; +typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; +typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE; +typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; + +SKM_DEFINE_STACK_OF_INTERNAL(GENERAL_NAMES, GENERAL_NAMES, GENERAL_NAMES) +#define sk_GENERAL_NAMES_num(sk) OPENSSL_sk_num(ossl_check_const_GENERAL_NAMES_sk_type(sk)) +#define sk_GENERAL_NAMES_value(sk, idx) ((GENERAL_NAMES *)OPENSSL_sk_value(ossl_check_const_GENERAL_NAMES_sk_type(sk), (idx))) +#define sk_GENERAL_NAMES_new(cmp) ((STACK_OF(GENERAL_NAMES) *)OPENSSL_sk_new(ossl_check_GENERAL_NAMES_compfunc_type(cmp))) +#define sk_GENERAL_NAMES_new_null() ((STACK_OF(GENERAL_NAMES) *)OPENSSL_sk_new_null()) +#define sk_GENERAL_NAMES_new_reserve(cmp, n) ((STACK_OF(GENERAL_NAMES) *)OPENSSL_sk_new_reserve(ossl_check_GENERAL_NAMES_compfunc_type(cmp), (n))) +#define sk_GENERAL_NAMES_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_GENERAL_NAMES_sk_type(sk), (n)) +#define sk_GENERAL_NAMES_free(sk) OPENSSL_sk_free(ossl_check_GENERAL_NAMES_sk_type(sk)) +#define sk_GENERAL_NAMES_zero(sk) OPENSSL_sk_zero(ossl_check_GENERAL_NAMES_sk_type(sk)) +#define sk_GENERAL_NAMES_delete(sk, i) ((GENERAL_NAMES *)OPENSSL_sk_delete(ossl_check_GENERAL_NAMES_sk_type(sk), (i))) +#define sk_GENERAL_NAMES_delete_ptr(sk, ptr) ((GENERAL_NAMES *)OPENSSL_sk_delete_ptr(ossl_check_GENERAL_NAMES_sk_type(sk), ossl_check_GENERAL_NAMES_type(ptr))) +#define sk_GENERAL_NAMES_push(sk, ptr) OPENSSL_sk_push(ossl_check_GENERAL_NAMES_sk_type(sk), ossl_check_GENERAL_NAMES_type(ptr)) +#define sk_GENERAL_NAMES_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_GENERAL_NAMES_sk_type(sk), ossl_check_GENERAL_NAMES_type(ptr)) +#define sk_GENERAL_NAMES_pop(sk) ((GENERAL_NAMES *)OPENSSL_sk_pop(ossl_check_GENERAL_NAMES_sk_type(sk))) +#define sk_GENERAL_NAMES_shift(sk) ((GENERAL_NAMES *)OPENSSL_sk_shift(ossl_check_GENERAL_NAMES_sk_type(sk))) +#define sk_GENERAL_NAMES_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_GENERAL_NAMES_sk_type(sk),ossl_check_GENERAL_NAMES_freefunc_type(freefunc)) +#define sk_GENERAL_NAMES_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_GENERAL_NAMES_sk_type(sk), ossl_check_GENERAL_NAMES_type(ptr), (idx)) +#define sk_GENERAL_NAMES_set(sk, idx, ptr) ((GENERAL_NAMES *)OPENSSL_sk_set(ossl_check_GENERAL_NAMES_sk_type(sk), (idx), ossl_check_GENERAL_NAMES_type(ptr))) +#define sk_GENERAL_NAMES_find(sk, ptr) OPENSSL_sk_find(ossl_check_GENERAL_NAMES_sk_type(sk), ossl_check_GENERAL_NAMES_type(ptr)) +#define sk_GENERAL_NAMES_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_GENERAL_NAMES_sk_type(sk), ossl_check_GENERAL_NAMES_type(ptr)) +#define sk_GENERAL_NAMES_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_GENERAL_NAMES_sk_type(sk), ossl_check_GENERAL_NAMES_type(ptr), pnum) +#define sk_GENERAL_NAMES_sort(sk) OPENSSL_sk_sort(ossl_check_GENERAL_NAMES_sk_type(sk)) +#define sk_GENERAL_NAMES_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_GENERAL_NAMES_sk_type(sk)) +#define sk_GENERAL_NAMES_dup(sk) ((STACK_OF(GENERAL_NAMES) *)OPENSSL_sk_dup(ossl_check_const_GENERAL_NAMES_sk_type(sk))) +#define sk_GENERAL_NAMES_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(GENERAL_NAMES) *)OPENSSL_sk_deep_copy(ossl_check_const_GENERAL_NAMES_sk_type(sk), ossl_check_GENERAL_NAMES_copyfunc_type(copyfunc), ossl_check_GENERAL_NAMES_freefunc_type(freefunc))) +#define sk_GENERAL_NAMES_set_cmp_func(sk, cmp) ((sk_GENERAL_NAMES_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_GENERAL_NAMES_sk_type(sk), ossl_check_GENERAL_NAMES_compfunc_type(cmp))) + + +typedef struct DIST_POINT_NAME_st { + int type; + union { + GENERAL_NAMES *fullname; + STACK_OF(X509_NAME_ENTRY) *relativename; + } name; +/* If relativename then this contains the full distribution point name */ + X509_NAME *dpname; +} DIST_POINT_NAME; +DECLARE_ASN1_DUP_FUNCTION(DIST_POINT_NAME) +/* All existing reasons */ +# define CRLDP_ALL_REASONS 0x807f + +# define CRL_REASON_NONE -1 +# define CRL_REASON_UNSPECIFIED 0 +# define CRL_REASON_KEY_COMPROMISE 1 +# define CRL_REASON_CA_COMPROMISE 2 +# define CRL_REASON_AFFILIATION_CHANGED 3 +# define CRL_REASON_SUPERSEDED 4 +# define CRL_REASON_CESSATION_OF_OPERATION 5 +# define CRL_REASON_CERTIFICATE_HOLD 6 +# define CRL_REASON_REMOVE_FROM_CRL 8 +# define CRL_REASON_PRIVILEGE_WITHDRAWN 9 +# define CRL_REASON_AA_COMPROMISE 10 + +struct DIST_POINT_st { + DIST_POINT_NAME *distpoint; + ASN1_BIT_STRING *reasons; + GENERAL_NAMES *CRLissuer; + int dp_reasons; +}; + +SKM_DEFINE_STACK_OF_INTERNAL(DIST_POINT, DIST_POINT, DIST_POINT) +#define sk_DIST_POINT_num(sk) OPENSSL_sk_num(ossl_check_const_DIST_POINT_sk_type(sk)) +#define sk_DIST_POINT_value(sk, idx) ((DIST_POINT *)OPENSSL_sk_value(ossl_check_const_DIST_POINT_sk_type(sk), (idx))) +#define sk_DIST_POINT_new(cmp) ((STACK_OF(DIST_POINT) *)OPENSSL_sk_new(ossl_check_DIST_POINT_compfunc_type(cmp))) +#define sk_DIST_POINT_new_null() ((STACK_OF(DIST_POINT) *)OPENSSL_sk_new_null()) +#define sk_DIST_POINT_new_reserve(cmp, n) ((STACK_OF(DIST_POINT) *)OPENSSL_sk_new_reserve(ossl_check_DIST_POINT_compfunc_type(cmp), (n))) +#define sk_DIST_POINT_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_DIST_POINT_sk_type(sk), (n)) +#define sk_DIST_POINT_free(sk) OPENSSL_sk_free(ossl_check_DIST_POINT_sk_type(sk)) +#define sk_DIST_POINT_zero(sk) OPENSSL_sk_zero(ossl_check_DIST_POINT_sk_type(sk)) +#define sk_DIST_POINT_delete(sk, i) ((DIST_POINT *)OPENSSL_sk_delete(ossl_check_DIST_POINT_sk_type(sk), (i))) +#define sk_DIST_POINT_delete_ptr(sk, ptr) ((DIST_POINT *)OPENSSL_sk_delete_ptr(ossl_check_DIST_POINT_sk_type(sk), ossl_check_DIST_POINT_type(ptr))) +#define sk_DIST_POINT_push(sk, ptr) OPENSSL_sk_push(ossl_check_DIST_POINT_sk_type(sk), ossl_check_DIST_POINT_type(ptr)) +#define sk_DIST_POINT_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_DIST_POINT_sk_type(sk), ossl_check_DIST_POINT_type(ptr)) +#define sk_DIST_POINT_pop(sk) ((DIST_POINT *)OPENSSL_sk_pop(ossl_check_DIST_POINT_sk_type(sk))) +#define sk_DIST_POINT_shift(sk) ((DIST_POINT *)OPENSSL_sk_shift(ossl_check_DIST_POINT_sk_type(sk))) +#define sk_DIST_POINT_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_DIST_POINT_sk_type(sk),ossl_check_DIST_POINT_freefunc_type(freefunc)) +#define sk_DIST_POINT_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_DIST_POINT_sk_type(sk), ossl_check_DIST_POINT_type(ptr), (idx)) +#define sk_DIST_POINT_set(sk, idx, ptr) ((DIST_POINT *)OPENSSL_sk_set(ossl_check_DIST_POINT_sk_type(sk), (idx), ossl_check_DIST_POINT_type(ptr))) +#define sk_DIST_POINT_find(sk, ptr) OPENSSL_sk_find(ossl_check_DIST_POINT_sk_type(sk), ossl_check_DIST_POINT_type(ptr)) +#define sk_DIST_POINT_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_DIST_POINT_sk_type(sk), ossl_check_DIST_POINT_type(ptr)) +#define sk_DIST_POINT_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_DIST_POINT_sk_type(sk), ossl_check_DIST_POINT_type(ptr), pnum) +#define sk_DIST_POINT_sort(sk) OPENSSL_sk_sort(ossl_check_DIST_POINT_sk_type(sk)) +#define sk_DIST_POINT_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_DIST_POINT_sk_type(sk)) +#define sk_DIST_POINT_dup(sk) ((STACK_OF(DIST_POINT) *)OPENSSL_sk_dup(ossl_check_const_DIST_POINT_sk_type(sk))) +#define sk_DIST_POINT_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(DIST_POINT) *)OPENSSL_sk_deep_copy(ossl_check_const_DIST_POINT_sk_type(sk), ossl_check_DIST_POINT_copyfunc_type(copyfunc), ossl_check_DIST_POINT_freefunc_type(freefunc))) +#define sk_DIST_POINT_set_cmp_func(sk, cmp) ((sk_DIST_POINT_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_DIST_POINT_sk_type(sk), ossl_check_DIST_POINT_compfunc_type(cmp))) + + +typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; + +struct AUTHORITY_KEYID_st { + ASN1_OCTET_STRING *keyid; + GENERAL_NAMES *issuer; + ASN1_INTEGER *serial; +}; + +/* Strong extranet structures */ + +typedef struct SXNET_ID_st { + ASN1_INTEGER *zone; + ASN1_OCTET_STRING *user; +} SXNETID; + +SKM_DEFINE_STACK_OF_INTERNAL(SXNETID, SXNETID, SXNETID) +#define sk_SXNETID_num(sk) OPENSSL_sk_num(ossl_check_const_SXNETID_sk_type(sk)) +#define sk_SXNETID_value(sk, idx) ((SXNETID *)OPENSSL_sk_value(ossl_check_const_SXNETID_sk_type(sk), (idx))) +#define sk_SXNETID_new(cmp) ((STACK_OF(SXNETID) *)OPENSSL_sk_new(ossl_check_SXNETID_compfunc_type(cmp))) +#define sk_SXNETID_new_null() ((STACK_OF(SXNETID) *)OPENSSL_sk_new_null()) +#define sk_SXNETID_new_reserve(cmp, n) ((STACK_OF(SXNETID) *)OPENSSL_sk_new_reserve(ossl_check_SXNETID_compfunc_type(cmp), (n))) +#define sk_SXNETID_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_SXNETID_sk_type(sk), (n)) +#define sk_SXNETID_free(sk) OPENSSL_sk_free(ossl_check_SXNETID_sk_type(sk)) +#define sk_SXNETID_zero(sk) OPENSSL_sk_zero(ossl_check_SXNETID_sk_type(sk)) +#define sk_SXNETID_delete(sk, i) ((SXNETID *)OPENSSL_sk_delete(ossl_check_SXNETID_sk_type(sk), (i))) +#define sk_SXNETID_delete_ptr(sk, ptr) ((SXNETID *)OPENSSL_sk_delete_ptr(ossl_check_SXNETID_sk_type(sk), ossl_check_SXNETID_type(ptr))) +#define sk_SXNETID_push(sk, ptr) OPENSSL_sk_push(ossl_check_SXNETID_sk_type(sk), ossl_check_SXNETID_type(ptr)) +#define sk_SXNETID_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_SXNETID_sk_type(sk), ossl_check_SXNETID_type(ptr)) +#define sk_SXNETID_pop(sk) ((SXNETID *)OPENSSL_sk_pop(ossl_check_SXNETID_sk_type(sk))) +#define sk_SXNETID_shift(sk) ((SXNETID *)OPENSSL_sk_shift(ossl_check_SXNETID_sk_type(sk))) +#define sk_SXNETID_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_SXNETID_sk_type(sk),ossl_check_SXNETID_freefunc_type(freefunc)) +#define sk_SXNETID_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_SXNETID_sk_type(sk), ossl_check_SXNETID_type(ptr), (idx)) +#define sk_SXNETID_set(sk, idx, ptr) ((SXNETID *)OPENSSL_sk_set(ossl_check_SXNETID_sk_type(sk), (idx), ossl_check_SXNETID_type(ptr))) +#define sk_SXNETID_find(sk, ptr) OPENSSL_sk_find(ossl_check_SXNETID_sk_type(sk), ossl_check_SXNETID_type(ptr)) +#define sk_SXNETID_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_SXNETID_sk_type(sk), ossl_check_SXNETID_type(ptr)) +#define sk_SXNETID_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_SXNETID_sk_type(sk), ossl_check_SXNETID_type(ptr), pnum) +#define sk_SXNETID_sort(sk) OPENSSL_sk_sort(ossl_check_SXNETID_sk_type(sk)) +#define sk_SXNETID_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_SXNETID_sk_type(sk)) +#define sk_SXNETID_dup(sk) ((STACK_OF(SXNETID) *)OPENSSL_sk_dup(ossl_check_const_SXNETID_sk_type(sk))) +#define sk_SXNETID_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(SXNETID) *)OPENSSL_sk_deep_copy(ossl_check_const_SXNETID_sk_type(sk), ossl_check_SXNETID_copyfunc_type(copyfunc), ossl_check_SXNETID_freefunc_type(freefunc))) +#define sk_SXNETID_set_cmp_func(sk, cmp) ((sk_SXNETID_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_SXNETID_sk_type(sk), ossl_check_SXNETID_compfunc_type(cmp))) + + + +typedef struct SXNET_st { + ASN1_INTEGER *version; + STACK_OF(SXNETID) *ids; +} SXNET; + +typedef struct ISSUER_SIGN_TOOL_st { + ASN1_UTF8STRING *signTool; + ASN1_UTF8STRING *cATool; + ASN1_UTF8STRING *signToolCert; + ASN1_UTF8STRING *cAToolCert; +} ISSUER_SIGN_TOOL; + +typedef struct NOTICEREF_st { + ASN1_STRING *organization; + STACK_OF(ASN1_INTEGER) *noticenos; +} NOTICEREF; + +typedef struct USERNOTICE_st { + NOTICEREF *noticeref; + ASN1_STRING *exptext; +} USERNOTICE; + +typedef struct POLICYQUALINFO_st { + ASN1_OBJECT *pqualid; + union { + ASN1_IA5STRING *cpsuri; + USERNOTICE *usernotice; + ASN1_TYPE *other; + } d; +} POLICYQUALINFO; + +SKM_DEFINE_STACK_OF_INTERNAL(POLICYQUALINFO, POLICYQUALINFO, POLICYQUALINFO) +#define sk_POLICYQUALINFO_num(sk) OPENSSL_sk_num(ossl_check_const_POLICYQUALINFO_sk_type(sk)) +#define sk_POLICYQUALINFO_value(sk, idx) ((POLICYQUALINFO *)OPENSSL_sk_value(ossl_check_const_POLICYQUALINFO_sk_type(sk), (idx))) +#define sk_POLICYQUALINFO_new(cmp) ((STACK_OF(POLICYQUALINFO) *)OPENSSL_sk_new(ossl_check_POLICYQUALINFO_compfunc_type(cmp))) +#define sk_POLICYQUALINFO_new_null() ((STACK_OF(POLICYQUALINFO) *)OPENSSL_sk_new_null()) +#define sk_POLICYQUALINFO_new_reserve(cmp, n) ((STACK_OF(POLICYQUALINFO) *)OPENSSL_sk_new_reserve(ossl_check_POLICYQUALINFO_compfunc_type(cmp), (n))) +#define sk_POLICYQUALINFO_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_POLICYQUALINFO_sk_type(sk), (n)) +#define sk_POLICYQUALINFO_free(sk) OPENSSL_sk_free(ossl_check_POLICYQUALINFO_sk_type(sk)) +#define sk_POLICYQUALINFO_zero(sk) OPENSSL_sk_zero(ossl_check_POLICYQUALINFO_sk_type(sk)) +#define sk_POLICYQUALINFO_delete(sk, i) ((POLICYQUALINFO *)OPENSSL_sk_delete(ossl_check_POLICYQUALINFO_sk_type(sk), (i))) +#define sk_POLICYQUALINFO_delete_ptr(sk, ptr) ((POLICYQUALINFO *)OPENSSL_sk_delete_ptr(ossl_check_POLICYQUALINFO_sk_type(sk), ossl_check_POLICYQUALINFO_type(ptr))) +#define sk_POLICYQUALINFO_push(sk, ptr) OPENSSL_sk_push(ossl_check_POLICYQUALINFO_sk_type(sk), ossl_check_POLICYQUALINFO_type(ptr)) +#define sk_POLICYQUALINFO_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_POLICYQUALINFO_sk_type(sk), ossl_check_POLICYQUALINFO_type(ptr)) +#define sk_POLICYQUALINFO_pop(sk) ((POLICYQUALINFO *)OPENSSL_sk_pop(ossl_check_POLICYQUALINFO_sk_type(sk))) +#define sk_POLICYQUALINFO_shift(sk) ((POLICYQUALINFO *)OPENSSL_sk_shift(ossl_check_POLICYQUALINFO_sk_type(sk))) +#define sk_POLICYQUALINFO_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_POLICYQUALINFO_sk_type(sk),ossl_check_POLICYQUALINFO_freefunc_type(freefunc)) +#define sk_POLICYQUALINFO_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_POLICYQUALINFO_sk_type(sk), ossl_check_POLICYQUALINFO_type(ptr), (idx)) +#define sk_POLICYQUALINFO_set(sk, idx, ptr) ((POLICYQUALINFO *)OPENSSL_sk_set(ossl_check_POLICYQUALINFO_sk_type(sk), (idx), ossl_check_POLICYQUALINFO_type(ptr))) +#define sk_POLICYQUALINFO_find(sk, ptr) OPENSSL_sk_find(ossl_check_POLICYQUALINFO_sk_type(sk), ossl_check_POLICYQUALINFO_type(ptr)) +#define sk_POLICYQUALINFO_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_POLICYQUALINFO_sk_type(sk), ossl_check_POLICYQUALINFO_type(ptr)) +#define sk_POLICYQUALINFO_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_POLICYQUALINFO_sk_type(sk), ossl_check_POLICYQUALINFO_type(ptr), pnum) +#define sk_POLICYQUALINFO_sort(sk) OPENSSL_sk_sort(ossl_check_POLICYQUALINFO_sk_type(sk)) +#define sk_POLICYQUALINFO_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_POLICYQUALINFO_sk_type(sk)) +#define sk_POLICYQUALINFO_dup(sk) ((STACK_OF(POLICYQUALINFO) *)OPENSSL_sk_dup(ossl_check_const_POLICYQUALINFO_sk_type(sk))) +#define sk_POLICYQUALINFO_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(POLICYQUALINFO) *)OPENSSL_sk_deep_copy(ossl_check_const_POLICYQUALINFO_sk_type(sk), ossl_check_POLICYQUALINFO_copyfunc_type(copyfunc), ossl_check_POLICYQUALINFO_freefunc_type(freefunc))) +#define sk_POLICYQUALINFO_set_cmp_func(sk, cmp) ((sk_POLICYQUALINFO_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_POLICYQUALINFO_sk_type(sk), ossl_check_POLICYQUALINFO_compfunc_type(cmp))) + + + +typedef struct POLICYINFO_st { + ASN1_OBJECT *policyid; + STACK_OF(POLICYQUALINFO) *qualifiers; +} POLICYINFO; + +SKM_DEFINE_STACK_OF_INTERNAL(POLICYINFO, POLICYINFO, POLICYINFO) +#define sk_POLICYINFO_num(sk) OPENSSL_sk_num(ossl_check_const_POLICYINFO_sk_type(sk)) +#define sk_POLICYINFO_value(sk, idx) ((POLICYINFO *)OPENSSL_sk_value(ossl_check_const_POLICYINFO_sk_type(sk), (idx))) +#define sk_POLICYINFO_new(cmp) ((STACK_OF(POLICYINFO) *)OPENSSL_sk_new(ossl_check_POLICYINFO_compfunc_type(cmp))) +#define sk_POLICYINFO_new_null() ((STACK_OF(POLICYINFO) *)OPENSSL_sk_new_null()) +#define sk_POLICYINFO_new_reserve(cmp, n) ((STACK_OF(POLICYINFO) *)OPENSSL_sk_new_reserve(ossl_check_POLICYINFO_compfunc_type(cmp), (n))) +#define sk_POLICYINFO_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_POLICYINFO_sk_type(sk), (n)) +#define sk_POLICYINFO_free(sk) OPENSSL_sk_free(ossl_check_POLICYINFO_sk_type(sk)) +#define sk_POLICYINFO_zero(sk) OPENSSL_sk_zero(ossl_check_POLICYINFO_sk_type(sk)) +#define sk_POLICYINFO_delete(sk, i) ((POLICYINFO *)OPENSSL_sk_delete(ossl_check_POLICYINFO_sk_type(sk), (i))) +#define sk_POLICYINFO_delete_ptr(sk, ptr) ((POLICYINFO *)OPENSSL_sk_delete_ptr(ossl_check_POLICYINFO_sk_type(sk), ossl_check_POLICYINFO_type(ptr))) +#define sk_POLICYINFO_push(sk, ptr) OPENSSL_sk_push(ossl_check_POLICYINFO_sk_type(sk), ossl_check_POLICYINFO_type(ptr)) +#define sk_POLICYINFO_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_POLICYINFO_sk_type(sk), ossl_check_POLICYINFO_type(ptr)) +#define sk_POLICYINFO_pop(sk) ((POLICYINFO *)OPENSSL_sk_pop(ossl_check_POLICYINFO_sk_type(sk))) +#define sk_POLICYINFO_shift(sk) ((POLICYINFO *)OPENSSL_sk_shift(ossl_check_POLICYINFO_sk_type(sk))) +#define sk_POLICYINFO_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_POLICYINFO_sk_type(sk),ossl_check_POLICYINFO_freefunc_type(freefunc)) +#define sk_POLICYINFO_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_POLICYINFO_sk_type(sk), ossl_check_POLICYINFO_type(ptr), (idx)) +#define sk_POLICYINFO_set(sk, idx, ptr) ((POLICYINFO *)OPENSSL_sk_set(ossl_check_POLICYINFO_sk_type(sk), (idx), ossl_check_POLICYINFO_type(ptr))) +#define sk_POLICYINFO_find(sk, ptr) OPENSSL_sk_find(ossl_check_POLICYINFO_sk_type(sk), ossl_check_POLICYINFO_type(ptr)) +#define sk_POLICYINFO_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_POLICYINFO_sk_type(sk), ossl_check_POLICYINFO_type(ptr)) +#define sk_POLICYINFO_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_POLICYINFO_sk_type(sk), ossl_check_POLICYINFO_type(ptr), pnum) +#define sk_POLICYINFO_sort(sk) OPENSSL_sk_sort(ossl_check_POLICYINFO_sk_type(sk)) +#define sk_POLICYINFO_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_POLICYINFO_sk_type(sk)) +#define sk_POLICYINFO_dup(sk) ((STACK_OF(POLICYINFO) *)OPENSSL_sk_dup(ossl_check_const_POLICYINFO_sk_type(sk))) +#define sk_POLICYINFO_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(POLICYINFO) *)OPENSSL_sk_deep_copy(ossl_check_const_POLICYINFO_sk_type(sk), ossl_check_POLICYINFO_copyfunc_type(copyfunc), ossl_check_POLICYINFO_freefunc_type(freefunc))) +#define sk_POLICYINFO_set_cmp_func(sk, cmp) ((sk_POLICYINFO_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_POLICYINFO_sk_type(sk), ossl_check_POLICYINFO_compfunc_type(cmp))) + + +typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; + +typedef struct POLICY_MAPPING_st { + ASN1_OBJECT *issuerDomainPolicy; + ASN1_OBJECT *subjectDomainPolicy; +} POLICY_MAPPING; + +SKM_DEFINE_STACK_OF_INTERNAL(POLICY_MAPPING, POLICY_MAPPING, POLICY_MAPPING) +#define sk_POLICY_MAPPING_num(sk) OPENSSL_sk_num(ossl_check_const_POLICY_MAPPING_sk_type(sk)) +#define sk_POLICY_MAPPING_value(sk, idx) ((POLICY_MAPPING *)OPENSSL_sk_value(ossl_check_const_POLICY_MAPPING_sk_type(sk), (idx))) +#define sk_POLICY_MAPPING_new(cmp) ((STACK_OF(POLICY_MAPPING) *)OPENSSL_sk_new(ossl_check_POLICY_MAPPING_compfunc_type(cmp))) +#define sk_POLICY_MAPPING_new_null() ((STACK_OF(POLICY_MAPPING) *)OPENSSL_sk_new_null()) +#define sk_POLICY_MAPPING_new_reserve(cmp, n) ((STACK_OF(POLICY_MAPPING) *)OPENSSL_sk_new_reserve(ossl_check_POLICY_MAPPING_compfunc_type(cmp), (n))) +#define sk_POLICY_MAPPING_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_POLICY_MAPPING_sk_type(sk), (n)) +#define sk_POLICY_MAPPING_free(sk) OPENSSL_sk_free(ossl_check_POLICY_MAPPING_sk_type(sk)) +#define sk_POLICY_MAPPING_zero(sk) OPENSSL_sk_zero(ossl_check_POLICY_MAPPING_sk_type(sk)) +#define sk_POLICY_MAPPING_delete(sk, i) ((POLICY_MAPPING *)OPENSSL_sk_delete(ossl_check_POLICY_MAPPING_sk_type(sk), (i))) +#define sk_POLICY_MAPPING_delete_ptr(sk, ptr) ((POLICY_MAPPING *)OPENSSL_sk_delete_ptr(ossl_check_POLICY_MAPPING_sk_type(sk), ossl_check_POLICY_MAPPING_type(ptr))) +#define sk_POLICY_MAPPING_push(sk, ptr) OPENSSL_sk_push(ossl_check_POLICY_MAPPING_sk_type(sk), ossl_check_POLICY_MAPPING_type(ptr)) +#define sk_POLICY_MAPPING_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_POLICY_MAPPING_sk_type(sk), ossl_check_POLICY_MAPPING_type(ptr)) +#define sk_POLICY_MAPPING_pop(sk) ((POLICY_MAPPING *)OPENSSL_sk_pop(ossl_check_POLICY_MAPPING_sk_type(sk))) +#define sk_POLICY_MAPPING_shift(sk) ((POLICY_MAPPING *)OPENSSL_sk_shift(ossl_check_POLICY_MAPPING_sk_type(sk))) +#define sk_POLICY_MAPPING_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_POLICY_MAPPING_sk_type(sk),ossl_check_POLICY_MAPPING_freefunc_type(freefunc)) +#define sk_POLICY_MAPPING_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_POLICY_MAPPING_sk_type(sk), ossl_check_POLICY_MAPPING_type(ptr), (idx)) +#define sk_POLICY_MAPPING_set(sk, idx, ptr) ((POLICY_MAPPING *)OPENSSL_sk_set(ossl_check_POLICY_MAPPING_sk_type(sk), (idx), ossl_check_POLICY_MAPPING_type(ptr))) +#define sk_POLICY_MAPPING_find(sk, ptr) OPENSSL_sk_find(ossl_check_POLICY_MAPPING_sk_type(sk), ossl_check_POLICY_MAPPING_type(ptr)) +#define sk_POLICY_MAPPING_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_POLICY_MAPPING_sk_type(sk), ossl_check_POLICY_MAPPING_type(ptr)) +#define sk_POLICY_MAPPING_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_POLICY_MAPPING_sk_type(sk), ossl_check_POLICY_MAPPING_type(ptr), pnum) +#define sk_POLICY_MAPPING_sort(sk) OPENSSL_sk_sort(ossl_check_POLICY_MAPPING_sk_type(sk)) +#define sk_POLICY_MAPPING_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_POLICY_MAPPING_sk_type(sk)) +#define sk_POLICY_MAPPING_dup(sk) ((STACK_OF(POLICY_MAPPING) *)OPENSSL_sk_dup(ossl_check_const_POLICY_MAPPING_sk_type(sk))) +#define sk_POLICY_MAPPING_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(POLICY_MAPPING) *)OPENSSL_sk_deep_copy(ossl_check_const_POLICY_MAPPING_sk_type(sk), ossl_check_POLICY_MAPPING_copyfunc_type(copyfunc), ossl_check_POLICY_MAPPING_freefunc_type(freefunc))) +#define sk_POLICY_MAPPING_set_cmp_func(sk, cmp) ((sk_POLICY_MAPPING_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_POLICY_MAPPING_sk_type(sk), ossl_check_POLICY_MAPPING_compfunc_type(cmp))) + + +typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; + +typedef struct GENERAL_SUBTREE_st { + GENERAL_NAME *base; + ASN1_INTEGER *minimum; + ASN1_INTEGER *maximum; +} GENERAL_SUBTREE; + +SKM_DEFINE_STACK_OF_INTERNAL(GENERAL_SUBTREE, GENERAL_SUBTREE, GENERAL_SUBTREE) +#define sk_GENERAL_SUBTREE_num(sk) OPENSSL_sk_num(ossl_check_const_GENERAL_SUBTREE_sk_type(sk)) +#define sk_GENERAL_SUBTREE_value(sk, idx) ((GENERAL_SUBTREE *)OPENSSL_sk_value(ossl_check_const_GENERAL_SUBTREE_sk_type(sk), (idx))) +#define sk_GENERAL_SUBTREE_new(cmp) ((STACK_OF(GENERAL_SUBTREE) *)OPENSSL_sk_new(ossl_check_GENERAL_SUBTREE_compfunc_type(cmp))) +#define sk_GENERAL_SUBTREE_new_null() ((STACK_OF(GENERAL_SUBTREE) *)OPENSSL_sk_new_null()) +#define sk_GENERAL_SUBTREE_new_reserve(cmp, n) ((STACK_OF(GENERAL_SUBTREE) *)OPENSSL_sk_new_reserve(ossl_check_GENERAL_SUBTREE_compfunc_type(cmp), (n))) +#define sk_GENERAL_SUBTREE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_GENERAL_SUBTREE_sk_type(sk), (n)) +#define sk_GENERAL_SUBTREE_free(sk) OPENSSL_sk_free(ossl_check_GENERAL_SUBTREE_sk_type(sk)) +#define sk_GENERAL_SUBTREE_zero(sk) OPENSSL_sk_zero(ossl_check_GENERAL_SUBTREE_sk_type(sk)) +#define sk_GENERAL_SUBTREE_delete(sk, i) ((GENERAL_SUBTREE *)OPENSSL_sk_delete(ossl_check_GENERAL_SUBTREE_sk_type(sk), (i))) +#define sk_GENERAL_SUBTREE_delete_ptr(sk, ptr) ((GENERAL_SUBTREE *)OPENSSL_sk_delete_ptr(ossl_check_GENERAL_SUBTREE_sk_type(sk), ossl_check_GENERAL_SUBTREE_type(ptr))) +#define sk_GENERAL_SUBTREE_push(sk, ptr) OPENSSL_sk_push(ossl_check_GENERAL_SUBTREE_sk_type(sk), ossl_check_GENERAL_SUBTREE_type(ptr)) +#define sk_GENERAL_SUBTREE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_GENERAL_SUBTREE_sk_type(sk), ossl_check_GENERAL_SUBTREE_type(ptr)) +#define sk_GENERAL_SUBTREE_pop(sk) ((GENERAL_SUBTREE *)OPENSSL_sk_pop(ossl_check_GENERAL_SUBTREE_sk_type(sk))) +#define sk_GENERAL_SUBTREE_shift(sk) ((GENERAL_SUBTREE *)OPENSSL_sk_shift(ossl_check_GENERAL_SUBTREE_sk_type(sk))) +#define sk_GENERAL_SUBTREE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_GENERAL_SUBTREE_sk_type(sk),ossl_check_GENERAL_SUBTREE_freefunc_type(freefunc)) +#define sk_GENERAL_SUBTREE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_GENERAL_SUBTREE_sk_type(sk), ossl_check_GENERAL_SUBTREE_type(ptr), (idx)) +#define sk_GENERAL_SUBTREE_set(sk, idx, ptr) ((GENERAL_SUBTREE *)OPENSSL_sk_set(ossl_check_GENERAL_SUBTREE_sk_type(sk), (idx), ossl_check_GENERAL_SUBTREE_type(ptr))) +#define sk_GENERAL_SUBTREE_find(sk, ptr) OPENSSL_sk_find(ossl_check_GENERAL_SUBTREE_sk_type(sk), ossl_check_GENERAL_SUBTREE_type(ptr)) +#define sk_GENERAL_SUBTREE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_GENERAL_SUBTREE_sk_type(sk), ossl_check_GENERAL_SUBTREE_type(ptr)) +#define sk_GENERAL_SUBTREE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_GENERAL_SUBTREE_sk_type(sk), ossl_check_GENERAL_SUBTREE_type(ptr), pnum) +#define sk_GENERAL_SUBTREE_sort(sk) OPENSSL_sk_sort(ossl_check_GENERAL_SUBTREE_sk_type(sk)) +#define sk_GENERAL_SUBTREE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_GENERAL_SUBTREE_sk_type(sk)) +#define sk_GENERAL_SUBTREE_dup(sk) ((STACK_OF(GENERAL_SUBTREE) *)OPENSSL_sk_dup(ossl_check_const_GENERAL_SUBTREE_sk_type(sk))) +#define sk_GENERAL_SUBTREE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(GENERAL_SUBTREE) *)OPENSSL_sk_deep_copy(ossl_check_const_GENERAL_SUBTREE_sk_type(sk), ossl_check_GENERAL_SUBTREE_copyfunc_type(copyfunc), ossl_check_GENERAL_SUBTREE_freefunc_type(freefunc))) +#define sk_GENERAL_SUBTREE_set_cmp_func(sk, cmp) ((sk_GENERAL_SUBTREE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_GENERAL_SUBTREE_sk_type(sk), ossl_check_GENERAL_SUBTREE_compfunc_type(cmp))) + + +struct NAME_CONSTRAINTS_st { + STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; + STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; +}; + +typedef struct POLICY_CONSTRAINTS_st { + ASN1_INTEGER *requireExplicitPolicy; + ASN1_INTEGER *inhibitPolicyMapping; +} POLICY_CONSTRAINTS; + +/* Proxy certificate structures, see RFC 3820 */ +typedef struct PROXY_POLICY_st { + ASN1_OBJECT *policyLanguage; + ASN1_OCTET_STRING *policy; +} PROXY_POLICY; + +typedef struct PROXY_CERT_INFO_EXTENSION_st { + ASN1_INTEGER *pcPathLengthConstraint; + PROXY_POLICY *proxyPolicy; +} PROXY_CERT_INFO_EXTENSION; + +DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) +DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) + +struct ISSUING_DIST_POINT_st { + DIST_POINT_NAME *distpoint; + int onlyuser; + int onlyCA; + ASN1_BIT_STRING *onlysomereasons; + int indirectCRL; + int onlyattr; +}; + +/* Values in idp_flags field */ +/* IDP present */ +# define IDP_PRESENT 0x1 +/* IDP values inconsistent */ +# define IDP_INVALID 0x2 +/* onlyuser true */ +# define IDP_ONLYUSER 0x4 +/* onlyCA true */ +# define IDP_ONLYCA 0x8 +/* onlyattr true */ +# define IDP_ONLYATTR 0x10 +/* indirectCRL true */ +# define IDP_INDIRECT 0x20 +/* onlysomereasons present */ +# define IDP_REASONS 0x40 + +# define X509V3_conf_err(val) ERR_add_error_data(6, \ + "section:", (val)->section, \ + ",name:", (val)->name, ",value:", (val)->value) + +# define X509V3_set_ctx_test(ctx) \ + X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, X509V3_CTX_TEST) +# define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; + +# define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ + 0,0,0,0, \ + 0,0, \ + (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ + (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ + NULL, NULL, \ + table} + +# define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ + 0,0,0,0, \ + (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ + (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ + 0,0,0,0, \ + NULL} + +#define EXT_UTF8STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_UTF8STRING), \ + 0,0,0,0, \ + (X509V3_EXT_I2S)i2s_ASN1_UTF8STRING, \ + (X509V3_EXT_S2I)s2i_ASN1_UTF8STRING, \ + 0,0,0,0, \ + NULL} + +# define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} + +/* X509_PURPOSE stuff */ + +# define EXFLAG_BCONS 0x1 +# define EXFLAG_KUSAGE 0x2 +# define EXFLAG_XKUSAGE 0x4 +# define EXFLAG_NSCERT 0x8 + +# define EXFLAG_CA 0x10 +# define EXFLAG_SI 0x20 /* self-issued, maybe not self-signed */ +# define EXFLAG_V1 0x40 +# define EXFLAG_INVALID 0x80 +/* EXFLAG_SET is set to indicate that some values have been precomputed */ +# define EXFLAG_SET 0x100 +# define EXFLAG_CRITICAL 0x200 +# define EXFLAG_PROXY 0x400 + +# define EXFLAG_INVALID_POLICY 0x800 +# define EXFLAG_FRESHEST 0x1000 +# define EXFLAG_SS 0x2000 /* cert is apparently self-signed */ + +# define EXFLAG_BCONS_CRITICAL 0x10000 +# define EXFLAG_AKID_CRITICAL 0x20000 +# define EXFLAG_SKID_CRITICAL 0x40000 +# define EXFLAG_SAN_CRITICAL 0x80000 +# define EXFLAG_NO_FINGERPRINT 0x100000 + +/* https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3 */ +# define KU_DIGITAL_SIGNATURE X509v3_KU_DIGITAL_SIGNATURE +# define KU_NON_REPUDIATION X509v3_KU_NON_REPUDIATION +# define KU_KEY_ENCIPHERMENT X509v3_KU_KEY_ENCIPHERMENT +# define KU_DATA_ENCIPHERMENT X509v3_KU_DATA_ENCIPHERMENT +# define KU_KEY_AGREEMENT X509v3_KU_KEY_AGREEMENT +# define KU_KEY_CERT_SIGN X509v3_KU_KEY_CERT_SIGN +# define KU_CRL_SIGN X509v3_KU_CRL_SIGN +# define KU_ENCIPHER_ONLY X509v3_KU_ENCIPHER_ONLY +# define KU_DECIPHER_ONLY X509v3_KU_DECIPHER_ONLY + +# define NS_SSL_CLIENT 0x80 +# define NS_SSL_SERVER 0x40 +# define NS_SMIME 0x20 +# define NS_OBJSIGN 0x10 +# define NS_SSL_CA 0x04 +# define NS_SMIME_CA 0x02 +# define NS_OBJSIGN_CA 0x01 +# define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) + +# define XKU_SSL_SERVER 0x1 +# define XKU_SSL_CLIENT 0x2 +# define XKU_SMIME 0x4 +# define XKU_CODE_SIGN 0x8 +# define XKU_SGC 0x10 /* Netscape or MS Server-Gated Crypto */ +# define XKU_OCSP_SIGN 0x20 +# define XKU_TIMESTAMP 0x40 +# define XKU_DVCS 0x80 +# define XKU_ANYEKU 0x100 + +# define X509_PURPOSE_DYNAMIC 0x1 +# define X509_PURPOSE_DYNAMIC_NAME 0x2 + +typedef struct x509_purpose_st { + int purpose; + int trust; /* Default trust ID */ + int flags; + int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int); + char *name; + char *sname; + void *usr_data; +} X509_PURPOSE; + +SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE) +#define sk_X509_PURPOSE_num(sk) OPENSSL_sk_num(ossl_check_const_X509_PURPOSE_sk_type(sk)) +#define sk_X509_PURPOSE_value(sk, idx) ((X509_PURPOSE *)OPENSSL_sk_value(ossl_check_const_X509_PURPOSE_sk_type(sk), (idx))) +#define sk_X509_PURPOSE_new(cmp) ((STACK_OF(X509_PURPOSE) *)OPENSSL_sk_new(ossl_check_X509_PURPOSE_compfunc_type(cmp))) +#define sk_X509_PURPOSE_new_null() ((STACK_OF(X509_PURPOSE) *)OPENSSL_sk_new_null()) +#define sk_X509_PURPOSE_new_reserve(cmp, n) ((STACK_OF(X509_PURPOSE) *)OPENSSL_sk_new_reserve(ossl_check_X509_PURPOSE_compfunc_type(cmp), (n))) +#define sk_X509_PURPOSE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_X509_PURPOSE_sk_type(sk), (n)) +#define sk_X509_PURPOSE_free(sk) OPENSSL_sk_free(ossl_check_X509_PURPOSE_sk_type(sk)) +#define sk_X509_PURPOSE_zero(sk) OPENSSL_sk_zero(ossl_check_X509_PURPOSE_sk_type(sk)) +#define sk_X509_PURPOSE_delete(sk, i) ((X509_PURPOSE *)OPENSSL_sk_delete(ossl_check_X509_PURPOSE_sk_type(sk), (i))) +#define sk_X509_PURPOSE_delete_ptr(sk, ptr) ((X509_PURPOSE *)OPENSSL_sk_delete_ptr(ossl_check_X509_PURPOSE_sk_type(sk), ossl_check_X509_PURPOSE_type(ptr))) +#define sk_X509_PURPOSE_push(sk, ptr) OPENSSL_sk_push(ossl_check_X509_PURPOSE_sk_type(sk), ossl_check_X509_PURPOSE_type(ptr)) +#define sk_X509_PURPOSE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_X509_PURPOSE_sk_type(sk), ossl_check_X509_PURPOSE_type(ptr)) +#define sk_X509_PURPOSE_pop(sk) ((X509_PURPOSE *)OPENSSL_sk_pop(ossl_check_X509_PURPOSE_sk_type(sk))) +#define sk_X509_PURPOSE_shift(sk) ((X509_PURPOSE *)OPENSSL_sk_shift(ossl_check_X509_PURPOSE_sk_type(sk))) +#define sk_X509_PURPOSE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_X509_PURPOSE_sk_type(sk),ossl_check_X509_PURPOSE_freefunc_type(freefunc)) +#define sk_X509_PURPOSE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_X509_PURPOSE_sk_type(sk), ossl_check_X509_PURPOSE_type(ptr), (idx)) +#define sk_X509_PURPOSE_set(sk, idx, ptr) ((X509_PURPOSE *)OPENSSL_sk_set(ossl_check_X509_PURPOSE_sk_type(sk), (idx), ossl_check_X509_PURPOSE_type(ptr))) +#define sk_X509_PURPOSE_find(sk, ptr) OPENSSL_sk_find(ossl_check_X509_PURPOSE_sk_type(sk), ossl_check_X509_PURPOSE_type(ptr)) +#define sk_X509_PURPOSE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_X509_PURPOSE_sk_type(sk), ossl_check_X509_PURPOSE_type(ptr)) +#define sk_X509_PURPOSE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_X509_PURPOSE_sk_type(sk), ossl_check_X509_PURPOSE_type(ptr), pnum) +#define sk_X509_PURPOSE_sort(sk) OPENSSL_sk_sort(ossl_check_X509_PURPOSE_sk_type(sk)) +#define sk_X509_PURPOSE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_X509_PURPOSE_sk_type(sk)) +#define sk_X509_PURPOSE_dup(sk) ((STACK_OF(X509_PURPOSE) *)OPENSSL_sk_dup(ossl_check_const_X509_PURPOSE_sk_type(sk))) +#define sk_X509_PURPOSE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_PURPOSE) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_PURPOSE_sk_type(sk), ossl_check_X509_PURPOSE_copyfunc_type(copyfunc), ossl_check_X509_PURPOSE_freefunc_type(freefunc))) +#define sk_X509_PURPOSE_set_cmp_func(sk, cmp) ((sk_X509_PURPOSE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_PURPOSE_sk_type(sk), ossl_check_X509_PURPOSE_compfunc_type(cmp))) + + +# define X509_PURPOSE_DEFAULT_ANY 0 +# define X509_PURPOSE_SSL_CLIENT 1 +# define X509_PURPOSE_SSL_SERVER 2 +# define X509_PURPOSE_NS_SSL_SERVER 3 +# define X509_PURPOSE_SMIME_SIGN 4 +# define X509_PURPOSE_SMIME_ENCRYPT 5 +# define X509_PURPOSE_CRL_SIGN 6 +# define X509_PURPOSE_ANY 7 +# define X509_PURPOSE_OCSP_HELPER 8 +# define X509_PURPOSE_TIMESTAMP_SIGN 9 +# define X509_PURPOSE_CODE_SIGN 10 + +# define X509_PURPOSE_MIN 1 +# define X509_PURPOSE_MAX 10 + +/* Flags for X509V3_EXT_print() */ + +# define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) +/* Return error for unknown extensions */ +# define X509V3_EXT_DEFAULT 0 +/* Print error for unknown extensions */ +# define X509V3_EXT_ERROR_UNKNOWN (1L << 16) +/* ASN1 parse unknown extensions */ +# define X509V3_EXT_PARSE_UNKNOWN (2L << 16) +/* BIO_dump unknown extensions */ +# define X509V3_EXT_DUMP_UNKNOWN (3L << 16) + +/* Flags for X509V3_add1_i2d */ + +# define X509V3_ADD_OP_MASK 0xfL +# define X509V3_ADD_DEFAULT 0L +# define X509V3_ADD_APPEND 1L +# define X509V3_ADD_REPLACE 2L +# define X509V3_ADD_REPLACE_EXISTING 3L +# define X509V3_ADD_KEEP_EXISTING 4L +# define X509V3_ADD_DELETE 5L +# define X509V3_ADD_SILENT 0x10 + +DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) +DECLARE_ASN1_FUNCTIONS(OSSL_BASIC_ATTR_CONSTRAINTS) + +DECLARE_ASN1_FUNCTIONS(SXNET) +DECLARE_ASN1_FUNCTIONS(SXNETID) + +DECLARE_ASN1_FUNCTIONS(ISSUER_SIGN_TOOL) + +int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen); +int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, + int userlen); +int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user, + int userlen); + +ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone); +ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); +ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); + +DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) + +DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) + +DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) +DECLARE_ASN1_DUP_FUNCTION(GENERAL_NAME) +int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); + +ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); +STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + ASN1_BIT_STRING *bits, + STACK_OF(CONF_VALUE) *extlist); +char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); +ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str); +char *i2s_ASN1_UTF8STRING(X509V3_EXT_METHOD *method, ASN1_UTF8STRING *utf8); +ASN1_UTF8STRING *s2i_ASN1_UTF8STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str); + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, + GENERAL_NAME *gen, + STACK_OF(CONF_VALUE) *ret); +int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); + +DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, + GENERAL_NAMES *gen, + STACK_OF(CONF_VALUE) *extlist); +GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + +DECLARE_ASN1_FUNCTIONS(OTHERNAME) +DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) +int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); +void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); +void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype); +int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, + ASN1_OBJECT *oid, ASN1_TYPE *value); +int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, + ASN1_OBJECT **poid, ASN1_TYPE **pvalue); + +char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + const ASN1_OCTET_STRING *ia5); +ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str); + +DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) +int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a); + +DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) + +DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) +DECLARE_ASN1_FUNCTIONS(POLICYINFO) +DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO) +DECLARE_ASN1_FUNCTIONS(USERNOTICE) +DECLARE_ASN1_FUNCTIONS(NOTICEREF) + +DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS) +DECLARE_ASN1_FUNCTIONS(DIST_POINT) +DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) +DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT) + +int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, const X509_NAME *iname); + +int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); +int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc); + +DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) +DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) + +DECLARE_ASN1_ITEM(POLICY_MAPPING) +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) +DECLARE_ASN1_ITEM(POLICY_MAPPINGS) + +DECLARE_ASN1_ITEM(GENERAL_SUBTREE) +DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) + +DECLARE_ASN1_ITEM(NAME_CONSTRAINTS) +DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) +DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) + +GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, int gen_type, + const char *value, int is_nc); + +# ifdef OPENSSL_CONF_H +GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, + int is_nc); + +void X509V3_conf_free(CONF_VALUE *val); + +X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, + const char *value); +X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, + const char *value); +int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, + STACK_OF(X509_EXTENSION) **sk); +int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509 *cert); +int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_REQ *req); +int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_CRL *crl); + +X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, + X509V3_CTX *ctx, int ext_nid, + const char *value); +X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *name, const char *value); +int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509 *cert); +int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509_REQ *req); +int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509_CRL *crl); + +int X509V3_add_value_bool_nf(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool); +int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); +void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); +void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); +# endif + +char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section); +STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section); +void X509V3_string_free(X509V3_CTX *ctx, char *str); +void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); +void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, + X509_REQ *req, X509_CRL *crl, int flags); +/* For API backward compatibility, this is separate from X509V3_set_ctx(): */ +int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey); + +int X509V3_add_value(const char *name, const char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_uchar(const char *name, const unsigned char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_bool(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, + STACK_OF(CONF_VALUE) **extlist); +char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint); +ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value); +char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); +char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, + const ASN1_ENUMERATED *aint); +int X509V3_EXT_add(X509V3_EXT_METHOD *ext); +int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); +int X509V3_EXT_add_alias(int nid_to, int nid_from); +void X509V3_EXT_cleanup(void); + +const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); +const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); +int X509V3_add_standard_extensions(void); +STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); +void *X509V3_EXT_d2i(X509_EXTENSION *ext); +void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, + int *idx); + +X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); +int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, + int crit, unsigned long flags); + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +/* The new declarations are in crypto.h, but the old ones were here. */ +# define hex_to_string OPENSSL_buf2hexstr +# define string_to_hex OPENSSL_hexstr2buf +#endif + +void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, + int ml); +int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, + int indent); +#ifndef OPENSSL_NO_STDIO +int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); +#endif +int X509V3_extensions_print(BIO *out, const char *title, + const STACK_OF(X509_EXTENSION) *exts, + unsigned long flag, int indent); + +int X509_check_ca(X509 *x); +int X509_check_purpose(X509 *x, int id, int ca); +int X509_supported_extension(X509_EXTENSION *ex); +int X509_check_issued(X509 *issuer, X509 *subject); +int X509_check_akid(const X509 *issuer, const AUTHORITY_KEYID *akid); +void X509_set_proxy_flag(X509 *x); +void X509_set_proxy_pathlen(X509 *x, long l); +long X509_get_proxy_pathlen(X509 *x); + +uint32_t X509_get_extension_flags(X509 *x); +uint32_t X509_get_key_usage(X509 *x); +uint32_t X509_get_extended_key_usage(X509 *x); +const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); +const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); +const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); +const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); + +int X509_PURPOSE_get_count(void); +int X509_PURPOSE_get_unused_id(OSSL_LIB_CTX *libctx); +int X509_PURPOSE_get_by_sname(const char *sname); +int X509_PURPOSE_get_by_id(int id); +int X509_PURPOSE_add(int id, int trust, int flags, + int (*ck) (const X509_PURPOSE *, const X509 *, int), + const char *name, const char *sname, void *arg); +void X509_PURPOSE_cleanup(void); + +X509_PURPOSE *X509_PURPOSE_get0(int idx); +int X509_PURPOSE_get_id(const X509_PURPOSE *); +char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); +char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); +int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); +int X509_PURPOSE_set(int *p, int purpose); + +STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); +STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); +void X509_email_free(STACK_OF(OPENSSL_STRING) *sk); +STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); + +/* Flags for X509_check_* functions */ + +/* + * Always check subject name for host match even if subject alt names present + */ +# define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 +/* Disable wildcard matching for dnsName fields and common name. */ +# define X509_CHECK_FLAG_NO_WILDCARDS 0x2 +/* Wildcards must not match a partial label. */ +# define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4 +/* Allow (non-partial) wildcards to match multiple labels. */ +# define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 +/* Constraint verifier subdomain patterns to match a single labels. */ +# define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 +/* Never check the subject CN */ +# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20 +/* + * Match reference identifiers starting with "." to any sub-domain. + * This is a non-public flag, turned on implicitly when the subject + * reference identity is a DNS name. + */ +# define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 + +int X509_check_host(X509 *x, const char *chk, size_t chklen, + unsigned int flags, char **peername); +int X509_check_email(X509 *x, const char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags); + +ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); +ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); +int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, + unsigned long chtype); + +void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); +SKM_DEFINE_STACK_OF_INTERNAL(X509_POLICY_NODE, X509_POLICY_NODE, X509_POLICY_NODE) +#define sk_X509_POLICY_NODE_num(sk) OPENSSL_sk_num(ossl_check_const_X509_POLICY_NODE_sk_type(sk)) +#define sk_X509_POLICY_NODE_value(sk, idx) ((X509_POLICY_NODE *)OPENSSL_sk_value(ossl_check_const_X509_POLICY_NODE_sk_type(sk), (idx))) +#define sk_X509_POLICY_NODE_new(cmp) ((STACK_OF(X509_POLICY_NODE) *)OPENSSL_sk_new(ossl_check_X509_POLICY_NODE_compfunc_type(cmp))) +#define sk_X509_POLICY_NODE_new_null() ((STACK_OF(X509_POLICY_NODE) *)OPENSSL_sk_new_null()) +#define sk_X509_POLICY_NODE_new_reserve(cmp, n) ((STACK_OF(X509_POLICY_NODE) *)OPENSSL_sk_new_reserve(ossl_check_X509_POLICY_NODE_compfunc_type(cmp), (n))) +#define sk_X509_POLICY_NODE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_X509_POLICY_NODE_sk_type(sk), (n)) +#define sk_X509_POLICY_NODE_free(sk) OPENSSL_sk_free(ossl_check_X509_POLICY_NODE_sk_type(sk)) +#define sk_X509_POLICY_NODE_zero(sk) OPENSSL_sk_zero(ossl_check_X509_POLICY_NODE_sk_type(sk)) +#define sk_X509_POLICY_NODE_delete(sk, i) ((X509_POLICY_NODE *)OPENSSL_sk_delete(ossl_check_X509_POLICY_NODE_sk_type(sk), (i))) +#define sk_X509_POLICY_NODE_delete_ptr(sk, ptr) ((X509_POLICY_NODE *)OPENSSL_sk_delete_ptr(ossl_check_X509_POLICY_NODE_sk_type(sk), ossl_check_X509_POLICY_NODE_type(ptr))) +#define sk_X509_POLICY_NODE_push(sk, ptr) OPENSSL_sk_push(ossl_check_X509_POLICY_NODE_sk_type(sk), ossl_check_X509_POLICY_NODE_type(ptr)) +#define sk_X509_POLICY_NODE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_X509_POLICY_NODE_sk_type(sk), ossl_check_X509_POLICY_NODE_type(ptr)) +#define sk_X509_POLICY_NODE_pop(sk) ((X509_POLICY_NODE *)OPENSSL_sk_pop(ossl_check_X509_POLICY_NODE_sk_type(sk))) +#define sk_X509_POLICY_NODE_shift(sk) ((X509_POLICY_NODE *)OPENSSL_sk_shift(ossl_check_X509_POLICY_NODE_sk_type(sk))) +#define sk_X509_POLICY_NODE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_X509_POLICY_NODE_sk_type(sk),ossl_check_X509_POLICY_NODE_freefunc_type(freefunc)) +#define sk_X509_POLICY_NODE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_X509_POLICY_NODE_sk_type(sk), ossl_check_X509_POLICY_NODE_type(ptr), (idx)) +#define sk_X509_POLICY_NODE_set(sk, idx, ptr) ((X509_POLICY_NODE *)OPENSSL_sk_set(ossl_check_X509_POLICY_NODE_sk_type(sk), (idx), ossl_check_X509_POLICY_NODE_type(ptr))) +#define sk_X509_POLICY_NODE_find(sk, ptr) OPENSSL_sk_find(ossl_check_X509_POLICY_NODE_sk_type(sk), ossl_check_X509_POLICY_NODE_type(ptr)) +#define sk_X509_POLICY_NODE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_X509_POLICY_NODE_sk_type(sk), ossl_check_X509_POLICY_NODE_type(ptr)) +#define sk_X509_POLICY_NODE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_X509_POLICY_NODE_sk_type(sk), ossl_check_X509_POLICY_NODE_type(ptr), pnum) +#define sk_X509_POLICY_NODE_sort(sk) OPENSSL_sk_sort(ossl_check_X509_POLICY_NODE_sk_type(sk)) +#define sk_X509_POLICY_NODE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_X509_POLICY_NODE_sk_type(sk)) +#define sk_X509_POLICY_NODE_dup(sk) ((STACK_OF(X509_POLICY_NODE) *)OPENSSL_sk_dup(ossl_check_const_X509_POLICY_NODE_sk_type(sk))) +#define sk_X509_POLICY_NODE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_POLICY_NODE) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_POLICY_NODE_sk_type(sk), ossl_check_X509_POLICY_NODE_copyfunc_type(copyfunc), ossl_check_X509_POLICY_NODE_freefunc_type(freefunc))) +#define sk_X509_POLICY_NODE_set_cmp_func(sk, cmp) ((sk_X509_POLICY_NODE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_POLICY_NODE_sk_type(sk), ossl_check_X509_POLICY_NODE_compfunc_type(cmp))) + + + +#ifndef OPENSSL_NO_RFC3779 +typedef struct ASRange_st { + ASN1_INTEGER *min, *max; +} ASRange; + +# define ASIdOrRange_id 0 +# define ASIdOrRange_range 1 + +typedef struct ASIdOrRange_st { + int type; + union { + ASN1_INTEGER *id; + ASRange *range; + } u; +} ASIdOrRange; + +SKM_DEFINE_STACK_OF_INTERNAL(ASIdOrRange, ASIdOrRange, ASIdOrRange) +#define sk_ASIdOrRange_num(sk) OPENSSL_sk_num(ossl_check_const_ASIdOrRange_sk_type(sk)) +#define sk_ASIdOrRange_value(sk, idx) ((ASIdOrRange *)OPENSSL_sk_value(ossl_check_const_ASIdOrRange_sk_type(sk), (idx))) +#define sk_ASIdOrRange_new(cmp) ((STACK_OF(ASIdOrRange) *)OPENSSL_sk_new(ossl_check_ASIdOrRange_compfunc_type(cmp))) +#define sk_ASIdOrRange_new_null() ((STACK_OF(ASIdOrRange) *)OPENSSL_sk_new_null()) +#define sk_ASIdOrRange_new_reserve(cmp, n) ((STACK_OF(ASIdOrRange) *)OPENSSL_sk_new_reserve(ossl_check_ASIdOrRange_compfunc_type(cmp), (n))) +#define sk_ASIdOrRange_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ASIdOrRange_sk_type(sk), (n)) +#define sk_ASIdOrRange_free(sk) OPENSSL_sk_free(ossl_check_ASIdOrRange_sk_type(sk)) +#define sk_ASIdOrRange_zero(sk) OPENSSL_sk_zero(ossl_check_ASIdOrRange_sk_type(sk)) +#define sk_ASIdOrRange_delete(sk, i) ((ASIdOrRange *)OPENSSL_sk_delete(ossl_check_ASIdOrRange_sk_type(sk), (i))) +#define sk_ASIdOrRange_delete_ptr(sk, ptr) ((ASIdOrRange *)OPENSSL_sk_delete_ptr(ossl_check_ASIdOrRange_sk_type(sk), ossl_check_ASIdOrRange_type(ptr))) +#define sk_ASIdOrRange_push(sk, ptr) OPENSSL_sk_push(ossl_check_ASIdOrRange_sk_type(sk), ossl_check_ASIdOrRange_type(ptr)) +#define sk_ASIdOrRange_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ASIdOrRange_sk_type(sk), ossl_check_ASIdOrRange_type(ptr)) +#define sk_ASIdOrRange_pop(sk) ((ASIdOrRange *)OPENSSL_sk_pop(ossl_check_ASIdOrRange_sk_type(sk))) +#define sk_ASIdOrRange_shift(sk) ((ASIdOrRange *)OPENSSL_sk_shift(ossl_check_ASIdOrRange_sk_type(sk))) +#define sk_ASIdOrRange_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ASIdOrRange_sk_type(sk),ossl_check_ASIdOrRange_freefunc_type(freefunc)) +#define sk_ASIdOrRange_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ASIdOrRange_sk_type(sk), ossl_check_ASIdOrRange_type(ptr), (idx)) +#define sk_ASIdOrRange_set(sk, idx, ptr) ((ASIdOrRange *)OPENSSL_sk_set(ossl_check_ASIdOrRange_sk_type(sk), (idx), ossl_check_ASIdOrRange_type(ptr))) +#define sk_ASIdOrRange_find(sk, ptr) OPENSSL_sk_find(ossl_check_ASIdOrRange_sk_type(sk), ossl_check_ASIdOrRange_type(ptr)) +#define sk_ASIdOrRange_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ASIdOrRange_sk_type(sk), ossl_check_ASIdOrRange_type(ptr)) +#define sk_ASIdOrRange_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ASIdOrRange_sk_type(sk), ossl_check_ASIdOrRange_type(ptr), pnum) +#define sk_ASIdOrRange_sort(sk) OPENSSL_sk_sort(ossl_check_ASIdOrRange_sk_type(sk)) +#define sk_ASIdOrRange_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ASIdOrRange_sk_type(sk)) +#define sk_ASIdOrRange_dup(sk) ((STACK_OF(ASIdOrRange) *)OPENSSL_sk_dup(ossl_check_const_ASIdOrRange_sk_type(sk))) +#define sk_ASIdOrRange_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASIdOrRange) *)OPENSSL_sk_deep_copy(ossl_check_const_ASIdOrRange_sk_type(sk), ossl_check_ASIdOrRange_copyfunc_type(copyfunc), ossl_check_ASIdOrRange_freefunc_type(freefunc))) +#define sk_ASIdOrRange_set_cmp_func(sk, cmp) ((sk_ASIdOrRange_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASIdOrRange_sk_type(sk), ossl_check_ASIdOrRange_compfunc_type(cmp))) + + +typedef STACK_OF(ASIdOrRange) ASIdOrRanges; + +# define ASIdentifierChoice_inherit 0 +# define ASIdentifierChoice_asIdsOrRanges 1 + +typedef struct ASIdentifierChoice_st { + int type; + union { + ASN1_NULL *inherit; + ASIdOrRanges *asIdsOrRanges; + } u; +} ASIdentifierChoice; + +typedef struct ASIdentifiers_st { + ASIdentifierChoice *asnum, *rdi; +} ASIdentifiers; + +DECLARE_ASN1_FUNCTIONS(ASRange) +DECLARE_ASN1_FUNCTIONS(ASIdOrRange) +DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice) +DECLARE_ASN1_FUNCTIONS(ASIdentifiers) + +typedef struct IPAddressRange_st { + ASN1_BIT_STRING *min, *max; +} IPAddressRange; + +# define IPAddressOrRange_addressPrefix 0 +# define IPAddressOrRange_addressRange 1 + +typedef struct IPAddressOrRange_st { + int type; + union { + ASN1_BIT_STRING *addressPrefix; + IPAddressRange *addressRange; + } u; +} IPAddressOrRange; + +SKM_DEFINE_STACK_OF_INTERNAL(IPAddressOrRange, IPAddressOrRange, IPAddressOrRange) +#define sk_IPAddressOrRange_num(sk) OPENSSL_sk_num(ossl_check_const_IPAddressOrRange_sk_type(sk)) +#define sk_IPAddressOrRange_value(sk, idx) ((IPAddressOrRange *)OPENSSL_sk_value(ossl_check_const_IPAddressOrRange_sk_type(sk), (idx))) +#define sk_IPAddressOrRange_new(cmp) ((STACK_OF(IPAddressOrRange) *)OPENSSL_sk_new(ossl_check_IPAddressOrRange_compfunc_type(cmp))) +#define sk_IPAddressOrRange_new_null() ((STACK_OF(IPAddressOrRange) *)OPENSSL_sk_new_null()) +#define sk_IPAddressOrRange_new_reserve(cmp, n) ((STACK_OF(IPAddressOrRange) *)OPENSSL_sk_new_reserve(ossl_check_IPAddressOrRange_compfunc_type(cmp), (n))) +#define sk_IPAddressOrRange_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_IPAddressOrRange_sk_type(sk), (n)) +#define sk_IPAddressOrRange_free(sk) OPENSSL_sk_free(ossl_check_IPAddressOrRange_sk_type(sk)) +#define sk_IPAddressOrRange_zero(sk) OPENSSL_sk_zero(ossl_check_IPAddressOrRange_sk_type(sk)) +#define sk_IPAddressOrRange_delete(sk, i) ((IPAddressOrRange *)OPENSSL_sk_delete(ossl_check_IPAddressOrRange_sk_type(sk), (i))) +#define sk_IPAddressOrRange_delete_ptr(sk, ptr) ((IPAddressOrRange *)OPENSSL_sk_delete_ptr(ossl_check_IPAddressOrRange_sk_type(sk), ossl_check_IPAddressOrRange_type(ptr))) +#define sk_IPAddressOrRange_push(sk, ptr) OPENSSL_sk_push(ossl_check_IPAddressOrRange_sk_type(sk), ossl_check_IPAddressOrRange_type(ptr)) +#define sk_IPAddressOrRange_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_IPAddressOrRange_sk_type(sk), ossl_check_IPAddressOrRange_type(ptr)) +#define sk_IPAddressOrRange_pop(sk) ((IPAddressOrRange *)OPENSSL_sk_pop(ossl_check_IPAddressOrRange_sk_type(sk))) +#define sk_IPAddressOrRange_shift(sk) ((IPAddressOrRange *)OPENSSL_sk_shift(ossl_check_IPAddressOrRange_sk_type(sk))) +#define sk_IPAddressOrRange_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_IPAddressOrRange_sk_type(sk),ossl_check_IPAddressOrRange_freefunc_type(freefunc)) +#define sk_IPAddressOrRange_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_IPAddressOrRange_sk_type(sk), ossl_check_IPAddressOrRange_type(ptr), (idx)) +#define sk_IPAddressOrRange_set(sk, idx, ptr) ((IPAddressOrRange *)OPENSSL_sk_set(ossl_check_IPAddressOrRange_sk_type(sk), (idx), ossl_check_IPAddressOrRange_type(ptr))) +#define sk_IPAddressOrRange_find(sk, ptr) OPENSSL_sk_find(ossl_check_IPAddressOrRange_sk_type(sk), ossl_check_IPAddressOrRange_type(ptr)) +#define sk_IPAddressOrRange_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_IPAddressOrRange_sk_type(sk), ossl_check_IPAddressOrRange_type(ptr)) +#define sk_IPAddressOrRange_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_IPAddressOrRange_sk_type(sk), ossl_check_IPAddressOrRange_type(ptr), pnum) +#define sk_IPAddressOrRange_sort(sk) OPENSSL_sk_sort(ossl_check_IPAddressOrRange_sk_type(sk)) +#define sk_IPAddressOrRange_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_IPAddressOrRange_sk_type(sk)) +#define sk_IPAddressOrRange_dup(sk) ((STACK_OF(IPAddressOrRange) *)OPENSSL_sk_dup(ossl_check_const_IPAddressOrRange_sk_type(sk))) +#define sk_IPAddressOrRange_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(IPAddressOrRange) *)OPENSSL_sk_deep_copy(ossl_check_const_IPAddressOrRange_sk_type(sk), ossl_check_IPAddressOrRange_copyfunc_type(copyfunc), ossl_check_IPAddressOrRange_freefunc_type(freefunc))) +#define sk_IPAddressOrRange_set_cmp_func(sk, cmp) ((sk_IPAddressOrRange_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_IPAddressOrRange_sk_type(sk), ossl_check_IPAddressOrRange_compfunc_type(cmp))) + + +typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; + +# define IPAddressChoice_inherit 0 +# define IPAddressChoice_addressesOrRanges 1 + +typedef struct IPAddressChoice_st { + int type; + union { + ASN1_NULL *inherit; + IPAddressOrRanges *addressesOrRanges; + } u; +} IPAddressChoice; + +typedef struct IPAddressFamily_st { + ASN1_OCTET_STRING *addressFamily; + IPAddressChoice *ipAddressChoice; +} IPAddressFamily; + +SKM_DEFINE_STACK_OF_INTERNAL(IPAddressFamily, IPAddressFamily, IPAddressFamily) +#define sk_IPAddressFamily_num(sk) OPENSSL_sk_num(ossl_check_const_IPAddressFamily_sk_type(sk)) +#define sk_IPAddressFamily_value(sk, idx) ((IPAddressFamily *)OPENSSL_sk_value(ossl_check_const_IPAddressFamily_sk_type(sk), (idx))) +#define sk_IPAddressFamily_new(cmp) ((STACK_OF(IPAddressFamily) *)OPENSSL_sk_new(ossl_check_IPAddressFamily_compfunc_type(cmp))) +#define sk_IPAddressFamily_new_null() ((STACK_OF(IPAddressFamily) *)OPENSSL_sk_new_null()) +#define sk_IPAddressFamily_new_reserve(cmp, n) ((STACK_OF(IPAddressFamily) *)OPENSSL_sk_new_reserve(ossl_check_IPAddressFamily_compfunc_type(cmp), (n))) +#define sk_IPAddressFamily_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_IPAddressFamily_sk_type(sk), (n)) +#define sk_IPAddressFamily_free(sk) OPENSSL_sk_free(ossl_check_IPAddressFamily_sk_type(sk)) +#define sk_IPAddressFamily_zero(sk) OPENSSL_sk_zero(ossl_check_IPAddressFamily_sk_type(sk)) +#define sk_IPAddressFamily_delete(sk, i) ((IPAddressFamily *)OPENSSL_sk_delete(ossl_check_IPAddressFamily_sk_type(sk), (i))) +#define sk_IPAddressFamily_delete_ptr(sk, ptr) ((IPAddressFamily *)OPENSSL_sk_delete_ptr(ossl_check_IPAddressFamily_sk_type(sk), ossl_check_IPAddressFamily_type(ptr))) +#define sk_IPAddressFamily_push(sk, ptr) OPENSSL_sk_push(ossl_check_IPAddressFamily_sk_type(sk), ossl_check_IPAddressFamily_type(ptr)) +#define sk_IPAddressFamily_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_IPAddressFamily_sk_type(sk), ossl_check_IPAddressFamily_type(ptr)) +#define sk_IPAddressFamily_pop(sk) ((IPAddressFamily *)OPENSSL_sk_pop(ossl_check_IPAddressFamily_sk_type(sk))) +#define sk_IPAddressFamily_shift(sk) ((IPAddressFamily *)OPENSSL_sk_shift(ossl_check_IPAddressFamily_sk_type(sk))) +#define sk_IPAddressFamily_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_IPAddressFamily_sk_type(sk),ossl_check_IPAddressFamily_freefunc_type(freefunc)) +#define sk_IPAddressFamily_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_IPAddressFamily_sk_type(sk), ossl_check_IPAddressFamily_type(ptr), (idx)) +#define sk_IPAddressFamily_set(sk, idx, ptr) ((IPAddressFamily *)OPENSSL_sk_set(ossl_check_IPAddressFamily_sk_type(sk), (idx), ossl_check_IPAddressFamily_type(ptr))) +#define sk_IPAddressFamily_find(sk, ptr) OPENSSL_sk_find(ossl_check_IPAddressFamily_sk_type(sk), ossl_check_IPAddressFamily_type(ptr)) +#define sk_IPAddressFamily_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_IPAddressFamily_sk_type(sk), ossl_check_IPAddressFamily_type(ptr)) +#define sk_IPAddressFamily_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_IPAddressFamily_sk_type(sk), ossl_check_IPAddressFamily_type(ptr), pnum) +#define sk_IPAddressFamily_sort(sk) OPENSSL_sk_sort(ossl_check_IPAddressFamily_sk_type(sk)) +#define sk_IPAddressFamily_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_IPAddressFamily_sk_type(sk)) +#define sk_IPAddressFamily_dup(sk) ((STACK_OF(IPAddressFamily) *)OPENSSL_sk_dup(ossl_check_const_IPAddressFamily_sk_type(sk))) +#define sk_IPAddressFamily_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(IPAddressFamily) *)OPENSSL_sk_deep_copy(ossl_check_const_IPAddressFamily_sk_type(sk), ossl_check_IPAddressFamily_copyfunc_type(copyfunc), ossl_check_IPAddressFamily_freefunc_type(freefunc))) +#define sk_IPAddressFamily_set_cmp_func(sk, cmp) ((sk_IPAddressFamily_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_IPAddressFamily_sk_type(sk), ossl_check_IPAddressFamily_compfunc_type(cmp))) + + + +typedef STACK_OF(IPAddressFamily) IPAddrBlocks; + +DECLARE_ASN1_FUNCTIONS(IPAddressRange) +DECLARE_ASN1_FUNCTIONS(IPAddressOrRange) +DECLARE_ASN1_FUNCTIONS(IPAddressChoice) +DECLARE_ASN1_FUNCTIONS(IPAddressFamily) + +/* + * API tag for elements of the ASIdentifer SEQUENCE. + */ +# define V3_ASID_ASNUM 0 +# define V3_ASID_RDI 1 + +/* + * AFI values, assigned by IANA. It'd be nice to make the AFI + * handling code totally generic, but there are too many little things + * that would need to be defined for other address families for it to + * be worth the trouble. + */ +# define IANA_AFI_IPV4 1 +# define IANA_AFI_IPV6 2 + +/* + * Utilities to construct and extract values from RFC3779 extensions, + * since some of the encodings (particularly for IP address prefixes + * and ranges) are a bit tedious to work with directly. + */ +int X509v3_asid_add_inherit(ASIdentifiers *asid, int which); +int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, + ASN1_INTEGER *min, ASN1_INTEGER *max); +int X509v3_addr_add_inherit(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi); +int X509v3_addr_add_prefix(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *a, const int prefixlen); +int X509v3_addr_add_range(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *min, unsigned char *max); +unsigned X509v3_addr_get_afi(const IPAddressFamily *f); +int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, + unsigned char *min, unsigned char *max, + const int length); + +/* + * Canonical forms. + */ +int X509v3_asid_is_canonical(ASIdentifiers *asid); +int X509v3_addr_is_canonical(IPAddrBlocks *addr); +int X509v3_asid_canonize(ASIdentifiers *asid); +int X509v3_addr_canonize(IPAddrBlocks *addr); + +/* + * Tests for inheritance and containment. + */ +int X509v3_asid_inherits(ASIdentifiers *asid); +int X509v3_addr_inherits(IPAddrBlocks *addr); +int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); +int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); + +/* + * Check whether RFC 3779 extensions nest properly in chains. + */ +int X509v3_asid_validate_path(X509_STORE_CTX *); +int X509v3_addr_validate_path(X509_STORE_CTX *); +int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, + ASIdentifiers *ext, + int allow_inheritance); +int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, + IPAddrBlocks *ext, int allow_inheritance); + +#endif /* OPENSSL_NO_RFC3779 */ + +SKM_DEFINE_STACK_OF_INTERNAL(ASN1_STRING, ASN1_STRING, ASN1_STRING) +#define sk_ASN1_STRING_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_STRING_sk_type(sk)) +#define sk_ASN1_STRING_value(sk, idx) ((ASN1_STRING *)OPENSSL_sk_value(ossl_check_const_ASN1_STRING_sk_type(sk), (idx))) +#define sk_ASN1_STRING_new(cmp) ((STACK_OF(ASN1_STRING) *)OPENSSL_sk_new(ossl_check_ASN1_STRING_compfunc_type(cmp))) +#define sk_ASN1_STRING_new_null() ((STACK_OF(ASN1_STRING) *)OPENSSL_sk_new_null()) +#define sk_ASN1_STRING_new_reserve(cmp, n) ((STACK_OF(ASN1_STRING) *)OPENSSL_sk_new_reserve(ossl_check_ASN1_STRING_compfunc_type(cmp), (n))) +#define sk_ASN1_STRING_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ASN1_STRING_sk_type(sk), (n)) +#define sk_ASN1_STRING_free(sk) OPENSSL_sk_free(ossl_check_ASN1_STRING_sk_type(sk)) +#define sk_ASN1_STRING_zero(sk) OPENSSL_sk_zero(ossl_check_ASN1_STRING_sk_type(sk)) +#define sk_ASN1_STRING_delete(sk, i) ((ASN1_STRING *)OPENSSL_sk_delete(ossl_check_ASN1_STRING_sk_type(sk), (i))) +#define sk_ASN1_STRING_delete_ptr(sk, ptr) ((ASN1_STRING *)OPENSSL_sk_delete_ptr(ossl_check_ASN1_STRING_sk_type(sk), ossl_check_ASN1_STRING_type(ptr))) +#define sk_ASN1_STRING_push(sk, ptr) OPENSSL_sk_push(ossl_check_ASN1_STRING_sk_type(sk), ossl_check_ASN1_STRING_type(ptr)) +#define sk_ASN1_STRING_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ASN1_STRING_sk_type(sk), ossl_check_ASN1_STRING_type(ptr)) +#define sk_ASN1_STRING_pop(sk) ((ASN1_STRING *)OPENSSL_sk_pop(ossl_check_ASN1_STRING_sk_type(sk))) +#define sk_ASN1_STRING_shift(sk) ((ASN1_STRING *)OPENSSL_sk_shift(ossl_check_ASN1_STRING_sk_type(sk))) +#define sk_ASN1_STRING_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ASN1_STRING_sk_type(sk),ossl_check_ASN1_STRING_freefunc_type(freefunc)) +#define sk_ASN1_STRING_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ASN1_STRING_sk_type(sk), ossl_check_ASN1_STRING_type(ptr), (idx)) +#define sk_ASN1_STRING_set(sk, idx, ptr) ((ASN1_STRING *)OPENSSL_sk_set(ossl_check_ASN1_STRING_sk_type(sk), (idx), ossl_check_ASN1_STRING_type(ptr))) +#define sk_ASN1_STRING_find(sk, ptr) OPENSSL_sk_find(ossl_check_ASN1_STRING_sk_type(sk), ossl_check_ASN1_STRING_type(ptr)) +#define sk_ASN1_STRING_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ASN1_STRING_sk_type(sk), ossl_check_ASN1_STRING_type(ptr)) +#define sk_ASN1_STRING_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ASN1_STRING_sk_type(sk), ossl_check_ASN1_STRING_type(ptr), pnum) +#define sk_ASN1_STRING_sort(sk) OPENSSL_sk_sort(ossl_check_ASN1_STRING_sk_type(sk)) +#define sk_ASN1_STRING_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ASN1_STRING_sk_type(sk)) +#define sk_ASN1_STRING_dup(sk) ((STACK_OF(ASN1_STRING) *)OPENSSL_sk_dup(ossl_check_const_ASN1_STRING_sk_type(sk))) +#define sk_ASN1_STRING_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_STRING) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_STRING_sk_type(sk), ossl_check_ASN1_STRING_copyfunc_type(copyfunc), ossl_check_ASN1_STRING_freefunc_type(freefunc))) +#define sk_ASN1_STRING_set_cmp_func(sk, cmp) ((sk_ASN1_STRING_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_STRING_sk_type(sk), ossl_check_ASN1_STRING_compfunc_type(cmp))) + + +/* + * Admission Syntax + */ +typedef struct NamingAuthority_st NAMING_AUTHORITY; +typedef struct ProfessionInfo_st PROFESSION_INFO; +typedef struct Admissions_st ADMISSIONS; +typedef struct AdmissionSyntax_st ADMISSION_SYNTAX; +DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY) +DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO) +DECLARE_ASN1_FUNCTIONS(ADMISSIONS) +DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX) +SKM_DEFINE_STACK_OF_INTERNAL(PROFESSION_INFO, PROFESSION_INFO, PROFESSION_INFO) +#define sk_PROFESSION_INFO_num(sk) OPENSSL_sk_num(ossl_check_const_PROFESSION_INFO_sk_type(sk)) +#define sk_PROFESSION_INFO_value(sk, idx) ((PROFESSION_INFO *)OPENSSL_sk_value(ossl_check_const_PROFESSION_INFO_sk_type(sk), (idx))) +#define sk_PROFESSION_INFO_new(cmp) ((STACK_OF(PROFESSION_INFO) *)OPENSSL_sk_new(ossl_check_PROFESSION_INFO_compfunc_type(cmp))) +#define sk_PROFESSION_INFO_new_null() ((STACK_OF(PROFESSION_INFO) *)OPENSSL_sk_new_null()) +#define sk_PROFESSION_INFO_new_reserve(cmp, n) ((STACK_OF(PROFESSION_INFO) *)OPENSSL_sk_new_reserve(ossl_check_PROFESSION_INFO_compfunc_type(cmp), (n))) +#define sk_PROFESSION_INFO_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_PROFESSION_INFO_sk_type(sk), (n)) +#define sk_PROFESSION_INFO_free(sk) OPENSSL_sk_free(ossl_check_PROFESSION_INFO_sk_type(sk)) +#define sk_PROFESSION_INFO_zero(sk) OPENSSL_sk_zero(ossl_check_PROFESSION_INFO_sk_type(sk)) +#define sk_PROFESSION_INFO_delete(sk, i) ((PROFESSION_INFO *)OPENSSL_sk_delete(ossl_check_PROFESSION_INFO_sk_type(sk), (i))) +#define sk_PROFESSION_INFO_delete_ptr(sk, ptr) ((PROFESSION_INFO *)OPENSSL_sk_delete_ptr(ossl_check_PROFESSION_INFO_sk_type(sk), ossl_check_PROFESSION_INFO_type(ptr))) +#define sk_PROFESSION_INFO_push(sk, ptr) OPENSSL_sk_push(ossl_check_PROFESSION_INFO_sk_type(sk), ossl_check_PROFESSION_INFO_type(ptr)) +#define sk_PROFESSION_INFO_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_PROFESSION_INFO_sk_type(sk), ossl_check_PROFESSION_INFO_type(ptr)) +#define sk_PROFESSION_INFO_pop(sk) ((PROFESSION_INFO *)OPENSSL_sk_pop(ossl_check_PROFESSION_INFO_sk_type(sk))) +#define sk_PROFESSION_INFO_shift(sk) ((PROFESSION_INFO *)OPENSSL_sk_shift(ossl_check_PROFESSION_INFO_sk_type(sk))) +#define sk_PROFESSION_INFO_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_PROFESSION_INFO_sk_type(sk),ossl_check_PROFESSION_INFO_freefunc_type(freefunc)) +#define sk_PROFESSION_INFO_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_PROFESSION_INFO_sk_type(sk), ossl_check_PROFESSION_INFO_type(ptr), (idx)) +#define sk_PROFESSION_INFO_set(sk, idx, ptr) ((PROFESSION_INFO *)OPENSSL_sk_set(ossl_check_PROFESSION_INFO_sk_type(sk), (idx), ossl_check_PROFESSION_INFO_type(ptr))) +#define sk_PROFESSION_INFO_find(sk, ptr) OPENSSL_sk_find(ossl_check_PROFESSION_INFO_sk_type(sk), ossl_check_PROFESSION_INFO_type(ptr)) +#define sk_PROFESSION_INFO_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_PROFESSION_INFO_sk_type(sk), ossl_check_PROFESSION_INFO_type(ptr)) +#define sk_PROFESSION_INFO_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_PROFESSION_INFO_sk_type(sk), ossl_check_PROFESSION_INFO_type(ptr), pnum) +#define sk_PROFESSION_INFO_sort(sk) OPENSSL_sk_sort(ossl_check_PROFESSION_INFO_sk_type(sk)) +#define sk_PROFESSION_INFO_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_PROFESSION_INFO_sk_type(sk)) +#define sk_PROFESSION_INFO_dup(sk) ((STACK_OF(PROFESSION_INFO) *)OPENSSL_sk_dup(ossl_check_const_PROFESSION_INFO_sk_type(sk))) +#define sk_PROFESSION_INFO_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(PROFESSION_INFO) *)OPENSSL_sk_deep_copy(ossl_check_const_PROFESSION_INFO_sk_type(sk), ossl_check_PROFESSION_INFO_copyfunc_type(copyfunc), ossl_check_PROFESSION_INFO_freefunc_type(freefunc))) +#define sk_PROFESSION_INFO_set_cmp_func(sk, cmp) ((sk_PROFESSION_INFO_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_PROFESSION_INFO_sk_type(sk), ossl_check_PROFESSION_INFO_compfunc_type(cmp))) +SKM_DEFINE_STACK_OF_INTERNAL(ADMISSIONS, ADMISSIONS, ADMISSIONS) +#define sk_ADMISSIONS_num(sk) OPENSSL_sk_num(ossl_check_const_ADMISSIONS_sk_type(sk)) +#define sk_ADMISSIONS_value(sk, idx) ((ADMISSIONS *)OPENSSL_sk_value(ossl_check_const_ADMISSIONS_sk_type(sk), (idx))) +#define sk_ADMISSIONS_new(cmp) ((STACK_OF(ADMISSIONS) *)OPENSSL_sk_new(ossl_check_ADMISSIONS_compfunc_type(cmp))) +#define sk_ADMISSIONS_new_null() ((STACK_OF(ADMISSIONS) *)OPENSSL_sk_new_null()) +#define sk_ADMISSIONS_new_reserve(cmp, n) ((STACK_OF(ADMISSIONS) *)OPENSSL_sk_new_reserve(ossl_check_ADMISSIONS_compfunc_type(cmp), (n))) +#define sk_ADMISSIONS_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_ADMISSIONS_sk_type(sk), (n)) +#define sk_ADMISSIONS_free(sk) OPENSSL_sk_free(ossl_check_ADMISSIONS_sk_type(sk)) +#define sk_ADMISSIONS_zero(sk) OPENSSL_sk_zero(ossl_check_ADMISSIONS_sk_type(sk)) +#define sk_ADMISSIONS_delete(sk, i) ((ADMISSIONS *)OPENSSL_sk_delete(ossl_check_ADMISSIONS_sk_type(sk), (i))) +#define sk_ADMISSIONS_delete_ptr(sk, ptr) ((ADMISSIONS *)OPENSSL_sk_delete_ptr(ossl_check_ADMISSIONS_sk_type(sk), ossl_check_ADMISSIONS_type(ptr))) +#define sk_ADMISSIONS_push(sk, ptr) OPENSSL_sk_push(ossl_check_ADMISSIONS_sk_type(sk), ossl_check_ADMISSIONS_type(ptr)) +#define sk_ADMISSIONS_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_ADMISSIONS_sk_type(sk), ossl_check_ADMISSIONS_type(ptr)) +#define sk_ADMISSIONS_pop(sk) ((ADMISSIONS *)OPENSSL_sk_pop(ossl_check_ADMISSIONS_sk_type(sk))) +#define sk_ADMISSIONS_shift(sk) ((ADMISSIONS *)OPENSSL_sk_shift(ossl_check_ADMISSIONS_sk_type(sk))) +#define sk_ADMISSIONS_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_ADMISSIONS_sk_type(sk),ossl_check_ADMISSIONS_freefunc_type(freefunc)) +#define sk_ADMISSIONS_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_ADMISSIONS_sk_type(sk), ossl_check_ADMISSIONS_type(ptr), (idx)) +#define sk_ADMISSIONS_set(sk, idx, ptr) ((ADMISSIONS *)OPENSSL_sk_set(ossl_check_ADMISSIONS_sk_type(sk), (idx), ossl_check_ADMISSIONS_type(ptr))) +#define sk_ADMISSIONS_find(sk, ptr) OPENSSL_sk_find(ossl_check_ADMISSIONS_sk_type(sk), ossl_check_ADMISSIONS_type(ptr)) +#define sk_ADMISSIONS_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_ADMISSIONS_sk_type(sk), ossl_check_ADMISSIONS_type(ptr)) +#define sk_ADMISSIONS_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_ADMISSIONS_sk_type(sk), ossl_check_ADMISSIONS_type(ptr), pnum) +#define sk_ADMISSIONS_sort(sk) OPENSSL_sk_sort(ossl_check_ADMISSIONS_sk_type(sk)) +#define sk_ADMISSIONS_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_ADMISSIONS_sk_type(sk)) +#define sk_ADMISSIONS_dup(sk) ((STACK_OF(ADMISSIONS) *)OPENSSL_sk_dup(ossl_check_const_ADMISSIONS_sk_type(sk))) +#define sk_ADMISSIONS_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ADMISSIONS) *)OPENSSL_sk_deep_copy(ossl_check_const_ADMISSIONS_sk_type(sk), ossl_check_ADMISSIONS_copyfunc_type(copyfunc), ossl_check_ADMISSIONS_freefunc_type(freefunc))) +#define sk_ADMISSIONS_set_cmp_func(sk, cmp) ((sk_ADMISSIONS_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ADMISSIONS_sk_type(sk), ossl_check_ADMISSIONS_compfunc_type(cmp))) + +typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS; + +const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId( + const NAMING_AUTHORITY *n); +const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( + const NAMING_AUTHORITY *n); +const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( + const NAMING_AUTHORITY *n); +void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, + ASN1_OBJECT* namingAuthorityId); +void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, + ASN1_IA5STRING* namingAuthorityUrl); +void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, + ASN1_STRING* namingAuthorityText); + +const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority( + const ADMISSION_SYNTAX *as); +void ADMISSION_SYNTAX_set0_admissionAuthority( + ADMISSION_SYNTAX *as, GENERAL_NAME *aa); +const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions( + const ADMISSION_SYNTAX *as); +void ADMISSION_SYNTAX_set0_contentsOfAdmissions( + ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a); +const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a); +void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa); +const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a); +void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na); +const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a); +void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi); +const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_addProfessionInfo( + PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos); +const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_namingAuthority( + PROFESSION_INFO *pi, NAMING_AUTHORITY *na); +const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_professionItems( + PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as); +const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_professionOIDs( + PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po); +const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_registrationNumber( + PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); + +int OSSL_GENERAL_NAMES_print(BIO *out, GENERAL_NAMES *gens, int indent); + +typedef STACK_OF(X509_ATTRIBUTE) OSSL_ATTRIBUTES_SYNTAX; +DECLARE_ASN1_FUNCTIONS(OSSL_ATTRIBUTES_SYNTAX) + +typedef STACK_OF(USERNOTICE) OSSL_USER_NOTICE_SYNTAX; +DECLARE_ASN1_FUNCTIONS(OSSL_USER_NOTICE_SYNTAX) + +SKM_DEFINE_STACK_OF_INTERNAL(USERNOTICE, USERNOTICE, USERNOTICE) +#define sk_USERNOTICE_num(sk) OPENSSL_sk_num(ossl_check_const_USERNOTICE_sk_type(sk)) +#define sk_USERNOTICE_value(sk, idx) ((USERNOTICE *)OPENSSL_sk_value(ossl_check_const_USERNOTICE_sk_type(sk), (idx))) +#define sk_USERNOTICE_new(cmp) ((STACK_OF(USERNOTICE) *)OPENSSL_sk_new(ossl_check_USERNOTICE_compfunc_type(cmp))) +#define sk_USERNOTICE_new_null() ((STACK_OF(USERNOTICE) *)OPENSSL_sk_new_null()) +#define sk_USERNOTICE_new_reserve(cmp, n) ((STACK_OF(USERNOTICE) *)OPENSSL_sk_new_reserve(ossl_check_USERNOTICE_compfunc_type(cmp), (n))) +#define sk_USERNOTICE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_USERNOTICE_sk_type(sk), (n)) +#define sk_USERNOTICE_free(sk) OPENSSL_sk_free(ossl_check_USERNOTICE_sk_type(sk)) +#define sk_USERNOTICE_zero(sk) OPENSSL_sk_zero(ossl_check_USERNOTICE_sk_type(sk)) +#define sk_USERNOTICE_delete(sk, i) ((USERNOTICE *)OPENSSL_sk_delete(ossl_check_USERNOTICE_sk_type(sk), (i))) +#define sk_USERNOTICE_delete_ptr(sk, ptr) ((USERNOTICE *)OPENSSL_sk_delete_ptr(ossl_check_USERNOTICE_sk_type(sk), ossl_check_USERNOTICE_type(ptr))) +#define sk_USERNOTICE_push(sk, ptr) OPENSSL_sk_push(ossl_check_USERNOTICE_sk_type(sk), ossl_check_USERNOTICE_type(ptr)) +#define sk_USERNOTICE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_USERNOTICE_sk_type(sk), ossl_check_USERNOTICE_type(ptr)) +#define sk_USERNOTICE_pop(sk) ((USERNOTICE *)OPENSSL_sk_pop(ossl_check_USERNOTICE_sk_type(sk))) +#define sk_USERNOTICE_shift(sk) ((USERNOTICE *)OPENSSL_sk_shift(ossl_check_USERNOTICE_sk_type(sk))) +#define sk_USERNOTICE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_USERNOTICE_sk_type(sk),ossl_check_USERNOTICE_freefunc_type(freefunc)) +#define sk_USERNOTICE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_USERNOTICE_sk_type(sk), ossl_check_USERNOTICE_type(ptr), (idx)) +#define sk_USERNOTICE_set(sk, idx, ptr) ((USERNOTICE *)OPENSSL_sk_set(ossl_check_USERNOTICE_sk_type(sk), (idx), ossl_check_USERNOTICE_type(ptr))) +#define sk_USERNOTICE_find(sk, ptr) OPENSSL_sk_find(ossl_check_USERNOTICE_sk_type(sk), ossl_check_USERNOTICE_type(ptr)) +#define sk_USERNOTICE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_USERNOTICE_sk_type(sk), ossl_check_USERNOTICE_type(ptr)) +#define sk_USERNOTICE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_USERNOTICE_sk_type(sk), ossl_check_USERNOTICE_type(ptr), pnum) +#define sk_USERNOTICE_sort(sk) OPENSSL_sk_sort(ossl_check_USERNOTICE_sk_type(sk)) +#define sk_USERNOTICE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_USERNOTICE_sk_type(sk)) +#define sk_USERNOTICE_dup(sk) ((STACK_OF(USERNOTICE) *)OPENSSL_sk_dup(ossl_check_const_USERNOTICE_sk_type(sk))) +#define sk_USERNOTICE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(USERNOTICE) *)OPENSSL_sk_deep_copy(ossl_check_const_USERNOTICE_sk_type(sk), ossl_check_USERNOTICE_copyfunc_type(copyfunc), ossl_check_USERNOTICE_freefunc_type(freefunc))) +#define sk_USERNOTICE_set_cmp_func(sk, cmp) ((sk_USERNOTICE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_USERNOTICE_sk_type(sk), ossl_check_USERNOTICE_compfunc_type(cmp))) + + +typedef struct OSSL_ROLE_SPEC_CERT_ID_st { + GENERAL_NAME *roleName; + GENERAL_NAME *roleCertIssuer; + ASN1_INTEGER *roleCertSerialNumber; + GENERAL_NAMES *roleCertLocator; +} OSSL_ROLE_SPEC_CERT_ID; + +DECLARE_ASN1_FUNCTIONS(OSSL_ROLE_SPEC_CERT_ID) + +SKM_DEFINE_STACK_OF_INTERNAL(OSSL_ROLE_SPEC_CERT_ID, OSSL_ROLE_SPEC_CERT_ID, OSSL_ROLE_SPEC_CERT_ID) +#define sk_OSSL_ROLE_SPEC_CERT_ID_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk)) +#define sk_OSSL_ROLE_SPEC_CERT_ID_value(sk, idx) ((OSSL_ROLE_SPEC_CERT_ID *)OPENSSL_sk_value(ossl_check_const_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk), (idx))) +#define sk_OSSL_ROLE_SPEC_CERT_ID_new(cmp) ((STACK_OF(OSSL_ROLE_SPEC_CERT_ID) *)OPENSSL_sk_new(ossl_check_OSSL_ROLE_SPEC_CERT_ID_compfunc_type(cmp))) +#define sk_OSSL_ROLE_SPEC_CERT_ID_new_null() ((STACK_OF(OSSL_ROLE_SPEC_CERT_ID) *)OPENSSL_sk_new_null()) +#define sk_OSSL_ROLE_SPEC_CERT_ID_new_reserve(cmp, n) ((STACK_OF(OSSL_ROLE_SPEC_CERT_ID) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_ROLE_SPEC_CERT_ID_compfunc_type(cmp), (n))) +#define sk_OSSL_ROLE_SPEC_CERT_ID_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk), (n)) +#define sk_OSSL_ROLE_SPEC_CERT_ID_free(sk) OPENSSL_sk_free(ossl_check_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk)) +#define sk_OSSL_ROLE_SPEC_CERT_ID_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk)) +#define sk_OSSL_ROLE_SPEC_CERT_ID_delete(sk, i) ((OSSL_ROLE_SPEC_CERT_ID *)OPENSSL_sk_delete(ossl_check_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk), (i))) +#define sk_OSSL_ROLE_SPEC_CERT_ID_delete_ptr(sk, ptr) ((OSSL_ROLE_SPEC_CERT_ID *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk), ossl_check_OSSL_ROLE_SPEC_CERT_ID_type(ptr))) +#define sk_OSSL_ROLE_SPEC_CERT_ID_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk), ossl_check_OSSL_ROLE_SPEC_CERT_ID_type(ptr)) +#define sk_OSSL_ROLE_SPEC_CERT_ID_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk), ossl_check_OSSL_ROLE_SPEC_CERT_ID_type(ptr)) +#define sk_OSSL_ROLE_SPEC_CERT_ID_pop(sk) ((OSSL_ROLE_SPEC_CERT_ID *)OPENSSL_sk_pop(ossl_check_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk))) +#define sk_OSSL_ROLE_SPEC_CERT_ID_shift(sk) ((OSSL_ROLE_SPEC_CERT_ID *)OPENSSL_sk_shift(ossl_check_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk))) +#define sk_OSSL_ROLE_SPEC_CERT_ID_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk),ossl_check_OSSL_ROLE_SPEC_CERT_ID_freefunc_type(freefunc)) +#define sk_OSSL_ROLE_SPEC_CERT_ID_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk), ossl_check_OSSL_ROLE_SPEC_CERT_ID_type(ptr), (idx)) +#define sk_OSSL_ROLE_SPEC_CERT_ID_set(sk, idx, ptr) ((OSSL_ROLE_SPEC_CERT_ID *)OPENSSL_sk_set(ossl_check_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk), (idx), ossl_check_OSSL_ROLE_SPEC_CERT_ID_type(ptr))) +#define sk_OSSL_ROLE_SPEC_CERT_ID_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk), ossl_check_OSSL_ROLE_SPEC_CERT_ID_type(ptr)) +#define sk_OSSL_ROLE_SPEC_CERT_ID_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk), ossl_check_OSSL_ROLE_SPEC_CERT_ID_type(ptr)) +#define sk_OSSL_ROLE_SPEC_CERT_ID_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk), ossl_check_OSSL_ROLE_SPEC_CERT_ID_type(ptr), pnum) +#define sk_OSSL_ROLE_SPEC_CERT_ID_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk)) +#define sk_OSSL_ROLE_SPEC_CERT_ID_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk)) +#define sk_OSSL_ROLE_SPEC_CERT_ID_dup(sk) ((STACK_OF(OSSL_ROLE_SPEC_CERT_ID) *)OPENSSL_sk_dup(ossl_check_const_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk))) +#define sk_OSSL_ROLE_SPEC_CERT_ID_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_ROLE_SPEC_CERT_ID) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk), ossl_check_OSSL_ROLE_SPEC_CERT_ID_copyfunc_type(copyfunc), ossl_check_OSSL_ROLE_SPEC_CERT_ID_freefunc_type(freefunc))) +#define sk_OSSL_ROLE_SPEC_CERT_ID_set_cmp_func(sk, cmp) ((sk_OSSL_ROLE_SPEC_CERT_ID_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_ROLE_SPEC_CERT_ID_sk_type(sk), ossl_check_OSSL_ROLE_SPEC_CERT_ID_compfunc_type(cmp))) + + +typedef STACK_OF(OSSL_ROLE_SPEC_CERT_ID) OSSL_ROLE_SPEC_CERT_ID_SYNTAX; + +DECLARE_ASN1_FUNCTIONS(OSSL_ROLE_SPEC_CERT_ID_SYNTAX) +typedef struct OSSL_HASH_st { + X509_ALGOR *algorithmIdentifier; + ASN1_BIT_STRING *hashValue; +} OSSL_HASH; + +typedef struct OSSL_INFO_SYNTAX_POINTER_st { + GENERAL_NAMES *name; + OSSL_HASH *hash; +} OSSL_INFO_SYNTAX_POINTER; + +# define OSSL_INFO_SYNTAX_TYPE_CONTENT 0 +# define OSSL_INFO_SYNTAX_TYPE_POINTER 1 + +typedef struct OSSL_INFO_SYNTAX_st { + int type; + union { + ASN1_STRING *content; + OSSL_INFO_SYNTAX_POINTER *pointer; + } choice; +} OSSL_INFO_SYNTAX; + +typedef struct OSSL_PRIVILEGE_POLICY_ID_st { + ASN1_OBJECT *privilegePolicy; + OSSL_INFO_SYNTAX *privPolSyntax; +} OSSL_PRIVILEGE_POLICY_ID; + +typedef struct OSSL_ATTRIBUTE_DESCRIPTOR_st { + ASN1_OBJECT *identifier; + ASN1_STRING *attributeSyntax; + ASN1_UTF8STRING *name; + ASN1_UTF8STRING *description; + OSSL_PRIVILEGE_POLICY_ID *dominationRule; +} OSSL_ATTRIBUTE_DESCRIPTOR; + +DECLARE_ASN1_FUNCTIONS(OSSL_HASH) +DECLARE_ASN1_FUNCTIONS(OSSL_INFO_SYNTAX) +DECLARE_ASN1_FUNCTIONS(OSSL_INFO_SYNTAX_POINTER) +DECLARE_ASN1_FUNCTIONS(OSSL_PRIVILEGE_POLICY_ID) +DECLARE_ASN1_FUNCTIONS(OSSL_ATTRIBUTE_DESCRIPTOR) + +typedef struct OSSL_TIME_SPEC_ABSOLUTE_st { + ASN1_GENERALIZEDTIME *startTime; + ASN1_GENERALIZEDTIME *endTime; +} OSSL_TIME_SPEC_ABSOLUTE; + +typedef struct OSSL_DAY_TIME_st { + ASN1_INTEGER *hour; + ASN1_INTEGER *minute; + ASN1_INTEGER *second; +} OSSL_DAY_TIME; + +typedef struct OSSL_DAY_TIME_BAND_st { + OSSL_DAY_TIME *startDayTime; + OSSL_DAY_TIME *endDayTime; +} OSSL_DAY_TIME_BAND; + +# define OSSL_NAMED_DAY_TYPE_INT 0 +# define OSSL_NAMED_DAY_TYPE_BIT 1 +# define OSSL_NAMED_DAY_INT_SUN 1 +# define OSSL_NAMED_DAY_INT_MON 2 +# define OSSL_NAMED_DAY_INT_TUE 3 +# define OSSL_NAMED_DAY_INT_WED 4 +# define OSSL_NAMED_DAY_INT_THU 5 +# define OSSL_NAMED_DAY_INT_FRI 6 +# define OSSL_NAMED_DAY_INT_SAT 7 +# define OSSL_NAMED_DAY_BIT_SUN 0 +# define OSSL_NAMED_DAY_BIT_MON 1 +# define OSSL_NAMED_DAY_BIT_TUE 2 +# define OSSL_NAMED_DAY_BIT_WED 3 +# define OSSL_NAMED_DAY_BIT_THU 4 +# define OSSL_NAMED_DAY_BIT_FRI 5 +# define OSSL_NAMED_DAY_BIT_SAT 6 + +typedef struct OSSL_NAMED_DAY_st { + int type; + union { + ASN1_INTEGER *intNamedDays; + ASN1_BIT_STRING *bitNamedDays; + } choice; +} OSSL_NAMED_DAY; + +# define OSSL_TIME_SPEC_X_DAY_OF_FIRST 0 +# define OSSL_TIME_SPEC_X_DAY_OF_SECOND 1 +# define OSSL_TIME_SPEC_X_DAY_OF_THIRD 2 +# define OSSL_TIME_SPEC_X_DAY_OF_FOURTH 3 +# define OSSL_TIME_SPEC_X_DAY_OF_FIFTH 4 + +typedef struct OSSL_TIME_SPEC_X_DAY_OF_st { + int type; + union { + OSSL_NAMED_DAY *first; + OSSL_NAMED_DAY *second; + OSSL_NAMED_DAY *third; + OSSL_NAMED_DAY *fourth; + OSSL_NAMED_DAY *fifth; + } choice; +} OSSL_TIME_SPEC_X_DAY_OF; + +# define OSSL_TIME_SPEC_DAY_TYPE_INT 0 +# define OSSL_TIME_SPEC_DAY_TYPE_BIT 1 +# define OSSL_TIME_SPEC_DAY_TYPE_DAY_OF 2 +# define OSSL_TIME_SPEC_DAY_BIT_SUN 0 +# define OSSL_TIME_SPEC_DAY_BIT_MON 1 +# define OSSL_TIME_SPEC_DAY_BIT_TUE 2 +# define OSSL_TIME_SPEC_DAY_BIT_WED 3 +# define OSSL_TIME_SPEC_DAY_BIT_THU 4 +# define OSSL_TIME_SPEC_DAY_BIT_FRI 5 +# define OSSL_TIME_SPEC_DAY_BIT_SAT 6 +# define OSSL_TIME_SPEC_DAY_INT_SUN 1 +# define OSSL_TIME_SPEC_DAY_INT_MON 2 +# define OSSL_TIME_SPEC_DAY_INT_TUE 3 +# define OSSL_TIME_SPEC_DAY_INT_WED 4 +# define OSSL_TIME_SPEC_DAY_INT_THU 5 +# define OSSL_TIME_SPEC_DAY_INT_FRI 6 +# define OSSL_TIME_SPEC_DAY_INT_SAT 7 + +typedef struct OSSL_TIME_SPEC_DAY_st { + int type; + union { + STACK_OF(ASN1_INTEGER) *intDay; + ASN1_BIT_STRING *bitDay; + OSSL_TIME_SPEC_X_DAY_OF *dayOf; + } choice; +} OSSL_TIME_SPEC_DAY; + +# define OSSL_TIME_SPEC_WEEKS_TYPE_ALL 0 +# define OSSL_TIME_SPEC_WEEKS_TYPE_INT 1 +# define OSSL_TIME_SPEC_WEEKS_TYPE_BIT 2 +# define OSSL_TIME_SPEC_BIT_WEEKS_1 0 +# define OSSL_TIME_SPEC_BIT_WEEKS_2 1 +# define OSSL_TIME_SPEC_BIT_WEEKS_3 2 +# define OSSL_TIME_SPEC_BIT_WEEKS_4 3 +# define OSSL_TIME_SPEC_BIT_WEEKS_5 4 + +typedef struct OSSL_TIME_SPEC_WEEKS_st { + int type; + union { + ASN1_NULL *allWeeks; + STACK_OF(ASN1_INTEGER) *intWeek; + ASN1_BIT_STRING *bitWeek; + } choice; +} OSSL_TIME_SPEC_WEEKS; + +# define OSSL_TIME_SPEC_MONTH_TYPE_ALL 0 +# define OSSL_TIME_SPEC_MONTH_TYPE_INT 1 +# define OSSL_TIME_SPEC_MONTH_TYPE_BIT 2 +# define OSSL_TIME_SPEC_INT_MONTH_JAN 1 +# define OSSL_TIME_SPEC_INT_MONTH_FEB 2 +# define OSSL_TIME_SPEC_INT_MONTH_MAR 3 +# define OSSL_TIME_SPEC_INT_MONTH_APR 4 +# define OSSL_TIME_SPEC_INT_MONTH_MAY 5 +# define OSSL_TIME_SPEC_INT_MONTH_JUN 6 +# define OSSL_TIME_SPEC_INT_MONTH_JUL 7 +# define OSSL_TIME_SPEC_INT_MONTH_AUG 8 +# define OSSL_TIME_SPEC_INT_MONTH_SEP 9 +# define OSSL_TIME_SPEC_INT_MONTH_OCT 10 +# define OSSL_TIME_SPEC_INT_MONTH_NOV 11 +# define OSSL_TIME_SPEC_INT_MONTH_DEC 12 +# define OSSL_TIME_SPEC_BIT_MONTH_JAN 0 +# define OSSL_TIME_SPEC_BIT_MONTH_FEB 1 +# define OSSL_TIME_SPEC_BIT_MONTH_MAR 2 +# define OSSL_TIME_SPEC_BIT_MONTH_APR 3 +# define OSSL_TIME_SPEC_BIT_MONTH_MAY 4 +# define OSSL_TIME_SPEC_BIT_MONTH_JUN 5 +# define OSSL_TIME_SPEC_BIT_MONTH_JUL 6 +# define OSSL_TIME_SPEC_BIT_MONTH_AUG 7 +# define OSSL_TIME_SPEC_BIT_MONTH_SEP 8 +# define OSSL_TIME_SPEC_BIT_MONTH_OCT 9 +# define OSSL_TIME_SPEC_BIT_MONTH_NOV 10 +# define OSSL_TIME_SPEC_BIT_MONTH_DEC 11 + +typedef struct OSSL_TIME_SPEC_MONTH_st { + int type; + union { + ASN1_NULL *allMonths; + STACK_OF(ASN1_INTEGER) *intMonth; + ASN1_BIT_STRING *bitMonth; + } choice; +} OSSL_TIME_SPEC_MONTH; + +typedef struct OSSL_TIME_PERIOD_st { + STACK_OF(OSSL_DAY_TIME_BAND) *timesOfDay; + OSSL_TIME_SPEC_DAY *days; + OSSL_TIME_SPEC_WEEKS *weeks; + OSSL_TIME_SPEC_MONTH *months; + STACK_OF(ASN1_INTEGER) *years; +} OSSL_TIME_PERIOD; + +# define OSSL_TIME_SPEC_TIME_TYPE_ABSOLUTE 0 +# define OSSL_TIME_SPEC_TIME_TYPE_PERIODIC 1 + +typedef struct OSSL_TIME_SPEC_TIME_st { + int type; + union { + OSSL_TIME_SPEC_ABSOLUTE *absolute; + STACK_OF(OSSL_TIME_PERIOD) *periodic; + } choice; +} OSSL_TIME_SPEC_TIME; + +typedef struct OSSL_TIME_SPEC_st { + OSSL_TIME_SPEC_TIME *time; + ASN1_BOOLEAN notThisTime; + ASN1_INTEGER *timeZone; +} OSSL_TIME_SPEC; + +DECLARE_ASN1_FUNCTIONS(OSSL_DAY_TIME) +DECLARE_ASN1_FUNCTIONS(OSSL_DAY_TIME_BAND) +DECLARE_ASN1_FUNCTIONS(OSSL_TIME_SPEC_DAY) +DECLARE_ASN1_FUNCTIONS(OSSL_TIME_SPEC_WEEKS) +DECLARE_ASN1_FUNCTIONS(OSSL_TIME_SPEC_MONTH) +DECLARE_ASN1_FUNCTIONS(OSSL_NAMED_DAY) +DECLARE_ASN1_FUNCTIONS(OSSL_TIME_SPEC_X_DAY_OF) +DECLARE_ASN1_FUNCTIONS(OSSL_TIME_SPEC_ABSOLUTE) +DECLARE_ASN1_FUNCTIONS(OSSL_TIME_SPEC_TIME) +DECLARE_ASN1_FUNCTIONS(OSSL_TIME_SPEC) +DECLARE_ASN1_FUNCTIONS(OSSL_TIME_PERIOD) + +SKM_DEFINE_STACK_OF_INTERNAL(OSSL_TIME_PERIOD, OSSL_TIME_PERIOD, OSSL_TIME_PERIOD) +#define sk_OSSL_TIME_PERIOD_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_TIME_PERIOD_sk_type(sk)) +#define sk_OSSL_TIME_PERIOD_value(sk, idx) ((OSSL_TIME_PERIOD *)OPENSSL_sk_value(ossl_check_const_OSSL_TIME_PERIOD_sk_type(sk), (idx))) +#define sk_OSSL_TIME_PERIOD_new(cmp) ((STACK_OF(OSSL_TIME_PERIOD) *)OPENSSL_sk_new(ossl_check_OSSL_TIME_PERIOD_compfunc_type(cmp))) +#define sk_OSSL_TIME_PERIOD_new_null() ((STACK_OF(OSSL_TIME_PERIOD) *)OPENSSL_sk_new_null()) +#define sk_OSSL_TIME_PERIOD_new_reserve(cmp, n) ((STACK_OF(OSSL_TIME_PERIOD) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_TIME_PERIOD_compfunc_type(cmp), (n))) +#define sk_OSSL_TIME_PERIOD_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_TIME_PERIOD_sk_type(sk), (n)) +#define sk_OSSL_TIME_PERIOD_free(sk) OPENSSL_sk_free(ossl_check_OSSL_TIME_PERIOD_sk_type(sk)) +#define sk_OSSL_TIME_PERIOD_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_TIME_PERIOD_sk_type(sk)) +#define sk_OSSL_TIME_PERIOD_delete(sk, i) ((OSSL_TIME_PERIOD *)OPENSSL_sk_delete(ossl_check_OSSL_TIME_PERIOD_sk_type(sk), (i))) +#define sk_OSSL_TIME_PERIOD_delete_ptr(sk, ptr) ((OSSL_TIME_PERIOD *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_TIME_PERIOD_sk_type(sk), ossl_check_OSSL_TIME_PERIOD_type(ptr))) +#define sk_OSSL_TIME_PERIOD_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_TIME_PERIOD_sk_type(sk), ossl_check_OSSL_TIME_PERIOD_type(ptr)) +#define sk_OSSL_TIME_PERIOD_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_TIME_PERIOD_sk_type(sk), ossl_check_OSSL_TIME_PERIOD_type(ptr)) +#define sk_OSSL_TIME_PERIOD_pop(sk) ((OSSL_TIME_PERIOD *)OPENSSL_sk_pop(ossl_check_OSSL_TIME_PERIOD_sk_type(sk))) +#define sk_OSSL_TIME_PERIOD_shift(sk) ((OSSL_TIME_PERIOD *)OPENSSL_sk_shift(ossl_check_OSSL_TIME_PERIOD_sk_type(sk))) +#define sk_OSSL_TIME_PERIOD_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_TIME_PERIOD_sk_type(sk),ossl_check_OSSL_TIME_PERIOD_freefunc_type(freefunc)) +#define sk_OSSL_TIME_PERIOD_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_TIME_PERIOD_sk_type(sk), ossl_check_OSSL_TIME_PERIOD_type(ptr), (idx)) +#define sk_OSSL_TIME_PERIOD_set(sk, idx, ptr) ((OSSL_TIME_PERIOD *)OPENSSL_sk_set(ossl_check_OSSL_TIME_PERIOD_sk_type(sk), (idx), ossl_check_OSSL_TIME_PERIOD_type(ptr))) +#define sk_OSSL_TIME_PERIOD_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_TIME_PERIOD_sk_type(sk), ossl_check_OSSL_TIME_PERIOD_type(ptr)) +#define sk_OSSL_TIME_PERIOD_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_TIME_PERIOD_sk_type(sk), ossl_check_OSSL_TIME_PERIOD_type(ptr)) +#define sk_OSSL_TIME_PERIOD_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_TIME_PERIOD_sk_type(sk), ossl_check_OSSL_TIME_PERIOD_type(ptr), pnum) +#define sk_OSSL_TIME_PERIOD_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_TIME_PERIOD_sk_type(sk)) +#define sk_OSSL_TIME_PERIOD_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_TIME_PERIOD_sk_type(sk)) +#define sk_OSSL_TIME_PERIOD_dup(sk) ((STACK_OF(OSSL_TIME_PERIOD) *)OPENSSL_sk_dup(ossl_check_const_OSSL_TIME_PERIOD_sk_type(sk))) +#define sk_OSSL_TIME_PERIOD_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_TIME_PERIOD) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_TIME_PERIOD_sk_type(sk), ossl_check_OSSL_TIME_PERIOD_copyfunc_type(copyfunc), ossl_check_OSSL_TIME_PERIOD_freefunc_type(freefunc))) +#define sk_OSSL_TIME_PERIOD_set_cmp_func(sk, cmp) ((sk_OSSL_TIME_PERIOD_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_TIME_PERIOD_sk_type(sk), ossl_check_OSSL_TIME_PERIOD_compfunc_type(cmp))) + + +SKM_DEFINE_STACK_OF_INTERNAL(OSSL_DAY_TIME_BAND, OSSL_DAY_TIME_BAND, OSSL_DAY_TIME_BAND) +#define sk_OSSL_DAY_TIME_BAND_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_DAY_TIME_BAND_sk_type(sk)) +#define sk_OSSL_DAY_TIME_BAND_value(sk, idx) ((OSSL_DAY_TIME_BAND *)OPENSSL_sk_value(ossl_check_const_OSSL_DAY_TIME_BAND_sk_type(sk), (idx))) +#define sk_OSSL_DAY_TIME_BAND_new(cmp) ((STACK_OF(OSSL_DAY_TIME_BAND) *)OPENSSL_sk_new(ossl_check_OSSL_DAY_TIME_BAND_compfunc_type(cmp))) +#define sk_OSSL_DAY_TIME_BAND_new_null() ((STACK_OF(OSSL_DAY_TIME_BAND) *)OPENSSL_sk_new_null()) +#define sk_OSSL_DAY_TIME_BAND_new_reserve(cmp, n) ((STACK_OF(OSSL_DAY_TIME_BAND) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_DAY_TIME_BAND_compfunc_type(cmp), (n))) +#define sk_OSSL_DAY_TIME_BAND_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_DAY_TIME_BAND_sk_type(sk), (n)) +#define sk_OSSL_DAY_TIME_BAND_free(sk) OPENSSL_sk_free(ossl_check_OSSL_DAY_TIME_BAND_sk_type(sk)) +#define sk_OSSL_DAY_TIME_BAND_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_DAY_TIME_BAND_sk_type(sk)) +#define sk_OSSL_DAY_TIME_BAND_delete(sk, i) ((OSSL_DAY_TIME_BAND *)OPENSSL_sk_delete(ossl_check_OSSL_DAY_TIME_BAND_sk_type(sk), (i))) +#define sk_OSSL_DAY_TIME_BAND_delete_ptr(sk, ptr) ((OSSL_DAY_TIME_BAND *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_DAY_TIME_BAND_sk_type(sk), ossl_check_OSSL_DAY_TIME_BAND_type(ptr))) +#define sk_OSSL_DAY_TIME_BAND_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_DAY_TIME_BAND_sk_type(sk), ossl_check_OSSL_DAY_TIME_BAND_type(ptr)) +#define sk_OSSL_DAY_TIME_BAND_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_DAY_TIME_BAND_sk_type(sk), ossl_check_OSSL_DAY_TIME_BAND_type(ptr)) +#define sk_OSSL_DAY_TIME_BAND_pop(sk) ((OSSL_DAY_TIME_BAND *)OPENSSL_sk_pop(ossl_check_OSSL_DAY_TIME_BAND_sk_type(sk))) +#define sk_OSSL_DAY_TIME_BAND_shift(sk) ((OSSL_DAY_TIME_BAND *)OPENSSL_sk_shift(ossl_check_OSSL_DAY_TIME_BAND_sk_type(sk))) +#define sk_OSSL_DAY_TIME_BAND_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_DAY_TIME_BAND_sk_type(sk),ossl_check_OSSL_DAY_TIME_BAND_freefunc_type(freefunc)) +#define sk_OSSL_DAY_TIME_BAND_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_DAY_TIME_BAND_sk_type(sk), ossl_check_OSSL_DAY_TIME_BAND_type(ptr), (idx)) +#define sk_OSSL_DAY_TIME_BAND_set(sk, idx, ptr) ((OSSL_DAY_TIME_BAND *)OPENSSL_sk_set(ossl_check_OSSL_DAY_TIME_BAND_sk_type(sk), (idx), ossl_check_OSSL_DAY_TIME_BAND_type(ptr))) +#define sk_OSSL_DAY_TIME_BAND_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_DAY_TIME_BAND_sk_type(sk), ossl_check_OSSL_DAY_TIME_BAND_type(ptr)) +#define sk_OSSL_DAY_TIME_BAND_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_DAY_TIME_BAND_sk_type(sk), ossl_check_OSSL_DAY_TIME_BAND_type(ptr)) +#define sk_OSSL_DAY_TIME_BAND_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_DAY_TIME_BAND_sk_type(sk), ossl_check_OSSL_DAY_TIME_BAND_type(ptr), pnum) +#define sk_OSSL_DAY_TIME_BAND_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_DAY_TIME_BAND_sk_type(sk)) +#define sk_OSSL_DAY_TIME_BAND_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_DAY_TIME_BAND_sk_type(sk)) +#define sk_OSSL_DAY_TIME_BAND_dup(sk) ((STACK_OF(OSSL_DAY_TIME_BAND) *)OPENSSL_sk_dup(ossl_check_const_OSSL_DAY_TIME_BAND_sk_type(sk))) +#define sk_OSSL_DAY_TIME_BAND_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_DAY_TIME_BAND) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_DAY_TIME_BAND_sk_type(sk), ossl_check_OSSL_DAY_TIME_BAND_copyfunc_type(copyfunc), ossl_check_OSSL_DAY_TIME_BAND_freefunc_type(freefunc))) +#define sk_OSSL_DAY_TIME_BAND_set_cmp_func(sk, cmp) ((sk_OSSL_DAY_TIME_BAND_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_DAY_TIME_BAND_sk_type(sk), ossl_check_OSSL_DAY_TIME_BAND_compfunc_type(cmp))) + + +/* Attribute Type and Value */ +typedef struct atav_st { + ASN1_OBJECT *type; + ASN1_TYPE *value; +} OSSL_ATAV; + +typedef struct ATTRIBUTE_TYPE_MAPPING_st { + ASN1_OBJECT *local; + ASN1_OBJECT *remote; +} OSSL_ATTRIBUTE_TYPE_MAPPING; + +typedef struct ATTRIBUTE_VALUE_MAPPING_st { + OSSL_ATAV *local; + OSSL_ATAV *remote; +} OSSL_ATTRIBUTE_VALUE_MAPPING; + +# define OSSL_ATTR_MAP_TYPE 0 +# define OSSL_ATTR_MAP_VALUE 1 + +typedef struct ATTRIBUTE_MAPPING_st { + int type; + union { + OSSL_ATTRIBUTE_TYPE_MAPPING *typeMappings; + OSSL_ATTRIBUTE_VALUE_MAPPING *typeValueMappings; + } choice; +} OSSL_ATTRIBUTE_MAPPING; + +typedef STACK_OF(OSSL_ATTRIBUTE_MAPPING) OSSL_ATTRIBUTE_MAPPINGS; +DECLARE_ASN1_FUNCTIONS(OSSL_ATAV) +DECLARE_ASN1_FUNCTIONS(OSSL_ATTRIBUTE_TYPE_MAPPING) +DECLARE_ASN1_FUNCTIONS(OSSL_ATTRIBUTE_VALUE_MAPPING) +DECLARE_ASN1_FUNCTIONS(OSSL_ATTRIBUTE_MAPPING) +DECLARE_ASN1_FUNCTIONS(OSSL_ATTRIBUTE_MAPPINGS) + +SKM_DEFINE_STACK_OF_INTERNAL(OSSL_ATTRIBUTE_MAPPING, OSSL_ATTRIBUTE_MAPPING, OSSL_ATTRIBUTE_MAPPING) +#define sk_OSSL_ATTRIBUTE_MAPPING_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_ATTRIBUTE_MAPPING_sk_type(sk)) +#define sk_OSSL_ATTRIBUTE_MAPPING_value(sk, idx) ((OSSL_ATTRIBUTE_MAPPING *)OPENSSL_sk_value(ossl_check_const_OSSL_ATTRIBUTE_MAPPING_sk_type(sk), (idx))) +#define sk_OSSL_ATTRIBUTE_MAPPING_new(cmp) ((STACK_OF(OSSL_ATTRIBUTE_MAPPING) *)OPENSSL_sk_new(ossl_check_OSSL_ATTRIBUTE_MAPPING_compfunc_type(cmp))) +#define sk_OSSL_ATTRIBUTE_MAPPING_new_null() ((STACK_OF(OSSL_ATTRIBUTE_MAPPING) *)OPENSSL_sk_new_null()) +#define sk_OSSL_ATTRIBUTE_MAPPING_new_reserve(cmp, n) ((STACK_OF(OSSL_ATTRIBUTE_MAPPING) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_ATTRIBUTE_MAPPING_compfunc_type(cmp), (n))) +#define sk_OSSL_ATTRIBUTE_MAPPING_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_ATTRIBUTE_MAPPING_sk_type(sk), (n)) +#define sk_OSSL_ATTRIBUTE_MAPPING_free(sk) OPENSSL_sk_free(ossl_check_OSSL_ATTRIBUTE_MAPPING_sk_type(sk)) +#define sk_OSSL_ATTRIBUTE_MAPPING_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_ATTRIBUTE_MAPPING_sk_type(sk)) +#define sk_OSSL_ATTRIBUTE_MAPPING_delete(sk, i) ((OSSL_ATTRIBUTE_MAPPING *)OPENSSL_sk_delete(ossl_check_OSSL_ATTRIBUTE_MAPPING_sk_type(sk), (i))) +#define sk_OSSL_ATTRIBUTE_MAPPING_delete_ptr(sk, ptr) ((OSSL_ATTRIBUTE_MAPPING *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_ATTRIBUTE_MAPPING_sk_type(sk), ossl_check_OSSL_ATTRIBUTE_MAPPING_type(ptr))) +#define sk_OSSL_ATTRIBUTE_MAPPING_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_ATTRIBUTE_MAPPING_sk_type(sk), ossl_check_OSSL_ATTRIBUTE_MAPPING_type(ptr)) +#define sk_OSSL_ATTRIBUTE_MAPPING_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_ATTRIBUTE_MAPPING_sk_type(sk), ossl_check_OSSL_ATTRIBUTE_MAPPING_type(ptr)) +#define sk_OSSL_ATTRIBUTE_MAPPING_pop(sk) ((OSSL_ATTRIBUTE_MAPPING *)OPENSSL_sk_pop(ossl_check_OSSL_ATTRIBUTE_MAPPING_sk_type(sk))) +#define sk_OSSL_ATTRIBUTE_MAPPING_shift(sk) ((OSSL_ATTRIBUTE_MAPPING *)OPENSSL_sk_shift(ossl_check_OSSL_ATTRIBUTE_MAPPING_sk_type(sk))) +#define sk_OSSL_ATTRIBUTE_MAPPING_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_ATTRIBUTE_MAPPING_sk_type(sk),ossl_check_OSSL_ATTRIBUTE_MAPPING_freefunc_type(freefunc)) +#define sk_OSSL_ATTRIBUTE_MAPPING_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_ATTRIBUTE_MAPPING_sk_type(sk), ossl_check_OSSL_ATTRIBUTE_MAPPING_type(ptr), (idx)) +#define sk_OSSL_ATTRIBUTE_MAPPING_set(sk, idx, ptr) ((OSSL_ATTRIBUTE_MAPPING *)OPENSSL_sk_set(ossl_check_OSSL_ATTRIBUTE_MAPPING_sk_type(sk), (idx), ossl_check_OSSL_ATTRIBUTE_MAPPING_type(ptr))) +#define sk_OSSL_ATTRIBUTE_MAPPING_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_ATTRIBUTE_MAPPING_sk_type(sk), ossl_check_OSSL_ATTRIBUTE_MAPPING_type(ptr)) +#define sk_OSSL_ATTRIBUTE_MAPPING_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_ATTRIBUTE_MAPPING_sk_type(sk), ossl_check_OSSL_ATTRIBUTE_MAPPING_type(ptr)) +#define sk_OSSL_ATTRIBUTE_MAPPING_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_ATTRIBUTE_MAPPING_sk_type(sk), ossl_check_OSSL_ATTRIBUTE_MAPPING_type(ptr), pnum) +#define sk_OSSL_ATTRIBUTE_MAPPING_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_ATTRIBUTE_MAPPING_sk_type(sk)) +#define sk_OSSL_ATTRIBUTE_MAPPING_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_ATTRIBUTE_MAPPING_sk_type(sk)) +#define sk_OSSL_ATTRIBUTE_MAPPING_dup(sk) ((STACK_OF(OSSL_ATTRIBUTE_MAPPING) *)OPENSSL_sk_dup(ossl_check_const_OSSL_ATTRIBUTE_MAPPING_sk_type(sk))) +#define sk_OSSL_ATTRIBUTE_MAPPING_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_ATTRIBUTE_MAPPING) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_ATTRIBUTE_MAPPING_sk_type(sk), ossl_check_OSSL_ATTRIBUTE_MAPPING_copyfunc_type(copyfunc), ossl_check_OSSL_ATTRIBUTE_MAPPING_freefunc_type(freefunc))) +#define sk_OSSL_ATTRIBUTE_MAPPING_set_cmp_func(sk, cmp) ((sk_OSSL_ATTRIBUTE_MAPPING_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_ATTRIBUTE_MAPPING_sk_type(sk), ossl_check_OSSL_ATTRIBUTE_MAPPING_compfunc_type(cmp))) + + +# define OSSL_AAA_ATTRIBUTE_TYPE 0 +# define OSSL_AAA_ATTRIBUTE_VALUES 1 + +typedef struct ALLOWED_ATTRIBUTES_CHOICE_st { + int type; + union { + ASN1_OBJECT *attributeType; + X509_ATTRIBUTE *attributeTypeandValues; + } choice; +} OSSL_ALLOWED_ATTRIBUTES_CHOICE; + +typedef struct ALLOWED_ATTRIBUTES_ITEM_st { + STACK_OF(OSSL_ALLOWED_ATTRIBUTES_CHOICE) *attributes; + GENERAL_NAME *holderDomain; +} OSSL_ALLOWED_ATTRIBUTES_ITEM; + +typedef STACK_OF(OSSL_ALLOWED_ATTRIBUTES_ITEM) OSSL_ALLOWED_ATTRIBUTES_SYNTAX; + +DECLARE_ASN1_FUNCTIONS(OSSL_ALLOWED_ATTRIBUTES_CHOICE) +DECLARE_ASN1_FUNCTIONS(OSSL_ALLOWED_ATTRIBUTES_ITEM) +DECLARE_ASN1_FUNCTIONS(OSSL_ALLOWED_ATTRIBUTES_SYNTAX) + +SKM_DEFINE_STACK_OF_INTERNAL(OSSL_ALLOWED_ATTRIBUTES_CHOICE, OSSL_ALLOWED_ATTRIBUTES_CHOICE, OSSL_ALLOWED_ATTRIBUTES_CHOICE) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_value(sk, idx) ((OSSL_ALLOWED_ATTRIBUTES_CHOICE *)OPENSSL_sk_value(ossl_check_const_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk), (idx))) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_new(cmp) ((STACK_OF(OSSL_ALLOWED_ATTRIBUTES_CHOICE) *)OPENSSL_sk_new(ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_compfunc_type(cmp))) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_new_null() ((STACK_OF(OSSL_ALLOWED_ATTRIBUTES_CHOICE) *)OPENSSL_sk_new_null()) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_new_reserve(cmp, n) ((STACK_OF(OSSL_ALLOWED_ATTRIBUTES_CHOICE) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_compfunc_type(cmp), (n))) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk), (n)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_free(sk) OPENSSL_sk_free(ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_delete(sk, i) ((OSSL_ALLOWED_ATTRIBUTES_CHOICE *)OPENSSL_sk_delete(ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk), (i))) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_delete_ptr(sk, ptr) ((OSSL_ALLOWED_ATTRIBUTES_CHOICE *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk), ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_type(ptr))) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk), ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_type(ptr)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk), ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_type(ptr)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_pop(sk) ((OSSL_ALLOWED_ATTRIBUTES_CHOICE *)OPENSSL_sk_pop(ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk))) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_shift(sk) ((OSSL_ALLOWED_ATTRIBUTES_CHOICE *)OPENSSL_sk_shift(ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk))) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk),ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_freefunc_type(freefunc)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk), ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_type(ptr), (idx)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_set(sk, idx, ptr) ((OSSL_ALLOWED_ATTRIBUTES_CHOICE *)OPENSSL_sk_set(ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk), (idx), ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_type(ptr))) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk), ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_type(ptr)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk), ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_type(ptr)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk), ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_type(ptr), pnum) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_dup(sk) ((STACK_OF(OSSL_ALLOWED_ATTRIBUTES_CHOICE) *)OPENSSL_sk_dup(ossl_check_const_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk))) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_ALLOWED_ATTRIBUTES_CHOICE) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk), ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_copyfunc_type(copyfunc), ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_freefunc_type(freefunc))) +#define sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_set_cmp_func(sk, cmp) ((sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_sk_type(sk), ossl_check_OSSL_ALLOWED_ATTRIBUTES_CHOICE_compfunc_type(cmp))) + + +SKM_DEFINE_STACK_OF_INTERNAL(OSSL_ALLOWED_ATTRIBUTES_ITEM, OSSL_ALLOWED_ATTRIBUTES_ITEM, OSSL_ALLOWED_ATTRIBUTES_ITEM) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_value(sk, idx) ((OSSL_ALLOWED_ATTRIBUTES_ITEM *)OPENSSL_sk_value(ossl_check_const_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk), (idx))) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_new(cmp) ((STACK_OF(OSSL_ALLOWED_ATTRIBUTES_ITEM) *)OPENSSL_sk_new(ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_compfunc_type(cmp))) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_new_null() ((STACK_OF(OSSL_ALLOWED_ATTRIBUTES_ITEM) *)OPENSSL_sk_new_null()) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_new_reserve(cmp, n) ((STACK_OF(OSSL_ALLOWED_ATTRIBUTES_ITEM) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_compfunc_type(cmp), (n))) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk), (n)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_free(sk) OPENSSL_sk_free(ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_delete(sk, i) ((OSSL_ALLOWED_ATTRIBUTES_ITEM *)OPENSSL_sk_delete(ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk), (i))) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_delete_ptr(sk, ptr) ((OSSL_ALLOWED_ATTRIBUTES_ITEM *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk), ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_type(ptr))) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk), ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_type(ptr)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk), ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_type(ptr)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_pop(sk) ((OSSL_ALLOWED_ATTRIBUTES_ITEM *)OPENSSL_sk_pop(ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk))) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_shift(sk) ((OSSL_ALLOWED_ATTRIBUTES_ITEM *)OPENSSL_sk_shift(ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk))) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk),ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_freefunc_type(freefunc)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk), ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_type(ptr), (idx)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_set(sk, idx, ptr) ((OSSL_ALLOWED_ATTRIBUTES_ITEM *)OPENSSL_sk_set(ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk), (idx), ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_type(ptr))) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk), ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_type(ptr)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk), ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_type(ptr)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk), ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_type(ptr), pnum) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk)) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_dup(sk) ((STACK_OF(OSSL_ALLOWED_ATTRIBUTES_ITEM) *)OPENSSL_sk_dup(ossl_check_const_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk))) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_ALLOWED_ATTRIBUTES_ITEM) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk), ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_copyfunc_type(copyfunc), ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_freefunc_type(freefunc))) +#define sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_set_cmp_func(sk, cmp) ((sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_sk_type(sk), ossl_check_OSSL_ALLOWED_ATTRIBUTES_ITEM_compfunc_type(cmp))) + + +typedef struct AA_DIST_POINT_st { + DIST_POINT_NAME *distpoint; + ASN1_BIT_STRING *reasons; + int dp_reasons; + ASN1_BOOLEAN indirectCRL; + ASN1_BOOLEAN containsUserAttributeCerts; + ASN1_BOOLEAN containsAACerts; + ASN1_BOOLEAN containsSOAPublicKeyCerts; +} OSSL_AA_DIST_POINT; + +DECLARE_ASN1_FUNCTIONS(OSSL_AA_DIST_POINT) + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/common/include/prov/der_digests.h b/contrib/openssl-cmake/common/include/prov/der_digests.h new file mode 100644 index 000000000000..b184807c80ce --- /dev/null +++ b/contrib/openssl-cmake/common/include/prov/der_digests.h @@ -0,0 +1,160 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from providers/common/include/prov/der_digests.h.in + * + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/der.h" + +/* Well known OIDs precompiled */ + +/* + * sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 } + */ +#define DER_OID_V_sigAlgs DER_P_OBJECT, 8, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03 +#define DER_OID_SZ_sigAlgs 10 +extern const unsigned char ossl_der_oid_sigAlgs[DER_OID_SZ_sigAlgs]; + +/* + * id-sha1 OBJECT IDENTIFIER ::= { iso(1) + * identified-organization(3) oiw(14) + * secsig(3) algorithms(2) 26 } + */ +#define DER_OID_V_id_sha1 DER_P_OBJECT, 5, 0x2B, 0x0E, 0x03, 0x02, 0x1A +#define DER_OID_SZ_id_sha1 7 +extern const unsigned char ossl_der_oid_id_sha1[DER_OID_SZ_id_sha1]; + +/* + * id-md2 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } + */ +#define DER_OID_V_id_md2 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x02 +#define DER_OID_SZ_id_md2 10 +extern const unsigned char ossl_der_oid_id_md2[DER_OID_SZ_id_md2]; + +/* + * id-md5 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } + */ +#define DER_OID_V_id_md5 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05 +#define DER_OID_SZ_id_md5 10 +extern const unsigned char ossl_der_oid_id_md5[DER_OID_SZ_id_md5]; + +/* + * id-sha256 OBJECT IDENTIFIER ::= { hashAlgs 1 } + */ +#define DER_OID_V_id_sha256 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 +#define DER_OID_SZ_id_sha256 11 +extern const unsigned char ossl_der_oid_id_sha256[DER_OID_SZ_id_sha256]; + +/* + * id-sha384 OBJECT IDENTIFIER ::= { hashAlgs 2 } + */ +#define DER_OID_V_id_sha384 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02 +#define DER_OID_SZ_id_sha384 11 +extern const unsigned char ossl_der_oid_id_sha384[DER_OID_SZ_id_sha384]; + +/* + * id-sha512 OBJECT IDENTIFIER ::= { hashAlgs 3 } + */ +#define DER_OID_V_id_sha512 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03 +#define DER_OID_SZ_id_sha512 11 +extern const unsigned char ossl_der_oid_id_sha512[DER_OID_SZ_id_sha512]; + +/* + * id-sha224 OBJECT IDENTIFIER ::= { hashAlgs 4 } + */ +#define DER_OID_V_id_sha224 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04 +#define DER_OID_SZ_id_sha224 11 +extern const unsigned char ossl_der_oid_id_sha224[DER_OID_SZ_id_sha224]; + +/* + * id-sha512-224 OBJECT IDENTIFIER ::= { hashAlgs 5 } + */ +#define DER_OID_V_id_sha512_224 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x05 +#define DER_OID_SZ_id_sha512_224 11 +extern const unsigned char ossl_der_oid_id_sha512_224[DER_OID_SZ_id_sha512_224]; + +/* + * id-sha512-256 OBJECT IDENTIFIER ::= { hashAlgs 6 } + */ +#define DER_OID_V_id_sha512_256 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x06 +#define DER_OID_SZ_id_sha512_256 11 +extern const unsigned char ossl_der_oid_id_sha512_256[DER_OID_SZ_id_sha512_256]; + +/* + * id-sha3-224 OBJECT IDENTIFIER ::= { hashAlgs 7 } + */ +#define DER_OID_V_id_sha3_224 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x07 +#define DER_OID_SZ_id_sha3_224 11 +extern const unsigned char ossl_der_oid_id_sha3_224[DER_OID_SZ_id_sha3_224]; + +/* + * id-sha3-256 OBJECT IDENTIFIER ::= { hashAlgs 8 } + */ +#define DER_OID_V_id_sha3_256 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x08 +#define DER_OID_SZ_id_sha3_256 11 +extern const unsigned char ossl_der_oid_id_sha3_256[DER_OID_SZ_id_sha3_256]; + +/* + * id-sha3-384 OBJECT IDENTIFIER ::= { hashAlgs 9 } + */ +#define DER_OID_V_id_sha3_384 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x09 +#define DER_OID_SZ_id_sha3_384 11 +extern const unsigned char ossl_der_oid_id_sha3_384[DER_OID_SZ_id_sha3_384]; + +/* + * id-sha3-512 OBJECT IDENTIFIER ::= { hashAlgs 10 } + */ +#define DER_OID_V_id_sha3_512 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0A +#define DER_OID_SZ_id_sha3_512 11 +extern const unsigned char ossl_der_oid_id_sha3_512[DER_OID_SZ_id_sha3_512]; + +/* + * id-shake128 OBJECT IDENTIFIER ::= { hashAlgs 11 } + */ +#define DER_OID_V_id_shake128 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0B +#define DER_OID_SZ_id_shake128 11 +extern const unsigned char ossl_der_oid_id_shake128[DER_OID_SZ_id_shake128]; + +/* + * id-shake256 OBJECT IDENTIFIER ::= { hashAlgs 12 } + */ +#define DER_OID_V_id_shake256 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0C +#define DER_OID_SZ_id_shake256 11 +extern const unsigned char ossl_der_oid_id_shake256[DER_OID_SZ_id_shake256]; + +/* + * id-shake128-len OBJECT IDENTIFIER ::= { hashAlgs 17 } + */ +#define DER_OID_V_id_shake128_len DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x11 +#define DER_OID_SZ_id_shake128_len 11 +extern const unsigned char ossl_der_oid_id_shake128_len[DER_OID_SZ_id_shake128_len]; + +/* + * id-shake256-len OBJECT IDENTIFIER ::= { hashAlgs 18 } + */ +#define DER_OID_V_id_shake256_len DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x12 +#define DER_OID_SZ_id_shake256_len 11 +extern const unsigned char ossl_der_oid_id_shake256_len[DER_OID_SZ_id_shake256_len]; + +/* + * id-KMACWithSHAKE128 OBJECT IDENTIFIER ::={hashAlgs 19} + */ +#define DER_OID_V_id_KMACWithSHAKE128 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x13 +#define DER_OID_SZ_id_KMACWithSHAKE128 11 +extern const unsigned char ossl_der_oid_id_KMACWithSHAKE128[DER_OID_SZ_id_KMACWithSHAKE128]; + +/* + * id-KMACWithSHAKE256 OBJECT IDENTIFIER ::={ hashAlgs 20} + */ +#define DER_OID_V_id_KMACWithSHAKE256 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x14 +#define DER_OID_SZ_id_KMACWithSHAKE256 11 +extern const unsigned char ossl_der_oid_id_KMACWithSHAKE256[DER_OID_SZ_id_KMACWithSHAKE256]; + diff --git a/contrib/openssl-cmake/common/include/prov/der_dsa.h b/contrib/openssl-cmake/common/include/prov/der_dsa.h new file mode 100644 index 000000000000..b12a56282b25 --- /dev/null +++ b/contrib/openssl-cmake/common/include/prov/der_dsa.h @@ -0,0 +1,94 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from providers/common/include/prov/der_dsa.h.in + * + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/der.h" + +/* Well known OIDs precompiled */ + +/* + * id-dsa OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 } + */ +#define DER_OID_V_id_dsa DER_P_OBJECT, 7, 0x2A, 0x86, 0x48, 0xCE, 0x38, 0x04, 0x01 +#define DER_OID_SZ_id_dsa 9 +extern const unsigned char ossl_der_oid_id_dsa[DER_OID_SZ_id_dsa]; + +/* + * id-dsa-with-sha1 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 } + */ +#define DER_OID_V_id_dsa_with_sha1 DER_P_OBJECT, 7, 0x2A, 0x86, 0x48, 0xCE, 0x38, 0x04, 0x03 +#define DER_OID_SZ_id_dsa_with_sha1 9 +extern const unsigned char ossl_der_oid_id_dsa_with_sha1[DER_OID_SZ_id_dsa_with_sha1]; + +/* + * id-dsa-with-sha224 OBJECT IDENTIFIER ::= { sigAlgs 1 } + */ +#define DER_OID_V_id_dsa_with_sha224 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x01 +#define DER_OID_SZ_id_dsa_with_sha224 11 +extern const unsigned char ossl_der_oid_id_dsa_with_sha224[DER_OID_SZ_id_dsa_with_sha224]; + +/* + * id-dsa-with-sha256 OBJECT IDENTIFIER ::= { sigAlgs 2 } + */ +#define DER_OID_V_id_dsa_with_sha256 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x02 +#define DER_OID_SZ_id_dsa_with_sha256 11 +extern const unsigned char ossl_der_oid_id_dsa_with_sha256[DER_OID_SZ_id_dsa_with_sha256]; + +/* + * id-dsa-with-sha384 OBJECT IDENTIFIER ::= { sigAlgs 3 } + */ +#define DER_OID_V_id_dsa_with_sha384 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x03 +#define DER_OID_SZ_id_dsa_with_sha384 11 +extern const unsigned char ossl_der_oid_id_dsa_with_sha384[DER_OID_SZ_id_dsa_with_sha384]; + +/* + * id-dsa-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 4 } + */ +#define DER_OID_V_id_dsa_with_sha512 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x04 +#define DER_OID_SZ_id_dsa_with_sha512 11 +extern const unsigned char ossl_der_oid_id_dsa_with_sha512[DER_OID_SZ_id_dsa_with_sha512]; + +/* + * id-dsa-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 5 } + */ +#define DER_OID_V_id_dsa_with_sha3_224 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x05 +#define DER_OID_SZ_id_dsa_with_sha3_224 11 +extern const unsigned char ossl_der_oid_id_dsa_with_sha3_224[DER_OID_SZ_id_dsa_with_sha3_224]; + +/* + * id-dsa-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 6 } + */ +#define DER_OID_V_id_dsa_with_sha3_256 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x06 +#define DER_OID_SZ_id_dsa_with_sha3_256 11 +extern const unsigned char ossl_der_oid_id_dsa_with_sha3_256[DER_OID_SZ_id_dsa_with_sha3_256]; + +/* + * id-dsa-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 7 } + */ +#define DER_OID_V_id_dsa_with_sha3_384 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x07 +#define DER_OID_SZ_id_dsa_with_sha3_384 11 +extern const unsigned char ossl_der_oid_id_dsa_with_sha3_384[DER_OID_SZ_id_dsa_with_sha3_384]; + +/* + * id-dsa-with-sha3-512 OBJECT IDENTIFIER ::= { sigAlgs 8 } + */ +#define DER_OID_V_id_dsa_with_sha3_512 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x08 +#define DER_OID_SZ_id_dsa_with_sha3_512 11 +extern const unsigned char ossl_der_oid_id_dsa_with_sha3_512[DER_OID_SZ_id_dsa_with_sha3_512]; + + +/* Subject Public Key Info */ +int ossl_DER_w_algorithmIdentifier_DSA(WPACKET *pkt, int tag, DSA *dsa); +/* Signature */ +int ossl_DER_w_algorithmIdentifier_DSA_with_MD(WPACKET *pkt, int tag, + DSA *dsa, int mdnid); diff --git a/contrib/openssl-cmake/common/include/prov/der_ec.h b/contrib/openssl-cmake/common/include/prov/der_ec.h new file mode 100644 index 000000000000..dd697771f711 --- /dev/null +++ b/contrib/openssl-cmake/common/include/prov/der_ec.h @@ -0,0 +1,286 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from providers/common/include/prov/der_ec.h.in + * + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "crypto/ec.h" +#include "internal/der.h" + +/* Well known OIDs precompiled */ + +/* + * ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { id-ecSigType 1 } + */ +#define DER_OID_V_ecdsa_with_SHA1 DER_P_OBJECT, 7, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x01 +#define DER_OID_SZ_ecdsa_with_SHA1 9 +extern const unsigned char ossl_der_oid_ecdsa_with_SHA1[DER_OID_SZ_ecdsa_with_SHA1]; + +/* + * id-ecPublicKey OBJECT IDENTIFIER ::= { id-publicKeyType 1 } + */ +#define DER_OID_V_id_ecPublicKey DER_P_OBJECT, 7, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01 +#define DER_OID_SZ_id_ecPublicKey 9 +extern const unsigned char ossl_der_oid_id_ecPublicKey[DER_OID_SZ_id_ecPublicKey]; + +/* + * c2pnb163v1 OBJECT IDENTIFIER ::= { c-TwoCurve 1 } + */ +#define DER_OID_V_c2pnb163v1 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x00, 0x01 +#define DER_OID_SZ_c2pnb163v1 10 +extern const unsigned char ossl_der_oid_c2pnb163v1[DER_OID_SZ_c2pnb163v1]; + +/* + * c2pnb163v2 OBJECT IDENTIFIER ::= { c-TwoCurve 2 } + */ +#define DER_OID_V_c2pnb163v2 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x00, 0x02 +#define DER_OID_SZ_c2pnb163v2 10 +extern const unsigned char ossl_der_oid_c2pnb163v2[DER_OID_SZ_c2pnb163v2]; + +/* + * c2pnb163v3 OBJECT IDENTIFIER ::= { c-TwoCurve 3 } + */ +#define DER_OID_V_c2pnb163v3 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x00, 0x03 +#define DER_OID_SZ_c2pnb163v3 10 +extern const unsigned char ossl_der_oid_c2pnb163v3[DER_OID_SZ_c2pnb163v3]; + +/* + * c2pnb176w1 OBJECT IDENTIFIER ::= { c-TwoCurve 4 } + */ +#define DER_OID_V_c2pnb176w1 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x00, 0x04 +#define DER_OID_SZ_c2pnb176w1 10 +extern const unsigned char ossl_der_oid_c2pnb176w1[DER_OID_SZ_c2pnb176w1]; + +/* + * c2tnb191v1 OBJECT IDENTIFIER ::= { c-TwoCurve 5 } + */ +#define DER_OID_V_c2tnb191v1 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x00, 0x05 +#define DER_OID_SZ_c2tnb191v1 10 +extern const unsigned char ossl_der_oid_c2tnb191v1[DER_OID_SZ_c2tnb191v1]; + +/* + * c2tnb191v2 OBJECT IDENTIFIER ::= { c-TwoCurve 6 } + */ +#define DER_OID_V_c2tnb191v2 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x00, 0x06 +#define DER_OID_SZ_c2tnb191v2 10 +extern const unsigned char ossl_der_oid_c2tnb191v2[DER_OID_SZ_c2tnb191v2]; + +/* + * c2tnb191v3 OBJECT IDENTIFIER ::= { c-TwoCurve 7 } + */ +#define DER_OID_V_c2tnb191v3 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x00, 0x07 +#define DER_OID_SZ_c2tnb191v3 10 +extern const unsigned char ossl_der_oid_c2tnb191v3[DER_OID_SZ_c2tnb191v3]; + +/* + * c2onb191v4 OBJECT IDENTIFIER ::= { c-TwoCurve 8 } + */ +#define DER_OID_V_c2onb191v4 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x00, 0x08 +#define DER_OID_SZ_c2onb191v4 10 +extern const unsigned char ossl_der_oid_c2onb191v4[DER_OID_SZ_c2onb191v4]; + +/* + * c2onb191v5 OBJECT IDENTIFIER ::= { c-TwoCurve 9 } + */ +#define DER_OID_V_c2onb191v5 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x00, 0x09 +#define DER_OID_SZ_c2onb191v5 10 +extern const unsigned char ossl_der_oid_c2onb191v5[DER_OID_SZ_c2onb191v5]; + +/* + * c2pnb208w1 OBJECT IDENTIFIER ::= { c-TwoCurve 10 } + */ +#define DER_OID_V_c2pnb208w1 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x00, 0x0A +#define DER_OID_SZ_c2pnb208w1 10 +extern const unsigned char ossl_der_oid_c2pnb208w1[DER_OID_SZ_c2pnb208w1]; + +/* + * c2tnb239v1 OBJECT IDENTIFIER ::= { c-TwoCurve 11 } + */ +#define DER_OID_V_c2tnb239v1 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x00, 0x0B +#define DER_OID_SZ_c2tnb239v1 10 +extern const unsigned char ossl_der_oid_c2tnb239v1[DER_OID_SZ_c2tnb239v1]; + +/* + * c2tnb239v2 OBJECT IDENTIFIER ::= { c-TwoCurve 12 } + */ +#define DER_OID_V_c2tnb239v2 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x00, 0x0C +#define DER_OID_SZ_c2tnb239v2 10 +extern const unsigned char ossl_der_oid_c2tnb239v2[DER_OID_SZ_c2tnb239v2]; + +/* + * c2tnb239v3 OBJECT IDENTIFIER ::= { c-TwoCurve 13 } + */ +#define DER_OID_V_c2tnb239v3 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x00, 0x0D +#define DER_OID_SZ_c2tnb239v3 10 +extern const unsigned char ossl_der_oid_c2tnb239v3[DER_OID_SZ_c2tnb239v3]; + +/* + * c2onb239v4 OBJECT IDENTIFIER ::= { c-TwoCurve 14 } + */ +#define DER_OID_V_c2onb239v4 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x00, 0x0E +#define DER_OID_SZ_c2onb239v4 10 +extern const unsigned char ossl_der_oid_c2onb239v4[DER_OID_SZ_c2onb239v4]; + +/* + * c2onb239v5 OBJECT IDENTIFIER ::= { c-TwoCurve 15 } + */ +#define DER_OID_V_c2onb239v5 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x00, 0x0F +#define DER_OID_SZ_c2onb239v5 10 +extern const unsigned char ossl_der_oid_c2onb239v5[DER_OID_SZ_c2onb239v5]; + +/* + * c2pnb272w1 OBJECT IDENTIFIER ::= { c-TwoCurve 16 } + */ +#define DER_OID_V_c2pnb272w1 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x00, 0x10 +#define DER_OID_SZ_c2pnb272w1 10 +extern const unsigned char ossl_der_oid_c2pnb272w1[DER_OID_SZ_c2pnb272w1]; + +/* + * c2pnb304w1 OBJECT IDENTIFIER ::= { c-TwoCurve 17 } + */ +#define DER_OID_V_c2pnb304w1 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x00, 0x11 +#define DER_OID_SZ_c2pnb304w1 10 +extern const unsigned char ossl_der_oid_c2pnb304w1[DER_OID_SZ_c2pnb304w1]; + +/* + * c2tnb359v1 OBJECT IDENTIFIER ::= { c-TwoCurve 18 } + */ +#define DER_OID_V_c2tnb359v1 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x00, 0x12 +#define DER_OID_SZ_c2tnb359v1 10 +extern const unsigned char ossl_der_oid_c2tnb359v1[DER_OID_SZ_c2tnb359v1]; + +/* + * c2pnb368w1 OBJECT IDENTIFIER ::= { c-TwoCurve 19 } + */ +#define DER_OID_V_c2pnb368w1 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x00, 0x13 +#define DER_OID_SZ_c2pnb368w1 10 +extern const unsigned char ossl_der_oid_c2pnb368w1[DER_OID_SZ_c2pnb368w1]; + +/* + * c2tnb431r1 OBJECT IDENTIFIER ::= { c-TwoCurve 20 } + */ +#define DER_OID_V_c2tnb431r1 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x00, 0x14 +#define DER_OID_SZ_c2tnb431r1 10 +extern const unsigned char ossl_der_oid_c2tnb431r1[DER_OID_SZ_c2tnb431r1]; + +/* + * prime192v1 OBJECT IDENTIFIER ::= { primeCurve 1 } + */ +#define DER_OID_V_prime192v1 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x01 +#define DER_OID_SZ_prime192v1 10 +extern const unsigned char ossl_der_oid_prime192v1[DER_OID_SZ_prime192v1]; + +/* + * prime192v2 OBJECT IDENTIFIER ::= { primeCurve 2 } + */ +#define DER_OID_V_prime192v2 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x02 +#define DER_OID_SZ_prime192v2 10 +extern const unsigned char ossl_der_oid_prime192v2[DER_OID_SZ_prime192v2]; + +/* + * prime192v3 OBJECT IDENTIFIER ::= { primeCurve 3 } + */ +#define DER_OID_V_prime192v3 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x03 +#define DER_OID_SZ_prime192v3 10 +extern const unsigned char ossl_der_oid_prime192v3[DER_OID_SZ_prime192v3]; + +/* + * prime239v1 OBJECT IDENTIFIER ::= { primeCurve 4 } + */ +#define DER_OID_V_prime239v1 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x04 +#define DER_OID_SZ_prime239v1 10 +extern const unsigned char ossl_der_oid_prime239v1[DER_OID_SZ_prime239v1]; + +/* + * prime239v2 OBJECT IDENTIFIER ::= { primeCurve 5 } + */ +#define DER_OID_V_prime239v2 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x05 +#define DER_OID_SZ_prime239v2 10 +extern const unsigned char ossl_der_oid_prime239v2[DER_OID_SZ_prime239v2]; + +/* + * prime239v3 OBJECT IDENTIFIER ::= { primeCurve 6 } + */ +#define DER_OID_V_prime239v3 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x06 +#define DER_OID_SZ_prime239v3 10 +extern const unsigned char ossl_der_oid_prime239v3[DER_OID_SZ_prime239v3]; + +/* + * prime256v1 OBJECT IDENTIFIER ::= { primeCurve 7 } + */ +#define DER_OID_V_prime256v1 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07 +#define DER_OID_SZ_prime256v1 10 +extern const unsigned char ossl_der_oid_prime256v1[DER_OID_SZ_prime256v1]; + +/* + * ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) + * us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 1 } + */ +#define DER_OID_V_ecdsa_with_SHA224 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x01 +#define DER_OID_SZ_ecdsa_with_SHA224 10 +extern const unsigned char ossl_der_oid_ecdsa_with_SHA224[DER_OID_SZ_ecdsa_with_SHA224]; + +/* + * ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) + * us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 2 } + */ +#define DER_OID_V_ecdsa_with_SHA256 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02 +#define DER_OID_SZ_ecdsa_with_SHA256 10 +extern const unsigned char ossl_der_oid_ecdsa_with_SHA256[DER_OID_SZ_ecdsa_with_SHA256]; + +/* + * ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) + * us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 3 } + */ +#define DER_OID_V_ecdsa_with_SHA384 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03 +#define DER_OID_SZ_ecdsa_with_SHA384 10 +extern const unsigned char ossl_der_oid_ecdsa_with_SHA384[DER_OID_SZ_ecdsa_with_SHA384]; + +/* + * ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) + * us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 4 } + */ +#define DER_OID_V_ecdsa_with_SHA512 DER_P_OBJECT, 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x04 +#define DER_OID_SZ_ecdsa_with_SHA512 10 +extern const unsigned char ossl_der_oid_ecdsa_with_SHA512[DER_OID_SZ_ecdsa_with_SHA512]; + +/* + * id-ecdsa-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 9 } + */ +#define DER_OID_V_id_ecdsa_with_sha3_224 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x09 +#define DER_OID_SZ_id_ecdsa_with_sha3_224 11 +extern const unsigned char ossl_der_oid_id_ecdsa_with_sha3_224[DER_OID_SZ_id_ecdsa_with_sha3_224]; + +/* + * id-ecdsa-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 10 } + */ +#define DER_OID_V_id_ecdsa_with_sha3_256 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x0A +#define DER_OID_SZ_id_ecdsa_with_sha3_256 11 +extern const unsigned char ossl_der_oid_id_ecdsa_with_sha3_256[DER_OID_SZ_id_ecdsa_with_sha3_256]; + +/* + * id-ecdsa-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 11 } + */ +#define DER_OID_V_id_ecdsa_with_sha3_384 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x0B +#define DER_OID_SZ_id_ecdsa_with_sha3_384 11 +extern const unsigned char ossl_der_oid_id_ecdsa_with_sha3_384[DER_OID_SZ_id_ecdsa_with_sha3_384]; + +/* + * id-ecdsa-with-sha3-512 OBJECT IDENTIFIER ::= { sigAlgs 12 } + */ +#define DER_OID_V_id_ecdsa_with_sha3_512 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x0C +#define DER_OID_SZ_id_ecdsa_with_sha3_512 11 +extern const unsigned char ossl_der_oid_id_ecdsa_with_sha3_512[DER_OID_SZ_id_ecdsa_with_sha3_512]; + + +/* Subject Public Key Info */ +int ossl_DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec); +/* Signature */ +int ossl_DER_w_algorithmIdentifier_ECDSA_with_MD(WPACKET *pkt, int cont, + EC_KEY *ec, int mdnid); diff --git a/contrib/openssl-cmake/common/include/prov/der_ecx.h b/contrib/openssl-cmake/common/include/prov/der_ecx.h new file mode 100644 index 000000000000..fc85738055b5 --- /dev/null +++ b/contrib/openssl-cmake/common/include/prov/der_ecx.h @@ -0,0 +1,50 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from providers/common/include/prov/der_ecx.h.in + * + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/der.h" +#include "crypto/ecx.h" + +/* Well known OIDs precompiled */ + +/* + * id-X25519 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 110 } + */ +#define DER_OID_V_id_X25519 DER_P_OBJECT, 3, 0x2B, 0x65, 0x6E +#define DER_OID_SZ_id_X25519 5 +extern const unsigned char ossl_der_oid_id_X25519[DER_OID_SZ_id_X25519]; + +/* + * id-X448 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 111 } + */ +#define DER_OID_V_id_X448 DER_P_OBJECT, 3, 0x2B, 0x65, 0x6F +#define DER_OID_SZ_id_X448 5 +extern const unsigned char ossl_der_oid_id_X448[DER_OID_SZ_id_X448]; + +/* + * id-Ed25519 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 112 } + */ +#define DER_OID_V_id_Ed25519 DER_P_OBJECT, 3, 0x2B, 0x65, 0x70 +#define DER_OID_SZ_id_Ed25519 5 +extern const unsigned char ossl_der_oid_id_Ed25519[DER_OID_SZ_id_Ed25519]; + +/* + * id-Ed448 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 113 } + */ +#define DER_OID_V_id_Ed448 DER_P_OBJECT, 3, 0x2B, 0x65, 0x71 +#define DER_OID_SZ_id_Ed448 5 +extern const unsigned char ossl_der_oid_id_Ed448[DER_OID_SZ_id_Ed448]; + + +int ossl_DER_w_algorithmIdentifier_ED25519(WPACKET *pkt, int cont, ECX_KEY *ec); +int ossl_DER_w_algorithmIdentifier_ED448(WPACKET *pkt, int cont, ECX_KEY *ec); +int ossl_DER_w_algorithmIdentifier_X25519(WPACKET *pkt, int cont, ECX_KEY *ec); +int ossl_DER_w_algorithmIdentifier_X448(WPACKET *pkt, int cont, ECX_KEY *ec); diff --git a/contrib/openssl-cmake/common/include/prov/der_ml_dsa.h b/contrib/openssl-cmake/common/include/prov/der_ml_dsa.h new file mode 100644 index 000000000000..c55f780ab452 --- /dev/null +++ b/contrib/openssl-cmake/common/include/prov/der_ml_dsa.h @@ -0,0 +1,40 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from providers/common/include/prov/der_ml_dsa.h.in + * + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/der.h" +#include "crypto/ml_dsa.h" + +/* Well known OIDs precompiled */ + +/* + * id-ml-dsa-44 OBJECT IDENTIFIER ::= { sigAlgs 17 } + */ +#define DER_OID_V_id_ml_dsa_44 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x11 +#define DER_OID_SZ_id_ml_dsa_44 11 +extern const unsigned char ossl_der_oid_id_ml_dsa_44[DER_OID_SZ_id_ml_dsa_44]; + +/* + * id-ml-dsa-65 OBJECT IDENTIFIER ::= { sigAlgs 18 } + */ +#define DER_OID_V_id_ml_dsa_65 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x12 +#define DER_OID_SZ_id_ml_dsa_65 11 +extern const unsigned char ossl_der_oid_id_ml_dsa_65[DER_OID_SZ_id_ml_dsa_65]; + +/* + * id-ml-dsa-87 OBJECT IDENTIFIER ::= { sigAlgs 19 } + */ +#define DER_OID_V_id_ml_dsa_87 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x13 +#define DER_OID_SZ_id_ml_dsa_87 11 +extern const unsigned char ossl_der_oid_id_ml_dsa_87[DER_OID_SZ_id_ml_dsa_87]; + + +int ossl_DER_w_algorithmIdentifier_ML_DSA(WPACKET *pkt, int tag, ML_DSA_KEY *key); diff --git a/contrib/openssl-cmake/common/include/prov/der_rsa.h b/contrib/openssl-cmake/common/include/prov/der_rsa.h new file mode 100644 index 000000000000..5ec3c515a1bd --- /dev/null +++ b/contrib/openssl-cmake/common/include/prov/der_rsa.h @@ -0,0 +1,187 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from providers/common/include/prov/der_rsa.h.in + * + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "crypto/rsa.h" +#include "internal/der.h" + +/* Well known OIDs precompiled */ + +/* + * hashAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 2 } + */ +#define DER_OID_V_hashAlgs DER_P_OBJECT, 8, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02 +#define DER_OID_SZ_hashAlgs 10 +extern const unsigned char ossl_der_oid_hashAlgs[DER_OID_SZ_hashAlgs]; + +/* + * rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } + */ +#define DER_OID_V_rsaEncryption DER_P_OBJECT, 9, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01 +#define DER_OID_SZ_rsaEncryption 11 +extern const unsigned char ossl_der_oid_rsaEncryption[DER_OID_SZ_rsaEncryption]; + +/* + * id-RSAES-OAEP OBJECT IDENTIFIER ::= { pkcs-1 7 } + */ +#define DER_OID_V_id_RSAES_OAEP DER_P_OBJECT, 9, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x07 +#define DER_OID_SZ_id_RSAES_OAEP 11 +extern const unsigned char ossl_der_oid_id_RSAES_OAEP[DER_OID_SZ_id_RSAES_OAEP]; + +/* + * id-pSpecified OBJECT IDENTIFIER ::= { pkcs-1 9 } + */ +#define DER_OID_V_id_pSpecified DER_P_OBJECT, 9, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x09 +#define DER_OID_SZ_id_pSpecified 11 +extern const unsigned char ossl_der_oid_id_pSpecified[DER_OID_SZ_id_pSpecified]; + +/* + * id-RSASSA-PSS OBJECT IDENTIFIER ::= { pkcs-1 10 } + */ +#define DER_OID_V_id_RSASSA_PSS DER_P_OBJECT, 9, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A +#define DER_OID_SZ_id_RSASSA_PSS 11 +extern const unsigned char ossl_der_oid_id_RSASSA_PSS[DER_OID_SZ_id_RSASSA_PSS]; + +/* + * md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 } + */ +#define DER_OID_V_md2WithRSAEncryption DER_P_OBJECT, 9, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x02 +#define DER_OID_SZ_md2WithRSAEncryption 11 +extern const unsigned char ossl_der_oid_md2WithRSAEncryption[DER_OID_SZ_md2WithRSAEncryption]; + +/* + * md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 } + */ +#define DER_OID_V_md5WithRSAEncryption DER_P_OBJECT, 9, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x04 +#define DER_OID_SZ_md5WithRSAEncryption 11 +extern const unsigned char ossl_der_oid_md5WithRSAEncryption[DER_OID_SZ_md5WithRSAEncryption]; + +/* + * sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 } + */ +#define DER_OID_V_sha1WithRSAEncryption DER_P_OBJECT, 9, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05 +#define DER_OID_SZ_sha1WithRSAEncryption 11 +extern const unsigned char ossl_der_oid_sha1WithRSAEncryption[DER_OID_SZ_sha1WithRSAEncryption]; + +/* + * sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 14 } + */ +#define DER_OID_V_sha224WithRSAEncryption DER_P_OBJECT, 9, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0E +#define DER_OID_SZ_sha224WithRSAEncryption 11 +extern const unsigned char ossl_der_oid_sha224WithRSAEncryption[DER_OID_SZ_sha224WithRSAEncryption]; + +/* + * sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 } + */ +#define DER_OID_V_sha256WithRSAEncryption DER_P_OBJECT, 9, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B +#define DER_OID_SZ_sha256WithRSAEncryption 11 +extern const unsigned char ossl_der_oid_sha256WithRSAEncryption[DER_OID_SZ_sha256WithRSAEncryption]; + +/* + * sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 } + */ +#define DER_OID_V_sha384WithRSAEncryption DER_P_OBJECT, 9, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C +#define DER_OID_SZ_sha384WithRSAEncryption 11 +extern const unsigned char ossl_der_oid_sha384WithRSAEncryption[DER_OID_SZ_sha384WithRSAEncryption]; + +/* + * sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 } + */ +#define DER_OID_V_sha512WithRSAEncryption DER_P_OBJECT, 9, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0D +#define DER_OID_SZ_sha512WithRSAEncryption 11 +extern const unsigned char ossl_der_oid_sha512WithRSAEncryption[DER_OID_SZ_sha512WithRSAEncryption]; + +/* + * sha512-224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 15 } + */ +#define DER_OID_V_sha512_224WithRSAEncryption DER_P_OBJECT, 9, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0F +#define DER_OID_SZ_sha512_224WithRSAEncryption 11 +extern const unsigned char ossl_der_oid_sha512_224WithRSAEncryption[DER_OID_SZ_sha512_224WithRSAEncryption]; + +/* + * sha512-256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 16 } + */ +#define DER_OID_V_sha512_256WithRSAEncryption DER_P_OBJECT, 9, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x10 +#define DER_OID_SZ_sha512_256WithRSAEncryption 11 +extern const unsigned char ossl_der_oid_sha512_256WithRSAEncryption[DER_OID_SZ_sha512_256WithRSAEncryption]; + +/* + * id-mgf1 OBJECT IDENTIFIER ::= { pkcs-1 8 } + */ +#define DER_OID_V_id_mgf1 DER_P_OBJECT, 9, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08 +#define DER_OID_SZ_id_mgf1 11 +extern const unsigned char ossl_der_oid_id_mgf1[DER_OID_SZ_id_mgf1]; + +/* + * id-rsassa-pkcs1-v1_5-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 13 } + */ +#define DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_224 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x0D +#define DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_224 11 +extern const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_224[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_224]; + +/* + * id-rsassa-pkcs1-v1_5-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 14 } + */ +#define DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_256 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x0E +#define DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_256 11 +extern const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_256[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_256]; + +/* + * id-rsassa-pkcs1-v1_5-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 15 } + */ +#define DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_384 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x0F +#define DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_384 11 +extern const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_384[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_384]; + +/* + * id-rsassa-pkcs1-v1_5-with-sha3-512 OBJECT IDENTIFIER ::= { sigAlgs 16 } + */ +#define DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_512 DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x10 +#define DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_512 11 +extern const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_512]; + +/* + * md4WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 3 } + */ +#define DER_OID_V_md4WithRSAEncryption DER_P_OBJECT, 9, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x03 +#define DER_OID_SZ_md4WithRSAEncryption 11 +extern const unsigned char ossl_der_oid_md4WithRSAEncryption[DER_OID_SZ_md4WithRSAEncryption]; + +/* + * ripemd160WithRSAEncryption OBJECT IDENTIFIER ::= { + * iso(1) identified-organization(3) teletrust(36) algorithm(3) signatureAlgorithm(3) rsaSignature(1) 2 + * } + */ +#define DER_OID_V_ripemd160WithRSAEncryption DER_P_OBJECT, 6, 0x2B, 0x24, 0x03, 0x03, 0x01, 0x02 +#define DER_OID_SZ_ripemd160WithRSAEncryption 8 +extern const unsigned char ossl_der_oid_ripemd160WithRSAEncryption[DER_OID_SZ_ripemd160WithRSAEncryption]; + +/* + * mdc2WithRSASignature OBJECT IDENTIFIER ::= { + * iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) mdc2WithRSASignature(14) + * } + */ +#define DER_OID_V_mdc2WithRSASignature DER_P_OBJECT, 5, 0x2B, 0x0E, 0x03, 0x02, 0x0E +#define DER_OID_SZ_mdc2WithRSASignature 7 +extern const unsigned char ossl_der_oid_mdc2WithRSASignature[DER_OID_SZ_mdc2WithRSASignature]; + + +/* PSS parameters */ +int ossl_DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag, + const RSA_PSS_PARAMS_30 *pss); +/* Subject Public Key Info */ +int ossl_DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa); +int ossl_DER_w_algorithmIdentifier_RSA_PSS(WPACKET *pkt, int tag, + int rsa_type, + const RSA_PSS_PARAMS_30 *pss); +/* Signature */ +int ossl_DER_w_algorithmIdentifier_MDWithRSAEncryption(WPACKET *pkt, int tag, + int mdnid); diff --git a/contrib/openssl-cmake/common/include/prov/der_slh_dsa.h b/contrib/openssl-cmake/common/include/prov/der_slh_dsa.h new file mode 100644 index 000000000000..760f8e7699be --- /dev/null +++ b/contrib/openssl-cmake/common/include/prov/der_slh_dsa.h @@ -0,0 +1,103 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from providers/common/include/prov/der_slh_dsa.h.in + * + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/der.h" +#include "crypto/slh_dsa.h" + +/* Well known OIDs precompiled */ + +/* + * id-slh-dsa-sha2-128s OBJECT IDENTIFIER ::= { sigAlgs 20 } + */ +#define DER_OID_V_id_slh_dsa_sha2_128s DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x14 +#define DER_OID_SZ_id_slh_dsa_sha2_128s 11 +extern const unsigned char ossl_der_oid_id_slh_dsa_sha2_128s[DER_OID_SZ_id_slh_dsa_sha2_128s]; + +/* + * id-slh-dsa-sha2-128f OBJECT IDENTIFIER ::= { sigAlgs 21 } + */ +#define DER_OID_V_id_slh_dsa_sha2_128f DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x15 +#define DER_OID_SZ_id_slh_dsa_sha2_128f 11 +extern const unsigned char ossl_der_oid_id_slh_dsa_sha2_128f[DER_OID_SZ_id_slh_dsa_sha2_128f]; + +/* + * id-slh-dsa-sha2-192s OBJECT IDENTIFIER ::= { sigAlgs 22 } + */ +#define DER_OID_V_id_slh_dsa_sha2_192s DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x16 +#define DER_OID_SZ_id_slh_dsa_sha2_192s 11 +extern const unsigned char ossl_der_oid_id_slh_dsa_sha2_192s[DER_OID_SZ_id_slh_dsa_sha2_192s]; + +/* + * id-slh-dsa-sha2-192f OBJECT IDENTIFIER ::= { sigAlgs 23 } + */ +#define DER_OID_V_id_slh_dsa_sha2_192f DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x17 +#define DER_OID_SZ_id_slh_dsa_sha2_192f 11 +extern const unsigned char ossl_der_oid_id_slh_dsa_sha2_192f[DER_OID_SZ_id_slh_dsa_sha2_192f]; + +/* + * id-slh-dsa-sha2-256s OBJECT IDENTIFIER ::= { sigAlgs 24 } + */ +#define DER_OID_V_id_slh_dsa_sha2_256s DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x18 +#define DER_OID_SZ_id_slh_dsa_sha2_256s 11 +extern const unsigned char ossl_der_oid_id_slh_dsa_sha2_256s[DER_OID_SZ_id_slh_dsa_sha2_256s]; + +/* + * id-slh-dsa-sha2-256f OBJECT IDENTIFIER ::= { sigAlgs 25 } + */ +#define DER_OID_V_id_slh_dsa_sha2_256f DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x19 +#define DER_OID_SZ_id_slh_dsa_sha2_256f 11 +extern const unsigned char ossl_der_oid_id_slh_dsa_sha2_256f[DER_OID_SZ_id_slh_dsa_sha2_256f]; + +/* + * id-slh-dsa-shake-128s OBJECT IDENTIFIER ::= { sigAlgs 26 } + */ +#define DER_OID_V_id_slh_dsa_shake_128s DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x1A +#define DER_OID_SZ_id_slh_dsa_shake_128s 11 +extern const unsigned char ossl_der_oid_id_slh_dsa_shake_128s[DER_OID_SZ_id_slh_dsa_shake_128s]; + +/* + * id-slh-dsa-shake-128f OBJECT IDENTIFIER ::= { sigAlgs 27 } + */ +#define DER_OID_V_id_slh_dsa_shake_128f DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x1B +#define DER_OID_SZ_id_slh_dsa_shake_128f 11 +extern const unsigned char ossl_der_oid_id_slh_dsa_shake_128f[DER_OID_SZ_id_slh_dsa_shake_128f]; + +/* + * id-slh-dsa-shake-192s OBJECT IDENTIFIER ::= { sigAlgs 28 } + */ +#define DER_OID_V_id_slh_dsa_shake_192s DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x1C +#define DER_OID_SZ_id_slh_dsa_shake_192s 11 +extern const unsigned char ossl_der_oid_id_slh_dsa_shake_192s[DER_OID_SZ_id_slh_dsa_shake_192s]; + +/* + * id-slh-dsa-shake-192f OBJECT IDENTIFIER ::= { sigAlgs 29 } + */ +#define DER_OID_V_id_slh_dsa_shake_192f DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x1D +#define DER_OID_SZ_id_slh_dsa_shake_192f 11 +extern const unsigned char ossl_der_oid_id_slh_dsa_shake_192f[DER_OID_SZ_id_slh_dsa_shake_192f]; + +/* + * id-slh-dsa-shake-256s OBJECT IDENTIFIER ::= { sigAlgs 30 } + */ +#define DER_OID_V_id_slh_dsa_shake_256s DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x1E +#define DER_OID_SZ_id_slh_dsa_shake_256s 11 +extern const unsigned char ossl_der_oid_id_slh_dsa_shake_256s[DER_OID_SZ_id_slh_dsa_shake_256s]; + +/* + * id-slh-dsa-shake-256f OBJECT IDENTIFIER ::= { sigAlgs 31 } + */ +#define DER_OID_V_id_slh_dsa_shake_256f DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x1F +#define DER_OID_SZ_id_slh_dsa_shake_256f 11 +extern const unsigned char ossl_der_oid_id_slh_dsa_shake_256f[DER_OID_SZ_id_slh_dsa_shake_256f]; + + +int ossl_DER_w_algorithmIdentifier_SLH_DSA(WPACKET *pkt, int tag, SLH_DSA_KEY *key); diff --git a/contrib/openssl-cmake/common/include/prov/der_sm2.h b/contrib/openssl-cmake/common/include/prov/der_sm2.h new file mode 100644 index 000000000000..9d41b31265ca --- /dev/null +++ b/contrib/openssl-cmake/common/include/prov/der_sm2.h @@ -0,0 +1,37 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from providers/common/include/prov/der_sm2.h.in + * + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "crypto/ec.h" +#include "internal/der.h" + +/* Well known OIDs precompiled */ + +/* + * sm2-with-SM3 OBJECT IDENTIFIER ::= { sm-scheme 501 } + */ +#define DER_OID_V_sm2_with_SM3 DER_P_OBJECT, 8, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x75 +#define DER_OID_SZ_sm2_with_SM3 10 +extern const unsigned char ossl_der_oid_sm2_with_SM3[DER_OID_SZ_sm2_with_SM3]; + +/* + * curveSM2 OBJECT IDENTIFIER ::= { sm-scheme 301 } + */ +#define DER_OID_V_curveSM2 DER_P_OBJECT, 8, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x82, 0x2D +#define DER_OID_SZ_curveSM2 10 +extern const unsigned char ossl_der_oid_curveSM2[DER_OID_SZ_curveSM2]; + + +/* Subject Public Key Info */ +int ossl_DER_w_algorithmIdentifier_SM2(WPACKET *pkt, int cont, EC_KEY *ec); +/* Signature */ +int ossl_DER_w_algorithmIdentifier_SM2_with_MD(WPACKET *pkt, int cont, + EC_KEY *ec, int mdnid); diff --git a/contrib/openssl-cmake/common/include/prov/der_wrap.h b/contrib/openssl-cmake/common/include/prov/der_wrap.h new file mode 100644 index 000000000000..ff2954037727 --- /dev/null +++ b/contrib/openssl-cmake/common/include/prov/der_wrap.h @@ -0,0 +1,46 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from providers/common/include/prov/der_wrap.h.in + * + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/der.h" + +/* Well known OIDs precompiled */ + +/* + * id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 + * } + */ +#define DER_OID_V_id_alg_CMS3DESwrap DER_P_OBJECT, 11, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x10, 0x03, 0x06 +#define DER_OID_SZ_id_alg_CMS3DESwrap 13 +extern const unsigned char ossl_der_oid_id_alg_CMS3DESwrap[DER_OID_SZ_id_alg_CMS3DESwrap]; + +/* + * id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 } + */ +#define DER_OID_V_id_aes128_wrap DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x05 +#define DER_OID_SZ_id_aes128_wrap 11 +extern const unsigned char ossl_der_oid_id_aes128_wrap[DER_OID_SZ_id_aes128_wrap]; + +/* + * id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 } + */ +#define DER_OID_V_id_aes192_wrap DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x19 +#define DER_OID_SZ_id_aes192_wrap 11 +extern const unsigned char ossl_der_oid_id_aes192_wrap[DER_OID_SZ_id_aes192_wrap]; + +/* + * id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 } + */ +#define DER_OID_V_id_aes256_wrap DER_P_OBJECT, 9, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2D +#define DER_OID_SZ_id_aes256_wrap 11 +extern const unsigned char ossl_der_oid_id_aes256_wrap[DER_OID_SZ_id_aes256_wrap]; + diff --git a/contrib/openssl-cmake/common/params_idx.c b/contrib/openssl-cmake/common/params_idx.c new file mode 100644 index 000000000000..9d76ffededc2 --- /dev/null +++ b/contrib/openssl-cmake/common/params_idx.c @@ -0,0 +1,3366 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from crypto/params_idx.c.in + * + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + +#include "internal/e_os.h" +#include "internal/param_names.h" +#include + +/* Machine generated TRIE -- generated by util/perl/OpenSSL/paramnames.pm */ +int ossl_param_find_pidx(const char *s) +{ + switch(s[0]) { + default: + break; + case 'a': + switch(s[1]) { + default: + break; + case 'c': + if (strcmp("vp-info", s + 2) == 0) + return PIDX_KDF_PARAM_X942_ACVPINFO; + break; + case 'd': + switch(s[2]) { + default: + break; + case 'd': + if (strcmp("itional-random", s + 3) == 0) + return PIDX_SIGNATURE_PARAM_ADD_RANDOM; + break; + case '\0': + return PIDX_KDF_PARAM_ARGON2_AD; + } + break; + case 'e': + if (strcmp("ad", s + 2) == 0) + return PIDX_CIPHER_PARAM_AEAD; + break; + case 'l': + switch(s[2]) { + default: + break; + case 'g': + switch(s[3]) { + default: + break; + case '_': + if (strcmp("id_param", s + 4) == 0) + return PIDX_CIPHER_PARAM_ALGORITHM_ID_PARAMS_OLD; + break; + case 'i': + if (strcmp("d-absent", s + 4) == 0) + return PIDX_DIGEST_PARAM_ALGID_ABSENT; + break; + case 'o': + switch(s[4]) { + default: + break; + case 'r': + switch(s[5]) { + default: + break; + case 'i': + switch(s[6]) { + default: + break; + case 't': + switch(s[7]) { + default: + break; + case 'h': + switch(s[8]) { + default: + break; + case 'm': + switch(s[9]) { + default: + break; + case '-': + switch(s[10]) { + default: + break; + case 'i': + switch(s[11]) { + default: + break; + case 'd': + switch(s[12]) { + default: + break; + case '-': + if (strcmp("params", s + 13) == 0) + return PIDX_ALG_PARAM_ALGORITHM_ID_PARAMS; + break; + case '\0': + return PIDX_ALG_PARAM_ALGORITHM_ID; + } + } + } + } + } + } + } + } + } + } + break; + case 'i': + if (strcmp("as", s + 3) == 0) + return PIDX_STORE_PARAM_ALIAS; + } + break; + case '\0': + return PIDX_PKEY_PARAM_EC_A; + } + break; + case 'b': + switch(s[1]) { + default: + break; + case 'a': + if (strcmp("sis-type", s + 2) == 0) + return PIDX_PKEY_PARAM_EC_CHAR2_TYPE; + break; + case 'i': + if (strcmp("ts", s + 2) == 0) + return PIDX_PKEY_PARAM_BITS; + break; + case 'l': + switch(s[2]) { + default: + break; + case 'o': + switch(s[3]) { + default: + break; + case 'c': + switch(s[4]) { + default: + break; + case 'k': + switch(s[5]) { + default: + break; + case '-': + if (strcmp("size", s + 6) == 0) + return PIDX_MAC_PARAM_BLOCK_SIZE; + break; + case '_': + if (strcmp("padding", s + 6) == 0) + return PIDX_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING; + break; + case 's': + if (strcmp("ize", s + 6) == 0) + return PIDX_DIGEST_PARAM_BLOCK_SIZE; + } + } + } + } + break; + case 'u': + if (strcmp("ildinfo", s + 2) == 0) + return PIDX_PROV_PARAM_BUILDINFO; + break; + case '\0': + return PIDX_PKEY_PARAM_EC_B; + } + break; + case 'c': + switch(s[1]) { + default: + break; + case '-': + if (strcmp("rounds", s + 2) == 0) + return PIDX_MAC_PARAM_C_ROUNDS; + break; + case 'e': + if (strcmp("kalg", s + 2) == 0) + return PIDX_KDF_PARAM_CEK_ALG; + break; + case 'i': + if (strcmp("pher", s + 2) == 0) + return PIDX_ALG_PARAM_CIPHER; + break; + case 'o': + switch(s[2]) { + default: + break; + case 'f': + if (strcmp("actor", s + 3) == 0) + return PIDX_PKEY_PARAM_EC_COFACTOR; + break; + case 'n': + switch(s[3]) { + default: + break; + case 's': + if (strcmp("tant", s + 4) == 0) + return PIDX_KDF_PARAM_CONSTANT; + break; + case 't': + if (strcmp("ext-string", s + 4) == 0) + return PIDX_SIGNATURE_PARAM_CONTEXT_STRING; + } + } + break; + case 't': + switch(s[2]) { + default: + break; + case 's': + switch(s[3]) { + default: + break; + case '_': + if (strcmp("mode", s + 4) == 0) + return PIDX_CIPHER_PARAM_CTS_MODE; + break; + case '\0': + return PIDX_CIPHER_PARAM_CTS; + } + } + break; + case 'u': + switch(s[2]) { + default: + break; + case 's': + switch(s[3]) { + default: + break; + case 't': + switch(s[4]) { + default: + break; + case 'o': + switch(s[5]) { + default: + break; + case 'm': + switch(s[6]) { + default: + break; + case '-': + if (strcmp("iv", s + 7) == 0) + return PIDX_CIPHER_PARAM_CUSTOM_IV; + break; + case '\0': + return PIDX_MAC_PARAM_CUSTOM; + } + } + } + } + } + } + break; + case 'd': + switch(s[1]) { + default: + break; + case '-': + if (strcmp("rounds", s + 2) == 0) + return PIDX_MAC_PARAM_D_ROUNDS; + break; + case 'a': + switch(s[2]) { + default: + break; + case 't': + switch(s[3]) { + default: + break; + case 'a': + switch(s[4]) { + default: + break; + case '-': + switch(s[5]) { + default: + break; + case 's': + if (strcmp("tructure", s + 6) == 0) + return PIDX_OBJECT_PARAM_DATA_STRUCTURE; + break; + case 't': + if (strcmp("ype", s + 6) == 0) + return PIDX_OBJECT_PARAM_DATA_TYPE; + } + break; + case '\0': + return PIDX_OBJECT_PARAM_DATA; + } + } + } + break; + case 'e': + switch(s[2]) { + default: + break; + case 'c': + switch(s[3]) { + default: + break; + case 'o': + if (strcmp("ded-from-explicit", s + 4) == 0) + return PIDX_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS; + break; + case 'r': + if (strcmp("ypt-only", s + 4) == 0) + return PIDX_CIPHER_PARAM_DECRYPT_ONLY; + } + break; + case 'f': + if (strcmp("ault-digest", s + 3) == 0) + return PIDX_PKEY_PARAM_DEFAULT_DIGEST; + break; + case 's': + if (strcmp("c", s + 3) == 0) + return PIDX_OBJECT_PARAM_DESC; + break; + case 't': + if (strcmp("erministic", s + 3) == 0) + return PIDX_SIGNATURE_PARAM_DETERMINISTIC; + } + break; + case 'h': + if (strcmp("kem-ikm", s + 2) == 0) + return PIDX_PKEY_PARAM_DHKEM_IKM; + break; + case 'i': + switch(s[2]) { + default: + break; + case 'g': + switch(s[3]) { + default: + break; + case 'e': + switch(s[4]) { + default: + break; + case 's': + switch(s[5]) { + default: + break; + case 't': + switch(s[6]) { + default: + break; + case '-': + switch(s[7]) { + default: + break; + case 'c': + if (strcmp("heck", s + 8) == 0) + return PIDX_PKEY_PARAM_FIPS_DIGEST_CHECK; + break; + case 'n': + if (strcmp("oinit", s + 8) == 0) + return PIDX_MAC_PARAM_DIGEST_NOINIT; + break; + case 'o': + if (strcmp("neshot", s + 8) == 0) + return PIDX_MAC_PARAM_DIGEST_ONESHOT; + break; + case 'p': + if (strcmp("rops", s + 8) == 0) + return PIDX_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS; + break; + case 's': + if (strcmp("ize", s + 8) == 0) + return PIDX_PKEY_PARAM_DIGEST_SIZE; + } + break; + case '\0': + return PIDX_STORE_PARAM_DIGEST; + } + } + } + } + break; + case 's': + if (strcmp("tid", s + 3) == 0) + return PIDX_PKEY_PARAM_DIST_ID; + } + break; + case 'r': + if (strcmp("bg-no-trunc-md", s + 2) == 0) + return PIDX_PROV_PARAM_DRBG_TRUNC_DIGEST; + break; + case 's': + if (strcmp("a-sign-disabled", s + 2) == 0) + return PIDX_PROV_PARAM_DSA_SIGN_DISABLED; + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_D; + } + break; + case 'e': + switch(s[1]) { + default: + break; + case 'a': + if (strcmp("rly_clean", s + 2) == 0) + return PIDX_KDF_PARAM_EARLY_CLEAN; + break; + case 'c': + switch(s[2]) { + default: + break; + case 'd': + switch(s[3]) { + default: + break; + case 'h': + switch(s[4]) { + default: + break; + case '-': + switch(s[5]) { + default: + break; + case 'c': + switch(s[6]) { + default: + break; + case 'o': + switch(s[7]) { + default: + break; + case 'f': + switch(s[8]) { + default: + break; + case 'a': + switch(s[9]) { + default: + break; + case 'c': + switch(s[10]) { + default: + break; + case 't': + switch(s[11]) { + default: + break; + case 'o': + switch(s[12]) { + default: + break; + case 'r': + switch(s[13]) { + default: + break; + case '-': + switch(s[14]) { + default: + break; + case 'c': + if (strcmp("heck", s + 15) == 0) + return PIDX_PROV_PARAM_ECDH_COFACTOR_CHECK; + break; + case 'm': + if (strcmp("ode", s + 15) == 0) + return PIDX_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE; + } + } + } + } + } + } + } + } + } + } + } + } + } + break; + case 'm': + if (strcmp("s_check", s + 2) == 0) + return PIDX_KDF_PARAM_FIPS_EMS_CHECK; + break; + case 'n': + switch(s[2]) { + default: + break; + case 'c': + switch(s[3]) { + default: + break; + case 'o': + switch(s[4]) { + default: + break; + case 'd': + switch(s[5]) { + default: + break; + case 'e': + if (strcmp("d-pub-key", s + 6) == 0) + return PIDX_PKEY_PARAM_ENCODED_PUBLIC_KEY; + break; + case 'i': + if (strcmp("ng", s + 6) == 0) + return PIDX_PKEY_PARAM_EC_ENCODING; + } + } + break; + case 'r': + switch(s[4]) { + default: + break; + case 'y': + switch(s[5]) { + default: + break; + case 'p': + switch(s[6]) { + default: + break; + case 't': + switch(s[7]) { + default: + break; + case '-': + switch(s[8]) { + default: + break; + case 'c': + if (strcmp("heck", s + 9) == 0) + return PIDX_CIPHER_PARAM_FIPS_ENCRYPT_CHECK; + break; + case 'l': + if (strcmp("evel", s + 9) == 0) + return PIDX_ENCODER_PARAM_ENCRYPT_LEVEL; + } + } + } + } + } + } + break; + case 'g': + if (strcmp("ine", s + 3) == 0) + return PIDX_ALG_PARAM_ENGINE; + break; + case 't': + switch(s[3]) { + default: + break; + case 'r': + switch(s[4]) { + default: + break; + case 'o': + switch(s[5]) { + default: + break; + case 'p': + switch(s[6]) { + default: + break; + case 'y': + switch(s[7]) { + default: + break; + case '_': + if (strcmp("required", s + 8) == 0) + return PIDX_DRBG_PARAM_ENTROPY_REQUIRED; + break; + case '\0': + return PIDX_KDF_PARAM_HMACDRBG_ENTROPY; + } + } + } + } + } + } + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_E; + break; + case 'x': + if (strcmp("pect", s + 2) == 0) + return PIDX_STORE_PARAM_EXPECT; + } + break; + case 'f': + switch(s[1]) { + default: + break; + case 'i': + switch(s[2]) { + default: + break; + case 'e': + if (strcmp("ld-type", s + 3) == 0) + return PIDX_PKEY_PARAM_EC_FIELD_TYPE; + break; + case 'n': + if (strcmp("gerprint", s + 3) == 0) + return PIDX_STORE_PARAM_FINGERPRINT; + break; + case 'p': + if (strcmp("s-indicator", s + 3) == 0) + return PIDX_ALG_PARAM_FIPS_APPROVED_INDICATOR; + } + } + break; + case 'g': + switch(s[1]) { + default: + break; + case 'e': + switch(s[2]) { + default: + break; + case 'n': + switch(s[3]) { + default: + break; + case 'e': + switch(s[4]) { + default: + break; + case 'r': + switch(s[5]) { + default: + break; + case 'a': + switch(s[6]) { + default: + break; + case 't': + switch(s[7]) { + default: + break; + case 'e': + switch(s[8]) { + default: + break; + case '\0': + return PIDX_RAND_PARAM_GENERATE; + } + break; + case 'o': + if (strcmp("r", s + 8) == 0) + return PIDX_PKEY_PARAM_EC_GENERATOR; + } + } + } + } + } + } + break; + case 'i': + if (strcmp("ndex", s + 2) == 0) + return PIDX_PKEY_PARAM_FFC_GINDEX; + break; + case 'r': + switch(s[2]) { + default: + break; + case 'o': + switch(s[3]) { + default: + break; + case 'u': + switch(s[4]) { + default: + break; + case 'p': + switch(s[5]) { + default: + break; + case '-': + if (strcmp("check", s + 6) == 0) + return PIDX_PKEY_PARAM_EC_GROUP_CHECK_TYPE; + break; + case '\0': + return PIDX_PKEY_PARAM_GROUP_NAME; + } + } + } + } + break; + case '\0': + return PIDX_PKEY_PARAM_FFC_G; + } + break; + case 'h': + switch(s[1]) { + default: + break; + case 'a': + if (strcmp("s-randkey", s + 2) == 0) + return PIDX_CIPHER_PARAM_HAS_RAND_KEY; + break; + case 'i': + if (strcmp("ndex", s + 2) == 0) + return PIDX_PKEY_PARAM_FFC_H; + break; + case 'k': + switch(s[2]) { + default: + break; + case 'd': + switch(s[3]) { + default: + break; + case 'f': + switch(s[4]) { + default: + break; + case '-': + switch(s[5]) { + default: + break; + case 'd': + if (strcmp("igest-check", s + 6) == 0) + return PIDX_PROV_PARAM_HKDF_DIGEST_CHECK; + break; + case 'k': + if (strcmp("ey-check", s + 6) == 0) + return PIDX_PROV_PARAM_HKDF_KEY_CHECK; + } + } + } + } + break; + case 'm': + if (strcmp("ac-key-check", s + 2) == 0) + return PIDX_PROV_PARAM_HMAC_KEY_CHECK; + break; + case 's': + if (strcmp("_padding", s + 2) == 0) + return PIDX_LIBSSL_RECORD_LAYER_PARAM_HS_PADDING; + } + break; + case 'i': + switch(s[1]) { + default: + break; + case 'd': + switch(s[2]) { + default: + break; + case '\0': + return PIDX_KDF_PARAM_PKCS12_ID; + } + break; + case 'k': + if (strcmp("me", s + 2) == 0) + return PIDX_KEM_PARAM_IKME; + break; + case 'm': + if (strcmp("plicit-rejection", s + 2) == 0) + return PIDX_PKEY_PARAM_IMPLICIT_REJECTION; + break; + case 'n': + switch(s[2]) { + default: + break; + case 'c': + if (strcmp("lude-public", s + 3) == 0) + return PIDX_PKEY_PARAM_EC_INCLUDE_PUBLIC; + break; + case 'f': + if (strcmp("o", s + 3) == 0) + return PIDX_PASSPHRASE_PARAM_INFO; + break; + case 'p': + if (strcmp("ut-type", s + 3) == 0) + return PIDX_STORE_PARAM_INPUT_TYPE; + break; + case 's': + if (strcmp("tance", s + 3) == 0) + return PIDX_SIGNATURE_PARAM_INSTANCE; + } + break; + case 't': + switch(s[2]) { + default: + break; + case 'e': + switch(s[3]) { + default: + break; + case 'r': + switch(s[4]) { + default: + break; + case 'a': + if (strcmp("tion", s + 5) == 0) + return PIDX_GEN_PARAM_ITERATION; + break; + case '\0': + return PIDX_KDF_PARAM_ITER; + } + } + } + break; + case 'v': + switch(s[2]) { + default: + break; + case '-': + if (strcmp("generated", s + 3) == 0) + return PIDX_CIPHER_PARAM_AEAD_IV_GENERATED; + break; + case 'l': + if (strcmp("en", s + 3) == 0) + return PIDX_CIPHER_PARAM_IVLEN; + break; + case '\0': + return PIDX_MAC_PARAM_IV; + } + } + break; + case 'j': + switch(s[1]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_FFC_COFACTOR; + } + break; + case 'k': + switch(s[1]) { + default: + break; + case '1': + switch(s[2]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_EC_CHAR2_PP_K1; + } + break; + case '2': + switch(s[2]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_EC_CHAR2_PP_K2; + } + break; + case '3': + switch(s[2]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_EC_CHAR2_PP_K3; + } + break; + case 'a': + if (strcmp("t", s + 2) == 0) + return PIDX_SIGNATURE_PARAM_KAT; + break; + case 'b': + if (strcmp("kdf-key-check", s + 2) == 0) + return PIDX_PROV_PARAM_KBKDF_KEY_CHECK; + break; + case 'd': + switch(s[2]) { + default: + break; + case 'f': + switch(s[3]) { + default: + break; + case '-': + switch(s[4]) { + default: + break; + case 'd': + switch(s[5]) { + default: + break; + case 'i': + switch(s[6]) { + default: + break; + case 'g': + switch(s[7]) { + default: + break; + case 'e': + switch(s[8]) { + default: + break; + case 's': + switch(s[9]) { + default: + break; + case 't': + switch(s[10]) { + default: + break; + case '-': + if (strcmp("props", s + 11) == 0) + return PIDX_EXCHANGE_PARAM_KDF_DIGEST_PROPS; + break; + case '\0': + return PIDX_EXCHANGE_PARAM_KDF_DIGEST; + } + } + } + } + } + } + break; + case 'o': + if (strcmp("utlen", s + 5) == 0) + return PIDX_EXCHANGE_PARAM_KDF_OUTLEN; + break; + case 't': + if (strcmp("ype", s + 5) == 0) + return PIDX_EXCHANGE_PARAM_KDF_TYPE; + break; + case 'u': + if (strcmp("km", s + 5) == 0) + return PIDX_EXCHANGE_PARAM_KDF_UKM; + } + } + } + break; + case 'e': + switch(s[2]) { + default: + break; + case 'y': + switch(s[3]) { + default: + break; + case '-': + switch(s[4]) { + default: + break; + case 'c': + if (strcmp("heck", s + 5) == 0) + return PIDX_PKEY_PARAM_FIPS_KEY_CHECK; + break; + case 'l': + if (strcmp("ength", s + 5) == 0) + return PIDX_SKEY_PARAM_KEY_LENGTH; + } + break; + case 'b': + if (strcmp("its", s + 4) == 0) + return PIDX_CIPHER_PARAM_RC2_KEYBITS; + break; + case 'l': + if (strcmp("en", s + 4) == 0) + return PIDX_CIPHER_PARAM_KEYLEN; + break; + case '\0': + return PIDX_MAC_PARAM_KEY; + } + } + break; + case 'm': + if (strcmp("ac-key-check", s + 2) == 0) + return PIDX_PROV_PARAM_KMAC_KEY_CHECK; + } + break; + case 'l': + switch(s[1]) { + default: + break; + case 'a': + switch(s[2]) { + default: + break; + case 'b': + if (strcmp("el", s + 3) == 0) + return PIDX_KDF_PARAM_LABEL; + break; + case 'n': + if (strcmp("es", s + 3) == 0) + return PIDX_KDF_PARAM_ARGON2_LANES; + } + } + break; + case 'm': + switch(s[1]) { + default: + break; + case 'a': + switch(s[2]) { + default: + break; + case 'c': + switch(s[3]) { + default: + break; + case 'k': + if (strcmp("ey", s + 4) == 0) + return PIDX_CIPHER_PARAM_AEAD_MAC_KEY; + break; + case 'l': + if (strcmp("en", s + 4) == 0) + return PIDX_KDF_PARAM_MAC_SIZE; + break; + case '\0': + return PIDX_ALG_PARAM_MAC; + } + break; + case 'n': + if (strcmp("datory-digest", s + 3) == 0) + return PIDX_PKEY_PARAM_MANDATORY_DIGEST; + break; + case 'x': + switch(s[3]) { + default: + break; + case '-': + if (strcmp("size", s + 4) == 0) + return PIDX_PKEY_PARAM_MAX_SIZE; + break; + case '_': + switch(s[4]) { + default: + break; + case 'a': + if (strcmp("dinlen", s + 5) == 0) + return PIDX_DRBG_PARAM_MAX_ADINLEN; + break; + case 'e': + switch(s[5]) { + default: + break; + case 'a': + if (strcmp("rly_data", s + 6) == 0) + return PIDX_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA; + break; + case 'n': + if (strcmp("tropylen", s + 6) == 0) + return PIDX_DRBG_PARAM_MAX_ENTROPYLEN; + } + break; + case 'f': + if (strcmp("rag_len", s + 5) == 0) + return PIDX_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN; + break; + case 'n': + if (strcmp("oncelen", s + 5) == 0) + return PIDX_DRBG_PARAM_MAX_NONCELEN; + break; + case 'p': + if (strcmp("erslen", s + 5) == 0) + return PIDX_DRBG_PARAM_MAX_PERSLEN; + break; + case 'r': + if (strcmp("equest", s + 5) == 0) + return PIDX_RAND_PARAM_MAX_REQUEST; + } + break; + case 'i': + if (strcmp("um_length", s + 4) == 0) + return PIDX_DRBG_PARAM_MAX_LENGTH; + break; + case 'm': + if (strcmp("em_bytes", s + 4) == 0) + return PIDX_KDF_PARAM_SCRYPT_MAXMEM; + } + } + break; + case 'e': + switch(s[2]) { + default: + break; + case 'm': + if (strcmp("cost", s + 3) == 0) + return PIDX_KDF_PARAM_ARGON2_MEMCOST; + break; + case 's': + if (strcmp("sage-encoding", s + 3) == 0) + return PIDX_SIGNATURE_PARAM_MESSAGE_ENCODING; + } + break; + case 'g': + switch(s[2]) { + default: + break; + case 'f': + switch(s[3]) { + default: + break; + case '1': + switch(s[4]) { + default: + break; + case '-': + switch(s[5]) { + default: + break; + case 'd': + if (strcmp("igest", s + 6) == 0) + return PIDX_PKEY_PARAM_MGF1_DIGEST; + break; + case 'p': + if (strcmp("roperties", s + 6) == 0) + return PIDX_PKEY_PARAM_MGF1_PROPERTIES; + } + } + break; + case '\0': + return PIDX_PKEY_PARAM_MASKGENFUNC; + } + } + break; + case 'i': + switch(s[2]) { + default: + break; + case 'c': + if (strcmp("alg", s + 3) == 0) + return PIDX_DIGEST_PARAM_MICALG; + break; + case 'n': + switch(s[3]) { + default: + break; + case '_': + switch(s[4]) { + default: + break; + case 'e': + if (strcmp("ntropylen", s + 5) == 0) + return PIDX_DRBG_PARAM_MIN_ENTROPYLEN; + break; + case 'n': + if (strcmp("oncelen", s + 5) == 0) + return PIDX_DRBG_PARAM_MIN_NONCELEN; + } + break; + case 'i': + if (strcmp("um_length", s + 4) == 0) + return PIDX_DRBG_PARAM_MIN_LENGTH; + } + } + break; + case 'l': + switch(s[2]) { + default: + break; + case '-': + switch(s[3]) { + default: + break; + case 'd': + switch(s[4]) { + default: + break; + case 's': + switch(s[5]) { + default: + break; + case 'a': + switch(s[6]) { + default: + break; + case '.': + switch(s[7]) { + default: + break; + case 'i': + if (strcmp("nput_formats", s + 8) == 0) + return PIDX_PKEY_PARAM_ML_DSA_INPUT_FORMATS; + break; + case 'o': + if (strcmp("utput_formats", s + 8) == 0) + return PIDX_PKEY_PARAM_ML_DSA_OUTPUT_FORMATS; + break; + case 'p': + if (strcmp("refer_seed", s + 8) == 0) + return PIDX_PKEY_PARAM_ML_DSA_PREFER_SEED; + break; + case 'r': + if (strcmp("etain_seed", s + 8) == 0) + return PIDX_PKEY_PARAM_ML_DSA_RETAIN_SEED; + } + } + } + } + break; + case 'k': + switch(s[4]) { + default: + break; + case 'e': + switch(s[5]) { + default: + break; + case 'm': + switch(s[6]) { + default: + break; + case '.': + switch(s[7]) { + default: + break; + case 'i': + switch(s[8]) { + default: + break; + case 'm': + if (strcmp("port_pct_type", s + 9) == 0) + return PIDX_PKEY_PARAM_ML_KEM_IMPORT_PCT_TYPE; + break; + case 'n': + if (strcmp("put_formats", s + 9) == 0) + return PIDX_PKEY_PARAM_ML_KEM_INPUT_FORMATS; + } + break; + case 'o': + if (strcmp("utput_formats", s + 8) == 0) + return PIDX_PKEY_PARAM_ML_KEM_OUTPUT_FORMATS; + break; + case 'p': + if (strcmp("refer_seed", s + 8) == 0) + return PIDX_PKEY_PARAM_ML_KEM_PREFER_SEED; + break; + case 'r': + if (strcmp("etain_seed", s + 8) == 0) + return PIDX_PKEY_PARAM_ML_KEM_RETAIN_SEED; + } + } + } + } + } + } + break; + case 'o': + switch(s[2]) { + default: + break; + case 'd': + switch(s[3]) { + default: + break; + case 'e': + switch(s[4]) { + default: + break; + case '\0': + return PIDX_LIBSSL_RECORD_LAYER_PARAM_MODE; + } + break; + case 'u': + if (strcmp("le-filename", s + 4) == 0) + return PIDX_PROV_PARAM_CORE_MODULE_FILENAME; + } + } + break; + case 'u': + switch(s[2]) { + default: + break; + case '\0': + return PIDX_SIGNATURE_PARAM_MU; + } + break; + case '\0': + return PIDX_PKEY_PARAM_EC_CHAR2_M; + } + break; + case 'n': + switch(s[1]) { + default: + break; + case 'a': + if (strcmp("me", s + 2) == 0) + return PIDX_STORE_PARAM_ISSUER; + break; + case 'o': + switch(s[2]) { + default: + break; + case '-': + if (strcmp("short-mac", s + 3) == 0) + return PIDX_PROV_PARAM_NO_SHORT_MAC; + break; + case 'n': + switch(s[3]) { + default: + break; + case 'c': + switch(s[4]) { + default: + break; + case 'e': + switch(s[5]) { + default: + break; + case '-': + if (strcmp("type", s + 6) == 0) + return PIDX_SIGNATURE_PARAM_NONCE_TYPE; + break; + case '\0': + return PIDX_KDF_PARAM_HMACDRBG_NONCE; + } + } + } + } + break; + case 'u': + if (strcmp("m", s + 2) == 0) + return PIDX_CIPHER_PARAM_NUM; + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_N; + } + break; + case 'o': + switch(s[1]) { + default: + break; + case 'a': + if (strcmp("ep-label", s + 2) == 0) + return PIDX_ASYM_CIPHER_PARAM_OAEP_LABEL; + break; + case 'p': + switch(s[2]) { + default: + break; + case 'e': + switch(s[3]) { + default: + break; + case 'n': + if (strcmp("ssl-version", s + 4) == 0) + return PIDX_PROV_PARAM_CORE_VERSION; + break; + case 'r': + if (strcmp("ation", s + 4) == 0) + return PIDX_KEM_PARAM_OPERATION; + } + break; + case 't': + if (strcmp("ions", s + 3) == 0) + return PIDX_LIBSSL_RECORD_LAYER_PARAM_OPTIONS; + } + break; + case 'r': + if (strcmp("der", s + 2) == 0) + return PIDX_PKEY_PARAM_EC_ORDER; + } + break; + case 'p': + switch(s[1]) { + default: + break; + case '1': + switch(s[2]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_TEST_P1; + } + break; + case '2': + switch(s[2]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_TEST_P2; + } + break; + case 'a': + switch(s[2]) { + default: + break; + case 'd': + switch(s[3]) { + default: + break; + case '-': + switch(s[4]) { + default: + break; + case 'm': + if (strcmp("ode", s + 5) == 0) + return PIDX_PKEY_PARAM_PAD_MODE; + break; + case 't': + if (strcmp("ype", s + 5) == 0) + return PIDX_DIGEST_PARAM_PAD_TYPE; + } + break; + case 'd': + if (strcmp("ing", s + 4) == 0) + return PIDX_CIPHER_PARAM_PADDING; + break; + case '\0': + return PIDX_EXCHANGE_PARAM_PAD; + } + break; + case 'r': + switch(s[3]) { + default: + break; + case 't': + switch(s[4]) { + default: + break; + case 'y': + switch(s[5]) { + default: + break; + case 'u': + if (strcmp("-info", s + 6) == 0) + return PIDX_KDF_PARAM_X942_PARTYUINFO; + break; + case 'v': + if (strcmp("-info", s + 6) == 0) + return PIDX_KDF_PARAM_X942_PARTYVINFO; + } + } + } + break; + case 's': + if (strcmp("s", s + 3) == 0) + return PIDX_KDF_PARAM_PASSWORD; + } + break; + case 'b': + switch(s[2]) { + default: + break; + case 'i': + if (strcmp("ts", s + 3) == 0) + return PIDX_PKEY_PARAM_FFC_PBITS; + break; + case 'k': + if (strcmp("df2-lower-bound-check", s + 3) == 0) + return PIDX_PROV_PARAM_PBKDF2_LOWER_BOUND_CHECK; + } + break; + case 'c': + if (strcmp("ounter", s + 2) == 0) + return PIDX_PKEY_PARAM_FFC_PCOUNTER; + break; + case 'i': + if (strcmp("peline-tag", s + 2) == 0) + return PIDX_CIPHER_PARAM_PIPELINE_AEAD_TAG; + break; + case 'k': + if (strcmp("cs5", s + 2) == 0) + return PIDX_KDF_PARAM_PKCS5; + break; + case 'o': + switch(s[2]) { + default: + break; + case 'i': + if (strcmp("nt-format", s + 3) == 0) + return PIDX_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT; + break; + case 't': + if (strcmp("ential", s + 3) == 0) + return PIDX_GEN_PARAM_POTENTIAL; + } + break; + case 'r': + switch(s[2]) { + default: + break; + case 'e': + switch(s[3]) { + default: + break; + case 'd': + if (strcmp("iction_resistance", s + 4) == 0) + return PIDX_DRBG_PARAM_PREDICTION_RESISTANCE; + break; + case 'f': + if (strcmp("ix", s + 4) == 0) + return PIDX_KDF_PARAM_PREFIX; + } + break; + case 'i': + switch(s[3]) { + default: + break; + case 'm': + if (strcmp("es", s + 4) == 0) + return PIDX_PKEY_PARAM_RSA_PRIMES; + break; + case 'v': + switch(s[4]) { + default: + break; + case '_': + if (strcmp("len", s + 5) == 0) + return PIDX_PKEY_PARAM_DH_PRIV_LEN; + break; + case '\0': + return PIDX_PKEY_PARAM_PRIV_KEY; + } + } + break; + case 'o': + switch(s[3]) { + default: + break; + case 'p': + if (strcmp("erties", s + 4) == 0) + return PIDX_STORE_PARAM_PROPERTIES; + break; + case 'v': + if (strcmp("ider-name", s + 4) == 0) + return PIDX_PROV_PARAM_CORE_PROV_NAME; + } + } + break; + case 'u': + if (strcmp("b", s + 2) == 0) + return PIDX_PKEY_PARAM_PUB_KEY; + break; + case '\0': + return PIDX_PKEY_PARAM_FFC_P; + } + break; + case 'q': + switch(s[1]) { + default: + break; + case '1': + switch(s[2]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_TEST_Q1; + } + break; + case '2': + switch(s[2]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_TEST_Q2; + } + break; + case 'b': + if (strcmp("its", s + 2) == 0) + return PIDX_PKEY_PARAM_FFC_QBITS; + break; + case '\0': + return PIDX_PKEY_PARAM_FFC_Q; + break; + case 'x': + switch(s[2]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_EC_PUB_X; + } + break; + case 'y': + switch(s[2]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_EC_PUB_Y; + } + } + break; + case 'r': + switch(s[1]) { + default: + break; + case 'a': + switch(s[2]) { + default: + break; + case 'n': + switch(s[3]) { + default: + break; + case 'd': + switch(s[4]) { + default: + break; + case 'k': + if (strcmp("ey", s + 5) == 0) + return PIDX_CIPHER_PARAM_RANDOM_KEY; + break; + case 'o': + if (strcmp("m_data", s + 5) == 0) + return PIDX_DRBG_PARAM_RANDOM_DATA; + } + } + break; + case 'w': + if (strcmp("-bytes", s + 3) == 0) + return PIDX_SKEY_PARAM_RAW_BYTES; + } + break; + case 'e': + switch(s[2]) { + default: + break; + case 'a': + switch(s[3]) { + default: + break; + case 'd': + switch(s[4]) { + default: + break; + case '_': + switch(s[5]) { + default: + break; + case 'a': + if (strcmp("head", s + 6) == 0) + return PIDX_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD; + break; + case 'b': + if (strcmp("uffer_len", s + 6) == 0) + return PIDX_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN; + } + } + } + break; + case 'f': + if (strcmp("erence", s + 3) == 0) + return PIDX_OBJECT_PARAM_REFERENCE; + break; + case 's': + switch(s[3]) { + default: + break; + case 'e': + switch(s[4]) { + default: + break; + case 'e': + switch(s[5]) { + default: + break; + case 'd': + switch(s[6]) { + default: + break; + case '_': + switch(s[7]) { + default: + break; + case 'c': + if (strcmp("ounter", s + 8) == 0) + return PIDX_DRBG_PARAM_RESEED_COUNTER; + break; + case 'r': + if (strcmp("equests", s + 8) == 0) + return PIDX_DRBG_PARAM_RESEED_REQUESTS; + break; + case 't': + switch(s[8]) { + default: + break; + case 'i': + switch(s[9]) { + default: + break; + case 'm': + switch(s[10]) { + default: + break; + case 'e': + switch(s[11]) { + default: + break; + case '_': + if (strcmp("interval", s + 12) == 0) + return PIDX_DRBG_PARAM_RESEED_TIME_INTERVAL; + break; + case '\0': + return PIDX_DRBG_PARAM_RESEED_TIME; + } + } + } + } + } + } + } + } + } + } + break; + case 'o': + if (strcmp("unds", s + 2) == 0) + return PIDX_CIPHER_PARAM_ROUNDS; + break; + case 's': + switch(s[2]) { + default: + break; + case 'a': + switch(s[3]) { + default: + break; + case '-': + switch(s[4]) { + default: + break; + case 'c': + switch(s[5]) { + default: + break; + case 'o': + switch(s[6]) { + default: + break; + case 'e': + switch(s[7]) { + default: + break; + case 'f': + switch(s[8]) { + default: + break; + case 'f': + switch(s[9]) { + default: + break; + case 'i': + switch(s[10]) { + default: + break; + case 'c': + switch(s[11]) { + default: + break; + case 'i': + switch(s[12]) { + default: + break; + case 'e': + switch(s[13]) { + default: + break; + case 'n': + switch(s[14]) { + default: + break; + case 't': + switch(s[15]) { + default: + break; + case '1': + switch(s[16]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_COEFFICIENT1; + } + break; + case '2': + switch(s[16]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_COEFFICIENT2; + } + break; + case '3': + switch(s[16]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_COEFFICIENT3; + } + break; + case '4': + switch(s[16]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_COEFFICIENT4; + } + break; + case '5': + switch(s[16]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_COEFFICIENT5; + } + break; + case '6': + switch(s[16]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_COEFFICIENT6; + } + break; + case '7': + switch(s[16]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_COEFFICIENT7; + } + break; + case '8': + switch(s[16]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_COEFFICIENT8; + } + break; + case '9': + switch(s[16]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_COEFFICIENT9; + } + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_COEFFICIENT; + } + } + } + } + } + } + } + } + } + } + } + break; + case 'd': + if (strcmp("erive-from-pq", s + 5) == 0) + return PIDX_PKEY_PARAM_RSA_DERIVE_FROM_PQ; + break; + case 'e': + switch(s[5]) { + default: + break; + case 'x': + switch(s[6]) { + default: + break; + case 'p': + switch(s[7]) { + default: + break; + case 'o': + switch(s[8]) { + default: + break; + case 'n': + switch(s[9]) { + default: + break; + case 'e': + switch(s[10]) { + default: + break; + case 'n': + switch(s[11]) { + default: + break; + case 't': + switch(s[12]) { + default: + break; + case '1': + switch(s[13]) { + default: + break; + case '0': + switch(s[14]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_EXPONENT10; + } + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_EXPONENT1; + } + break; + case '2': + switch(s[13]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_EXPONENT2; + } + break; + case '3': + switch(s[13]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_EXPONENT3; + } + break; + case '4': + switch(s[13]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_EXPONENT4; + } + break; + case '5': + switch(s[13]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_EXPONENT5; + } + break; + case '6': + switch(s[13]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_EXPONENT6; + } + break; + case '7': + switch(s[13]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_EXPONENT7; + } + break; + case '8': + switch(s[13]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_EXPONENT8; + } + break; + case '9': + switch(s[13]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_EXPONENT9; + } + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_EXPONENT; + } + } + } + } + } + } + } + } + break; + case 'f': + switch(s[5]) { + default: + break; + case 'a': + switch(s[6]) { + default: + break; + case 'c': + switch(s[7]) { + default: + break; + case 't': + switch(s[8]) { + default: + break; + case 'o': + switch(s[9]) { + default: + break; + case 'r': + switch(s[10]) { + default: + break; + case '1': + switch(s[11]) { + default: + break; + case '0': + switch(s[12]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_FACTOR10; + } + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_FACTOR1; + } + break; + case '2': + switch(s[11]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_FACTOR2; + } + break; + case '3': + switch(s[11]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_FACTOR3; + } + break; + case '4': + switch(s[11]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_FACTOR4; + } + break; + case '5': + switch(s[11]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_FACTOR5; + } + break; + case '6': + switch(s[11]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_FACTOR6; + } + break; + case '7': + switch(s[11]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_FACTOR7; + } + break; + case '8': + switch(s[11]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_FACTOR8; + } + break; + case '9': + switch(s[11]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_FACTOR9; + } + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_FACTOR; + } + } + } + } + } + } + break; + case 'p': + switch(s[5]) { + default: + break; + case 'k': + if (strcmp("cs15-pad-disabled", s + 6) == 0) + return PIDX_PROV_PARAM_RSA_PKCS15_PAD_DISABLED; + break; + case 's': + if (strcmp("s-saltlen-check", s + 6) == 0) + return PIDX_SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK; + } + break; + case 's': + if (strcmp("ign-x931-pad-disabled", s + 5) == 0) + return PIDX_PROV_PARAM_RSA_SIGN_X931_PAD_DISABLED; + } + } + } + break; + case '\0': + return PIDX_KDF_PARAM_SCRYPT_R; + } + break; + case 's': + switch(s[1]) { + default: + break; + case 'a': + switch(s[2]) { + default: + break; + case 'f': + if (strcmp("eprime-generator", s + 3) == 0) + return PIDX_PKEY_PARAM_DH_GENERATOR; + break; + case 'l': + switch(s[3]) { + default: + break; + case 't': + switch(s[4]) { + default: + break; + case 'l': + if (strcmp("en", s + 5) == 0) + return PIDX_SIGNATURE_PARAM_PSS_SALTLEN; + break; + case '\0': + return PIDX_MAC_PARAM_SALT; + } + } + break; + case 'v': + if (strcmp("e-parameters", s + 3) == 0) + return PIDX_ENCODER_PARAM_SAVE_PARAMETERS; + } + break; + case 'e': + switch(s[2]) { + default: + break; + case 'c': + switch(s[3]) { + default: + break; + case 'r': + if (strcmp("et", s + 4) == 0) + return PIDX_KDF_PARAM_SECRET; + break; + case 'u': + switch(s[4]) { + default: + break; + case 'r': + switch(s[5]) { + default: + break; + case 'i': + switch(s[6]) { + default: + break; + case 't': + switch(s[7]) { + default: + break; + case 'y': + switch(s[8]) { + default: + break; + case '-': + switch(s[9]) { + default: + break; + case 'b': + if (strcmp("its", s + 10) == 0) + return PIDX_PKEY_PARAM_SECURITY_BITS; + break; + case 'c': + if (strcmp("hecks", s + 10) == 0) + return PIDX_PROV_PARAM_SECURITY_CHECKS; + } + } + } + } + } + } + } + break; + case 'e': + if (strcmp("d", s + 3) == 0) + return PIDX_PKEY_PARAM_SLH_DSA_SEED; + break; + case 'r': + if (strcmp("ial", s + 3) == 0) + return PIDX_STORE_PARAM_SERIAL; + break; + case 's': + if (strcmp("sion_id", s + 3) == 0) + return PIDX_KDF_PARAM_SSHKDF_SESSION_ID; + } + break; + case 'i': + switch(s[2]) { + default: + break; + case 'g': + switch(s[3]) { + default: + break; + case 'n': + switch(s[4]) { + default: + break; + case '-': + switch(s[5]) { + default: + break; + case 'c': + if (strcmp("heck", s + 6) == 0) + return PIDX_PKEY_PARAM_FIPS_SIGN_CHECK; + break; + case 'x': + if (strcmp("931-pad-check", s + 6) == 0) + return PIDX_SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK; + } + break; + case 'a': + switch(s[5]) { + default: + break; + case 't': + switch(s[6]) { + default: + break; + case 'u': + switch(s[7]) { + default: + break; + case 'r': + switch(s[8]) { + default: + break; + case 'e': + switch(s[9]) { + default: + break; + case '-': + if (strcmp("digest-check", s + 10) == 0) + return PIDX_PROV_PARAM_SIGNATURE_DIGEST_CHECK; + break; + case '\0': + return PIDX_SIGNATURE_PARAM_SIGNATURE; + } + } + } + } + } + } + } + break; + case 'z': + if (strcmp("e", s + 3) == 0) + return PIDX_MAC_PARAM_SIZE; + } + break; + case 'p': + if (strcmp("eed", s + 2) == 0) + return PIDX_CIPHER_PARAM_SPEED; + break; + case 's': + switch(s[2]) { + default: + break; + case 'h': + switch(s[3]) { + default: + break; + case 'k': + switch(s[4]) { + default: + break; + case 'd': + switch(s[5]) { + default: + break; + case 'f': + switch(s[6]) { + default: + break; + case '-': + switch(s[7]) { + default: + break; + case 'd': + if (strcmp("igest-check", s + 8) == 0) + return PIDX_PROV_PARAM_SSHKDF_DIGEST_CHECK; + break; + case 'k': + if (strcmp("ey-check", s + 8) == 0) + return PIDX_PROV_PARAM_SSHKDF_KEY_CHECK; + } + } + } + } + } + break; + case 'k': + switch(s[3]) { + default: + break; + case 'd': + switch(s[4]) { + default: + break; + case 'f': + switch(s[5]) { + default: + break; + case '-': + switch(s[6]) { + default: + break; + case 'd': + if (strcmp("igest-check", s + 7) == 0) + return PIDX_PROV_PARAM_SSKDF_DIGEST_CHECK; + break; + case 'k': + if (strcmp("ey-check", s + 7) == 0) + return PIDX_PROV_PARAM_SSKDF_KEY_CHECK; + } + } + } + } + break; + case 'l': + if (strcmp("3-ms", s + 3) == 0) + return PIDX_DIGEST_PARAM_SSL3_MS; + } + break; + case 't': + switch(s[2]) { + default: + break; + case '-': + switch(s[3]) { + default: + break; + case 'd': + if (strcmp("esc", s + 4) == 0) + return PIDX_PROV_PARAM_SELF_TEST_DESC; + break; + case 'p': + if (strcmp("hase", s + 4) == 0) + return PIDX_PROV_PARAM_SELF_TEST_PHASE; + break; + case 't': + if (strcmp("ype", s + 4) == 0) + return PIDX_PROV_PARAM_SELF_TEST_TYPE; + } + break; + case 'a': + switch(s[3]) { + default: + break; + case 't': + switch(s[4]) { + default: + break; + case 'e': + switch(s[5]) { + default: + break; + case '\0': + return PIDX_RAND_PARAM_STATE; + } + break; + case 'u': + if (strcmp("s", s + 5) == 0) + return PIDX_PROV_PARAM_STATUS; + } + } + break; + case 'r': + switch(s[3]) { + default: + break; + case 'e': + switch(s[4]) { + default: + break; + case 'a': + if (strcmp("m_mac", s + 5) == 0) + return PIDX_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC; + break; + case 'n': + if (strcmp("gth", s + 5) == 0) + return PIDX_RAND_PARAM_STRENGTH; + } + } + } + break; + case 'u': + switch(s[2]) { + default: + break; + case 'b': + if (strcmp("ject", s + 3) == 0) + return PIDX_STORE_PARAM_SUBJECT; + break; + case 'p': + switch(s[3]) { + default: + break; + case 'p': + switch(s[4]) { + default: + break; + case '-': + switch(s[5]) { + default: + break; + case 'p': + switch(s[6]) { + default: + break; + case 'r': + if (strcmp("ivinfo", s + 7) == 0) + return PIDX_KDF_PARAM_X942_SUPP_PRIVINFO; + break; + case 'u': + if (strcmp("binfo", s + 7) == 0) + return PIDX_KDF_PARAM_X942_SUPP_PUBINFO; + } + } + } + } + } + } + break; + case 't': + switch(s[1]) { + default: + break; + case 'a': + switch(s[2]) { + default: + break; + case 'g': + switch(s[3]) { + default: + break; + case 'l': + if (strcmp("en", s + 4) == 0) + return PIDX_CIPHER_PARAM_AEAD_TAGLEN; + break; + case '\0': + return PIDX_CIPHER_PARAM_AEAD_TAG; + } + } + break; + case 'd': + if (strcmp("es-encrypt-disabled", s + 2) == 0) + return PIDX_PROV_PARAM_TDES_ENCRYPT_DISABLED; + break; + case 'e': + switch(s[2]) { + default: + break; + case 's': + switch(s[3]) { + default: + break; + case 't': + switch(s[4]) { + default: + break; + case '-': + if (strcmp("entropy", s + 5) == 0) + return PIDX_SIGNATURE_PARAM_TEST_ENTROPY; + break; + case '_': + switch(s[5]) { + default: + break; + case 'e': + if (strcmp("ntropy", s + 6) == 0) + return PIDX_RAND_PARAM_TEST_ENTROPY; + break; + case 'n': + if (strcmp("once", s + 6) == 0) + return PIDX_RAND_PARAM_TEST_NONCE; + } + } + } + } + break; + case 'h': + if (strcmp("reads", s + 2) == 0) + return PIDX_KDF_PARAM_THREADS; + break; + case 'l': + switch(s[2]) { + default: + break; + case 's': + switch(s[3]) { + default: + break; + case '-': + switch(s[4]) { + default: + break; + case 'c': + if (strcmp("lient-version", s + 5) == 0) + return PIDX_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION; + break; + case 'd': + if (strcmp("ata-size", s + 5) == 0) + return PIDX_MAC_PARAM_TLS_DATA_SIZE; + break; + case 'g': + switch(s[5]) { + default: + break; + case 'r': + switch(s[6]) { + default: + break; + case 'o': + switch(s[7]) { + default: + break; + case 'u': + switch(s[8]) { + default: + break; + case 'p': + switch(s[9]) { + default: + break; + case '-': + switch(s[10]) { + default: + break; + case 'a': + if (strcmp("lg", s + 11) == 0) + return PIDX_CAPABILITY_TLS_GROUP_ALG; + break; + case 'i': + switch(s[11]) { + default: + break; + case 'd': + switch(s[12]) { + default: + break; + case '\0': + return PIDX_CAPABILITY_TLS_GROUP_ID; + } + break; + case 's': + if (strcmp("-kem", s + 12) == 0) + return PIDX_CAPABILITY_TLS_GROUP_IS_KEM; + } + break; + case 'n': + switch(s[11]) { + default: + break; + case 'a': + switch(s[12]) { + default: + break; + case 'm': + switch(s[13]) { + default: + break; + case 'e': + switch(s[14]) { + default: + break; + case '-': + if (strcmp("internal", s + 15) == 0) + return PIDX_CAPABILITY_TLS_GROUP_NAME_INTERNAL; + break; + case '\0': + return PIDX_CAPABILITY_TLS_GROUP_NAME; + } + } + } + } + break; + case 's': + if (strcmp("ec-bits", s + 11) == 0) + return PIDX_CAPABILITY_TLS_GROUP_SECURITY_BITS; + } + } + } + } + } + } + break; + case 'm': + switch(s[5]) { + default: + break; + case 'a': + switch(s[6]) { + default: + break; + case 'c': + switch(s[7]) { + default: + break; + case '-': + if (strcmp("size", s + 8) == 0) + return PIDX_CIPHER_PARAM_TLS_MAC_SIZE; + break; + case '\0': + return PIDX_CIPHER_PARAM_TLS_MAC; + } + break; + case 'x': + switch(s[7]) { + default: + break; + case '-': + switch(s[8]) { + default: + break; + case 'd': + if (strcmp("tls", s + 9) == 0) + return PIDX_CAPABILITY_TLS_SIGALG_MAX_DTLS; + break; + case 't': + if (strcmp("ls", s + 9) == 0) + return PIDX_CAPABILITY_TLS_SIGALG_MAX_TLS; + } + } + } + break; + case 'i': + switch(s[6]) { + default: + break; + case 'n': + switch(s[7]) { + default: + break; + case '-': + switch(s[8]) { + default: + break; + case 'd': + if (strcmp("tls", s + 9) == 0) + return PIDX_CAPABILITY_TLS_SIGALG_MIN_DTLS; + break; + case 't': + if (strcmp("ls", s + 9) == 0) + return PIDX_CAPABILITY_TLS_SIGALG_MIN_TLS; + } + } + } + break; + case 'u': + if (strcmp("lti", s + 6) == 0) + return PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK; + } + break; + case 'n': + if (strcmp("egotiated-version", s + 5) == 0) + return PIDX_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION; + break; + case 's': + switch(s[5]) { + default: + break; + case 'i': + switch(s[6]) { + default: + break; + case 'g': + switch(s[7]) { + default: + break; + case 'a': + switch(s[8]) { + default: + break; + case 'l': + switch(s[9]) { + default: + break; + case 'g': + switch(s[10]) { + default: + break; + case '-': + switch(s[11]) { + default: + break; + case 'c': + if (strcmp("ode-point", s + 12) == 0) + return PIDX_CAPABILITY_TLS_SIGALG_CODE_POINT; + break; + case 'h': + switch(s[12]) { + default: + break; + case 'a': + switch(s[13]) { + default: + break; + case 's': + switch(s[14]) { + default: + break; + case 'h': + switch(s[15]) { + default: + break; + case '-': + switch(s[16]) { + default: + break; + case 'n': + if (strcmp("ame", s + 17) == 0) + return PIDX_CAPABILITY_TLS_SIGALG_HASH_NAME; + break; + case 'o': + if (strcmp("id", s + 17) == 0) + return PIDX_CAPABILITY_TLS_SIGALG_HASH_OID; + } + } + } + } + } + break; + case 'i': + if (strcmp("ana-name", s + 12) == 0) + return PIDX_CAPABILITY_TLS_SIGALG_IANA_NAME; + break; + case 'k': + switch(s[12]) { + default: + break; + case 'e': + switch(s[13]) { + default: + break; + case 'y': + switch(s[14]) { + default: + break; + case 't': + switch(s[15]) { + default: + break; + case 'y': + switch(s[16]) { + default: + break; + case 'p': + switch(s[17]) { + default: + break; + case 'e': + switch(s[18]) { + default: + break; + case '-': + if (strcmp("oid", s + 19) == 0) + return PIDX_CAPABILITY_TLS_SIGALG_KEYTYPE_OID; + break; + case '\0': + return PIDX_CAPABILITY_TLS_SIGALG_KEYTYPE; + } + } + } + } + } + } + } + break; + case 'n': + if (strcmp("ame", s + 12) == 0) + return PIDX_CAPABILITY_TLS_SIGALG_NAME; + break; + case 'o': + if (strcmp("id", s + 12) == 0) + return PIDX_CAPABILITY_TLS_SIGALG_OID; + break; + case 's': + switch(s[12]) { + default: + break; + case 'e': + if (strcmp("c-bits", s + 13) == 0) + return PIDX_CAPABILITY_TLS_SIGALG_SECURITY_BITS; + break; + case 'i': + switch(s[13]) { + default: + break; + case 'g': + switch(s[14]) { + default: + break; + case '-': + switch(s[15]) { + default: + break; + case 'n': + if (strcmp("ame", s + 16) == 0) + return PIDX_CAPABILITY_TLS_SIGALG_SIG_NAME; + break; + case 'o': + if (strcmp("id", s + 16) == 0) + return PIDX_CAPABILITY_TLS_SIGALG_SIG_OID; + } + } + } + } + } + } + } + } + } + } + } + break; + case 'v': + if (strcmp("ersion", s + 5) == 0) + return PIDX_CIPHER_PARAM_TLS_VERSION; + } + break; + case '1': + switch(s[4]) { + default: + break; + case '-': + switch(s[5]) { + default: + break; + case 'p': + switch(s[6]) { + default: + break; + case 'r': + switch(s[7]) { + default: + break; + case 'f': + switch(s[8]) { + default: + break; + case '-': + switch(s[9]) { + default: + break; + case 'd': + if (strcmp("igest-check", s + 10) == 0) + return PIDX_PROV_PARAM_TLS1_PRF_DIGEST_CHECK; + break; + case 'e': + if (strcmp("ms-check", s + 10) == 0) + return PIDX_PROV_PARAM_TLS1_PRF_EMS_CHECK; + break; + case 'k': + if (strcmp("ey-check", s + 10) == 0) + return PIDX_PROV_PARAM_TLS1_PRF_KEY_CHECK; + } + } + } + } + } + break; + case '3': + switch(s[5]) { + default: + break; + case '-': + switch(s[6]) { + default: + break; + case 'k': + switch(s[7]) { + default: + break; + case 'd': + switch(s[8]) { + default: + break; + case 'f': + switch(s[9]) { + default: + break; + case '-': + switch(s[10]) { + default: + break; + case 'd': + if (strcmp("igest-check", s + 11) == 0) + return PIDX_PROV_PARAM_TLS13_KDF_DIGEST_CHECK; + break; + case 'k': + if (strcmp("ey-check", s + 11) == 0) + return PIDX_PROV_PARAM_TLS13_KDF_KEY_CHECK; + } + } + } + } + } + } + break; + case 'm': + switch(s[5]) { + default: + break; + case 'u': + switch(s[6]) { + default: + break; + case 'l': + switch(s[7]) { + default: + break; + case 't': + switch(s[8]) { + default: + break; + case 'i': + switch(s[9]) { + default: + break; + case '_': + switch(s[10]) { + default: + break; + case 'a': + switch(s[11]) { + default: + break; + case 'a': + switch(s[12]) { + default: + break; + case 'd': + switch(s[13]) { + default: + break; + case 'p': + if (strcmp("acklen", s + 14) == 0) + return PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN; + break; + case '\0': + return PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD; + } + } + } + break; + case 'e': + switch(s[11]) { + default: + break; + case 'n': + switch(s[12]) { + default: + break; + case 'c': + switch(s[13]) { + default: + break; + case 'i': + if (strcmp("n", s + 14) == 0) + return PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN; + break; + case 'l': + if (strcmp("en", s + 14) == 0) + return PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN; + break; + case '\0': + return PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC; + } + } + } + break; + case 'i': + if (strcmp("nterleave", s + 11) == 0) + return PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE; + break; + case 'm': + switch(s[11]) { + default: + break; + case 'a': + switch(s[12]) { + default: + break; + case 'x': + switch(s[13]) { + default: + break; + case 'b': + if (strcmp("ufsz", s + 14) == 0) + return PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE; + break; + case 's': + if (strcmp("ndfrag", s + 14) == 0) + return PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT; + } + } + } + } + } + } + } + } + } + } + break; + case 'a': + switch(s[4]) { + default: + break; + case 'a': + switch(s[5]) { + default: + break; + case 'd': + switch(s[6]) { + default: + break; + case 'p': + if (strcmp("ad", s + 7) == 0) + return PIDX_CIPHER_PARAM_AEAD_TLS1_AAD_PAD; + break; + case '\0': + return PIDX_CIPHER_PARAM_AEAD_TLS1_AAD; + } + } + } + break; + case 'i': + switch(s[4]) { + default: + break; + case 'v': + switch(s[5]) { + default: + break; + case 'f': + if (strcmp("ixed", s + 6) == 0) + return PIDX_CIPHER_PARAM_AEAD_TLS1_IV_FIXED; + break; + case 'g': + if (strcmp("en", s + 6) == 0) + return PIDX_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN; + break; + case 'i': + if (strcmp("nv", s + 6) == 0) + return PIDX_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV; + } + } + break; + case 't': + if (strcmp("ree", s + 4) == 0) + return PIDX_LIBSSL_RECORD_LAYER_PARAM_TLSTREE; + } + } + break; + case 'p': + switch(s[2]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_EC_CHAR2_TP_BASIS; + } + break; + case 'y': + if (strcmp("pe", s + 2) == 0) + return PIDX_PKEY_PARAM_FFC_TYPE; + } + break; + case 'u': + switch(s[1]) { + default: + break; + case 'k': + if (strcmp("m", s + 2) == 0) + return PIDX_KDF_PARAM_UKM; + break; + case 'p': + if (strcmp("dated-iv", s + 2) == 0) + return PIDX_CIPHER_PARAM_UPDATED_IV; + break; + case 's': + switch(s[2]) { + default: + break; + case 'e': + switch(s[3]) { + default: + break; + case '-': + switch(s[4]) { + default: + break; + case 'b': + if (strcmp("its", s + 5) == 0) + return PIDX_CIPHER_PARAM_USE_BITS; + break; + case 'c': + if (strcmp("ofactor-flag", s + 5) == 0) + return PIDX_PKEY_PARAM_USE_COFACTOR_FLAG; + break; + case 'k': + if (strcmp("eybits", s + 5) == 0) + return PIDX_KDF_PARAM_X942_USE_KEYBITS; + break; + case 'l': + switch(s[5]) { + default: + break; + case '\0': + return PIDX_KDF_PARAM_KBKDF_USE_L; + } + break; + case 's': + if (strcmp("eparator", s + 5) == 0) + return PIDX_KDF_PARAM_KBKDF_USE_SEPARATOR; + } + break; + case '_': + switch(s[4]) { + default: + break; + case 'd': + if (strcmp("erivation_function", s + 5) == 0) + return PIDX_DRBG_PARAM_USE_DF; + break; + case 'e': + if (strcmp("tm", s + 5) == 0) + return PIDX_LIBSSL_RECORD_LAYER_PARAM_USE_ETM; + } + } + } + } + break; + case 'v': + switch(s[1]) { + default: + break; + case 'a': + switch(s[2]) { + default: + break; + case 'l': + switch(s[3]) { + default: + break; + case 'i': + switch(s[4]) { + default: + break; + case 'd': + switch(s[5]) { + default: + break; + case 'a': + switch(s[6]) { + default: + break; + case 't': + switch(s[7]) { + default: + break; + case 'e': + switch(s[8]) { + default: + break; + case '-': + switch(s[9]) { + default: + break; + case 'g': + switch(s[10]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_FFC_VALIDATE_G; + } + break; + case 'l': + if (strcmp("egacy", s + 10) == 0) + return PIDX_PKEY_PARAM_FFC_VALIDATE_LEGACY; + break; + case 'p': + if (strcmp("q", s + 10) == 0) + return PIDX_PKEY_PARAM_FFC_VALIDATE_PQ; + } + } + } + } + } + } + } + } + break; + case 'e': + switch(s[2]) { + default: + break; + case 'r': + switch(s[3]) { + default: + break; + case 'i': + if (strcmp("fy-message", s + 4) == 0) + return PIDX_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE; + break; + case 's': + if (strcmp("ion", s + 4) == 0) + return PIDX_PROV_PARAM_VERSION; + } + } + } + break; + case 'x': + switch(s[1]) { + default: + break; + case '9': + switch(s[2]) { + default: + break; + case '4': + if (strcmp("2kdf-key-check", s + 3) == 0) + return PIDX_PROV_PARAM_X942KDF_KEY_CHECK; + break; + case '6': + switch(s[3]) { + default: + break; + case '3': + switch(s[4]) { + default: + break; + case 'k': + switch(s[5]) { + default: + break; + case 'd': + switch(s[6]) { + default: + break; + case 'f': + switch(s[7]) { + default: + break; + case '-': + switch(s[8]) { + default: + break; + case 'd': + if (strcmp("igest-check", s + 9) == 0) + return PIDX_PROV_PARAM_X963KDF_DIGEST_CHECK; + break; + case 'k': + if (strcmp("ey-check", s + 9) == 0) + return PIDX_PROV_PARAM_X963KDF_KEY_CHECK; + } + } + } + } + } + } + } + break; + case 'c': + if (strcmp("ghash", s + 2) == 0) + return PIDX_KDF_PARAM_SSHKDF_XCGHASH; + break; + case 'o': + switch(s[2]) { + default: + break; + case 'f': + switch(s[3]) { + default: + break; + case 'l': + if (strcmp("en", s + 4) == 0) + return PIDX_DIGEST_PARAM_XOFLEN; + break; + case '\0': + return PIDX_MAC_PARAM_XOF; + } + } + break; + case 'p': + switch(s[2]) { + default: + break; + case '1': + switch(s[3]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_TEST_XP1; + } + break; + case '2': + switch(s[3]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_TEST_XP2; + } + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_TEST_XP; + } + break; + case 'q': + switch(s[2]) { + default: + break; + case '1': + switch(s[3]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_TEST_XQ1; + } + break; + case '2': + switch(s[3]) { + default: + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_TEST_XQ2; + } + break; + case '\0': + return PIDX_PKEY_PARAM_RSA_TEST_XQ; + } + break; + case 't': + if (strcmp("s_standard", s + 2) == 0) + return PIDX_CIPHER_PARAM_XTS_STANDARD; + } + } + return -1; +} + +/* End of TRIE */ diff --git a/contrib/openssl-cmake/common/providers/der_digests_gen.c b/contrib/openssl-cmake/common/providers/der_digests_gen.c new file mode 100644 index 000000000000..e4e14e82e564 --- /dev/null +++ b/contrib/openssl-cmake/common/providers/der_digests_gen.c @@ -0,0 +1,160 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from providers/common/der/der_digests_gen.c.in + * + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "prov/der_digests.h" + +/* Well known OIDs precompiled */ + +/* + * sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 } + */ +const unsigned char ossl_der_oid_sigAlgs[DER_OID_SZ_sigAlgs] = { + DER_OID_V_sigAlgs +}; + +/* + * id-sha1 OBJECT IDENTIFIER ::= { iso(1) + * identified-organization(3) oiw(14) + * secsig(3) algorithms(2) 26 } + */ +const unsigned char ossl_der_oid_id_sha1[DER_OID_SZ_id_sha1] = { + DER_OID_V_id_sha1 +}; + +/* + * id-md2 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } + */ +const unsigned char ossl_der_oid_id_md2[DER_OID_SZ_id_md2] = { + DER_OID_V_id_md2 +}; + +/* + * id-md5 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } + */ +const unsigned char ossl_der_oid_id_md5[DER_OID_SZ_id_md5] = { + DER_OID_V_id_md5 +}; + +/* + * id-sha256 OBJECT IDENTIFIER ::= { hashAlgs 1 } + */ +const unsigned char ossl_der_oid_id_sha256[DER_OID_SZ_id_sha256] = { + DER_OID_V_id_sha256 +}; + +/* + * id-sha384 OBJECT IDENTIFIER ::= { hashAlgs 2 } + */ +const unsigned char ossl_der_oid_id_sha384[DER_OID_SZ_id_sha384] = { + DER_OID_V_id_sha384 +}; + +/* + * id-sha512 OBJECT IDENTIFIER ::= { hashAlgs 3 } + */ +const unsigned char ossl_der_oid_id_sha512[DER_OID_SZ_id_sha512] = { + DER_OID_V_id_sha512 +}; + +/* + * id-sha224 OBJECT IDENTIFIER ::= { hashAlgs 4 } + */ +const unsigned char ossl_der_oid_id_sha224[DER_OID_SZ_id_sha224] = { + DER_OID_V_id_sha224 +}; + +/* + * id-sha512-224 OBJECT IDENTIFIER ::= { hashAlgs 5 } + */ +const unsigned char ossl_der_oid_id_sha512_224[DER_OID_SZ_id_sha512_224] = { + DER_OID_V_id_sha512_224 +}; + +/* + * id-sha512-256 OBJECT IDENTIFIER ::= { hashAlgs 6 } + */ +const unsigned char ossl_der_oid_id_sha512_256[DER_OID_SZ_id_sha512_256] = { + DER_OID_V_id_sha512_256 +}; + +/* + * id-sha3-224 OBJECT IDENTIFIER ::= { hashAlgs 7 } + */ +const unsigned char ossl_der_oid_id_sha3_224[DER_OID_SZ_id_sha3_224] = { + DER_OID_V_id_sha3_224 +}; + +/* + * id-sha3-256 OBJECT IDENTIFIER ::= { hashAlgs 8 } + */ +const unsigned char ossl_der_oid_id_sha3_256[DER_OID_SZ_id_sha3_256] = { + DER_OID_V_id_sha3_256 +}; + +/* + * id-sha3-384 OBJECT IDENTIFIER ::= { hashAlgs 9 } + */ +const unsigned char ossl_der_oid_id_sha3_384[DER_OID_SZ_id_sha3_384] = { + DER_OID_V_id_sha3_384 +}; + +/* + * id-sha3-512 OBJECT IDENTIFIER ::= { hashAlgs 10 } + */ +const unsigned char ossl_der_oid_id_sha3_512[DER_OID_SZ_id_sha3_512] = { + DER_OID_V_id_sha3_512 +}; + +/* + * id-shake128 OBJECT IDENTIFIER ::= { hashAlgs 11 } + */ +const unsigned char ossl_der_oid_id_shake128[DER_OID_SZ_id_shake128] = { + DER_OID_V_id_shake128 +}; + +/* + * id-shake256 OBJECT IDENTIFIER ::= { hashAlgs 12 } + */ +const unsigned char ossl_der_oid_id_shake256[DER_OID_SZ_id_shake256] = { + DER_OID_V_id_shake256 +}; + +/* + * id-shake128-len OBJECT IDENTIFIER ::= { hashAlgs 17 } + */ +const unsigned char ossl_der_oid_id_shake128_len[DER_OID_SZ_id_shake128_len] = { + DER_OID_V_id_shake128_len +}; + +/* + * id-shake256-len OBJECT IDENTIFIER ::= { hashAlgs 18 } + */ +const unsigned char ossl_der_oid_id_shake256_len[DER_OID_SZ_id_shake256_len] = { + DER_OID_V_id_shake256_len +}; + +/* + * id-KMACWithSHAKE128 OBJECT IDENTIFIER ::={hashAlgs 19} + */ +const unsigned char ossl_der_oid_id_KMACWithSHAKE128[DER_OID_SZ_id_KMACWithSHAKE128] = { + DER_OID_V_id_KMACWithSHAKE128 +}; + +/* + * id-KMACWithSHAKE256 OBJECT IDENTIFIER ::={ hashAlgs 20} + */ +const unsigned char ossl_der_oid_id_KMACWithSHAKE256[DER_OID_SZ_id_KMACWithSHAKE256] = { + DER_OID_V_id_KMACWithSHAKE256 +}; + diff --git a/contrib/openssl-cmake/common/providers/der_dsa_gen.c b/contrib/openssl-cmake/common/providers/der_dsa_gen.c new file mode 100644 index 000000000000..e5cfe91e0f25 --- /dev/null +++ b/contrib/openssl-cmake/common/providers/der_dsa_gen.c @@ -0,0 +1,94 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from providers/common/der/der_dsa_gen.c.in + * + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * DSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + +#include "prov/der_dsa.h" + +/* Well known OIDs precompiled */ + +/* + * id-dsa OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 } + */ +const unsigned char ossl_der_oid_id_dsa[DER_OID_SZ_id_dsa] = { + DER_OID_V_id_dsa +}; + +/* + * id-dsa-with-sha1 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 } + */ +const unsigned char ossl_der_oid_id_dsa_with_sha1[DER_OID_SZ_id_dsa_with_sha1] = { + DER_OID_V_id_dsa_with_sha1 +}; + +/* + * id-dsa-with-sha224 OBJECT IDENTIFIER ::= { sigAlgs 1 } + */ +const unsigned char ossl_der_oid_id_dsa_with_sha224[DER_OID_SZ_id_dsa_with_sha224] = { + DER_OID_V_id_dsa_with_sha224 +}; + +/* + * id-dsa-with-sha256 OBJECT IDENTIFIER ::= { sigAlgs 2 } + */ +const unsigned char ossl_der_oid_id_dsa_with_sha256[DER_OID_SZ_id_dsa_with_sha256] = { + DER_OID_V_id_dsa_with_sha256 +}; + +/* + * id-dsa-with-sha384 OBJECT IDENTIFIER ::= { sigAlgs 3 } + */ +const unsigned char ossl_der_oid_id_dsa_with_sha384[DER_OID_SZ_id_dsa_with_sha384] = { + DER_OID_V_id_dsa_with_sha384 +}; + +/* + * id-dsa-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 4 } + */ +const unsigned char ossl_der_oid_id_dsa_with_sha512[DER_OID_SZ_id_dsa_with_sha512] = { + DER_OID_V_id_dsa_with_sha512 +}; + +/* + * id-dsa-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 5 } + */ +const unsigned char ossl_der_oid_id_dsa_with_sha3_224[DER_OID_SZ_id_dsa_with_sha3_224] = { + DER_OID_V_id_dsa_with_sha3_224 +}; + +/* + * id-dsa-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 6 } + */ +const unsigned char ossl_der_oid_id_dsa_with_sha3_256[DER_OID_SZ_id_dsa_with_sha3_256] = { + DER_OID_V_id_dsa_with_sha3_256 +}; + +/* + * id-dsa-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 7 } + */ +const unsigned char ossl_der_oid_id_dsa_with_sha3_384[DER_OID_SZ_id_dsa_with_sha3_384] = { + DER_OID_V_id_dsa_with_sha3_384 +}; + +/* + * id-dsa-with-sha3-512 OBJECT IDENTIFIER ::= { sigAlgs 8 } + */ +const unsigned char ossl_der_oid_id_dsa_with_sha3_512[DER_OID_SZ_id_dsa_with_sha3_512] = { + DER_OID_V_id_dsa_with_sha3_512 +}; + diff --git a/contrib/openssl-cmake/common/providers/der_ec_gen.c b/contrib/openssl-cmake/common/providers/der_ec_gen.c new file mode 100644 index 000000000000..e1ed54ba05b6 --- /dev/null +++ b/contrib/openssl-cmake/common/providers/der_ec_gen.c @@ -0,0 +1,279 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from providers/common/der/der_ec_gen.c.in + * + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "prov/der_ec.h" + +/* Well known OIDs precompiled */ + +/* + * ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { id-ecSigType 1 } + */ +const unsigned char ossl_der_oid_ecdsa_with_SHA1[DER_OID_SZ_ecdsa_with_SHA1] = { + DER_OID_V_ecdsa_with_SHA1 +}; + +/* + * id-ecPublicKey OBJECT IDENTIFIER ::= { id-publicKeyType 1 } + */ +const unsigned char ossl_der_oid_id_ecPublicKey[DER_OID_SZ_id_ecPublicKey] = { + DER_OID_V_id_ecPublicKey +}; + +/* + * c2pnb163v1 OBJECT IDENTIFIER ::= { c-TwoCurve 1 } + */ +const unsigned char ossl_der_oid_c2pnb163v1[DER_OID_SZ_c2pnb163v1] = { + DER_OID_V_c2pnb163v1 +}; + +/* + * c2pnb163v2 OBJECT IDENTIFIER ::= { c-TwoCurve 2 } + */ +const unsigned char ossl_der_oid_c2pnb163v2[DER_OID_SZ_c2pnb163v2] = { + DER_OID_V_c2pnb163v2 +}; + +/* + * c2pnb163v3 OBJECT IDENTIFIER ::= { c-TwoCurve 3 } + */ +const unsigned char ossl_der_oid_c2pnb163v3[DER_OID_SZ_c2pnb163v3] = { + DER_OID_V_c2pnb163v3 +}; + +/* + * c2pnb176w1 OBJECT IDENTIFIER ::= { c-TwoCurve 4 } + */ +const unsigned char ossl_der_oid_c2pnb176w1[DER_OID_SZ_c2pnb176w1] = { + DER_OID_V_c2pnb176w1 +}; + +/* + * c2tnb191v1 OBJECT IDENTIFIER ::= { c-TwoCurve 5 } + */ +const unsigned char ossl_der_oid_c2tnb191v1[DER_OID_SZ_c2tnb191v1] = { + DER_OID_V_c2tnb191v1 +}; + +/* + * c2tnb191v2 OBJECT IDENTIFIER ::= { c-TwoCurve 6 } + */ +const unsigned char ossl_der_oid_c2tnb191v2[DER_OID_SZ_c2tnb191v2] = { + DER_OID_V_c2tnb191v2 +}; + +/* + * c2tnb191v3 OBJECT IDENTIFIER ::= { c-TwoCurve 7 } + */ +const unsigned char ossl_der_oid_c2tnb191v3[DER_OID_SZ_c2tnb191v3] = { + DER_OID_V_c2tnb191v3 +}; + +/* + * c2onb191v4 OBJECT IDENTIFIER ::= { c-TwoCurve 8 } + */ +const unsigned char ossl_der_oid_c2onb191v4[DER_OID_SZ_c2onb191v4] = { + DER_OID_V_c2onb191v4 +}; + +/* + * c2onb191v5 OBJECT IDENTIFIER ::= { c-TwoCurve 9 } + */ +const unsigned char ossl_der_oid_c2onb191v5[DER_OID_SZ_c2onb191v5] = { + DER_OID_V_c2onb191v5 +}; + +/* + * c2pnb208w1 OBJECT IDENTIFIER ::= { c-TwoCurve 10 } + */ +const unsigned char ossl_der_oid_c2pnb208w1[DER_OID_SZ_c2pnb208w1] = { + DER_OID_V_c2pnb208w1 +}; + +/* + * c2tnb239v1 OBJECT IDENTIFIER ::= { c-TwoCurve 11 } + */ +const unsigned char ossl_der_oid_c2tnb239v1[DER_OID_SZ_c2tnb239v1] = { + DER_OID_V_c2tnb239v1 +}; + +/* + * c2tnb239v2 OBJECT IDENTIFIER ::= { c-TwoCurve 12 } + */ +const unsigned char ossl_der_oid_c2tnb239v2[DER_OID_SZ_c2tnb239v2] = { + DER_OID_V_c2tnb239v2 +}; + +/* + * c2tnb239v3 OBJECT IDENTIFIER ::= { c-TwoCurve 13 } + */ +const unsigned char ossl_der_oid_c2tnb239v3[DER_OID_SZ_c2tnb239v3] = { + DER_OID_V_c2tnb239v3 +}; + +/* + * c2onb239v4 OBJECT IDENTIFIER ::= { c-TwoCurve 14 } + */ +const unsigned char ossl_der_oid_c2onb239v4[DER_OID_SZ_c2onb239v4] = { + DER_OID_V_c2onb239v4 +}; + +/* + * c2onb239v5 OBJECT IDENTIFIER ::= { c-TwoCurve 15 } + */ +const unsigned char ossl_der_oid_c2onb239v5[DER_OID_SZ_c2onb239v5] = { + DER_OID_V_c2onb239v5 +}; + +/* + * c2pnb272w1 OBJECT IDENTIFIER ::= { c-TwoCurve 16 } + */ +const unsigned char ossl_der_oid_c2pnb272w1[DER_OID_SZ_c2pnb272w1] = { + DER_OID_V_c2pnb272w1 +}; + +/* + * c2pnb304w1 OBJECT IDENTIFIER ::= { c-TwoCurve 17 } + */ +const unsigned char ossl_der_oid_c2pnb304w1[DER_OID_SZ_c2pnb304w1] = { + DER_OID_V_c2pnb304w1 +}; + +/* + * c2tnb359v1 OBJECT IDENTIFIER ::= { c-TwoCurve 18 } + */ +const unsigned char ossl_der_oid_c2tnb359v1[DER_OID_SZ_c2tnb359v1] = { + DER_OID_V_c2tnb359v1 +}; + +/* + * c2pnb368w1 OBJECT IDENTIFIER ::= { c-TwoCurve 19 } + */ +const unsigned char ossl_der_oid_c2pnb368w1[DER_OID_SZ_c2pnb368w1] = { + DER_OID_V_c2pnb368w1 +}; + +/* + * c2tnb431r1 OBJECT IDENTIFIER ::= { c-TwoCurve 20 } + */ +const unsigned char ossl_der_oid_c2tnb431r1[DER_OID_SZ_c2tnb431r1] = { + DER_OID_V_c2tnb431r1 +}; + +/* + * prime192v1 OBJECT IDENTIFIER ::= { primeCurve 1 } + */ +const unsigned char ossl_der_oid_prime192v1[DER_OID_SZ_prime192v1] = { + DER_OID_V_prime192v1 +}; + +/* + * prime192v2 OBJECT IDENTIFIER ::= { primeCurve 2 } + */ +const unsigned char ossl_der_oid_prime192v2[DER_OID_SZ_prime192v2] = { + DER_OID_V_prime192v2 +}; + +/* + * prime192v3 OBJECT IDENTIFIER ::= { primeCurve 3 } + */ +const unsigned char ossl_der_oid_prime192v3[DER_OID_SZ_prime192v3] = { + DER_OID_V_prime192v3 +}; + +/* + * prime239v1 OBJECT IDENTIFIER ::= { primeCurve 4 } + */ +const unsigned char ossl_der_oid_prime239v1[DER_OID_SZ_prime239v1] = { + DER_OID_V_prime239v1 +}; + +/* + * prime239v2 OBJECT IDENTIFIER ::= { primeCurve 5 } + */ +const unsigned char ossl_der_oid_prime239v2[DER_OID_SZ_prime239v2] = { + DER_OID_V_prime239v2 +}; + +/* + * prime239v3 OBJECT IDENTIFIER ::= { primeCurve 6 } + */ +const unsigned char ossl_der_oid_prime239v3[DER_OID_SZ_prime239v3] = { + DER_OID_V_prime239v3 +}; + +/* + * prime256v1 OBJECT IDENTIFIER ::= { primeCurve 7 } + */ +const unsigned char ossl_der_oid_prime256v1[DER_OID_SZ_prime256v1] = { + DER_OID_V_prime256v1 +}; + +/* + * ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) + * us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 1 } + */ +const unsigned char ossl_der_oid_ecdsa_with_SHA224[DER_OID_SZ_ecdsa_with_SHA224] = { + DER_OID_V_ecdsa_with_SHA224 +}; + +/* + * ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) + * us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 2 } + */ +const unsigned char ossl_der_oid_ecdsa_with_SHA256[DER_OID_SZ_ecdsa_with_SHA256] = { + DER_OID_V_ecdsa_with_SHA256 +}; + +/* + * ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) + * us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 3 } + */ +const unsigned char ossl_der_oid_ecdsa_with_SHA384[DER_OID_SZ_ecdsa_with_SHA384] = { + DER_OID_V_ecdsa_with_SHA384 +}; + +/* + * ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) + * us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 4 } + */ +const unsigned char ossl_der_oid_ecdsa_with_SHA512[DER_OID_SZ_ecdsa_with_SHA512] = { + DER_OID_V_ecdsa_with_SHA512 +}; + +/* + * id-ecdsa-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 9 } + */ +const unsigned char ossl_der_oid_id_ecdsa_with_sha3_224[DER_OID_SZ_id_ecdsa_with_sha3_224] = { + DER_OID_V_id_ecdsa_with_sha3_224 +}; + +/* + * id-ecdsa-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 10 } + */ +const unsigned char ossl_der_oid_id_ecdsa_with_sha3_256[DER_OID_SZ_id_ecdsa_with_sha3_256] = { + DER_OID_V_id_ecdsa_with_sha3_256 +}; + +/* + * id-ecdsa-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 11 } + */ +const unsigned char ossl_der_oid_id_ecdsa_with_sha3_384[DER_OID_SZ_id_ecdsa_with_sha3_384] = { + DER_OID_V_id_ecdsa_with_sha3_384 +}; + +/* + * id-ecdsa-with-sha3-512 OBJECT IDENTIFIER ::= { sigAlgs 12 } + */ +const unsigned char ossl_der_oid_id_ecdsa_with_sha3_512[DER_OID_SZ_id_ecdsa_with_sha3_512] = { + DER_OID_V_id_ecdsa_with_sha3_512 +}; + diff --git a/contrib/openssl-cmake/common/providers/der_ecx_gen.c b/contrib/openssl-cmake/common/providers/der_ecx_gen.c new file mode 100644 index 000000000000..ba7bf14b5e15 --- /dev/null +++ b/contrib/openssl-cmake/common/providers/der_ecx_gen.c @@ -0,0 +1,44 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from providers/common/der/der_ecx_gen.c.in + * + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "prov/der_ecx.h" + +/* Well known OIDs precompiled */ + +/* + * id-X25519 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 110 } + */ +const unsigned char ossl_der_oid_id_X25519[DER_OID_SZ_id_X25519] = { + DER_OID_V_id_X25519 +}; + +/* + * id-X448 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 111 } + */ +const unsigned char ossl_der_oid_id_X448[DER_OID_SZ_id_X448] = { + DER_OID_V_id_X448 +}; + +/* + * id-Ed25519 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 112 } + */ +const unsigned char ossl_der_oid_id_Ed25519[DER_OID_SZ_id_Ed25519] = { + DER_OID_V_id_Ed25519 +}; + +/* + * id-Ed448 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 113 } + */ +const unsigned char ossl_der_oid_id_Ed448[DER_OID_SZ_id_Ed448] = { + DER_OID_V_id_Ed448 +}; + diff --git a/contrib/openssl-cmake/common/providers/der_ml_dsa_gen.c b/contrib/openssl-cmake/common/providers/der_ml_dsa_gen.c new file mode 100644 index 000000000000..4a8a113a2685 --- /dev/null +++ b/contrib/openssl-cmake/common/providers/der_ml_dsa_gen.c @@ -0,0 +1,37 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from providers/common/der/der_ml_dsa_gen.c.in + * + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "prov/der_ml_dsa.h" + +/* Well known OIDs precompiled */ + +/* + * id-ml-dsa-44 OBJECT IDENTIFIER ::= { sigAlgs 17 } + */ +const unsigned char ossl_der_oid_id_ml_dsa_44[DER_OID_SZ_id_ml_dsa_44] = { + DER_OID_V_id_ml_dsa_44 +}; + +/* + * id-ml-dsa-65 OBJECT IDENTIFIER ::= { sigAlgs 18 } + */ +const unsigned char ossl_der_oid_id_ml_dsa_65[DER_OID_SZ_id_ml_dsa_65] = { + DER_OID_V_id_ml_dsa_65 +}; + +/* + * id-ml-dsa-87 OBJECT IDENTIFIER ::= { sigAlgs 19 } + */ +const unsigned char ossl_der_oid_id_ml_dsa_87[DER_OID_SZ_id_ml_dsa_87] = { + DER_OID_V_id_ml_dsa_87 +}; + diff --git a/contrib/openssl-cmake/common/providers/der_rsa_gen.c b/contrib/openssl-cmake/common/providers/der_rsa_gen.c new file mode 100644 index 000000000000..a3431798402f --- /dev/null +++ b/contrib/openssl-cmake/common/providers/der_rsa_gen.c @@ -0,0 +1,174 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from providers/common/der/der_rsa_gen.c.in + * + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "prov/der_rsa.h" + +/* Well known OIDs precompiled */ + +/* + * hashAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 2 } + */ +const unsigned char ossl_der_oid_hashAlgs[DER_OID_SZ_hashAlgs] = { + DER_OID_V_hashAlgs +}; + +/* + * rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } + */ +const unsigned char ossl_der_oid_rsaEncryption[DER_OID_SZ_rsaEncryption] = { + DER_OID_V_rsaEncryption +}; + +/* + * id-RSAES-OAEP OBJECT IDENTIFIER ::= { pkcs-1 7 } + */ +const unsigned char ossl_der_oid_id_RSAES_OAEP[DER_OID_SZ_id_RSAES_OAEP] = { + DER_OID_V_id_RSAES_OAEP +}; + +/* + * id-pSpecified OBJECT IDENTIFIER ::= { pkcs-1 9 } + */ +const unsigned char ossl_der_oid_id_pSpecified[DER_OID_SZ_id_pSpecified] = { + DER_OID_V_id_pSpecified +}; + +/* + * id-RSASSA-PSS OBJECT IDENTIFIER ::= { pkcs-1 10 } + */ +const unsigned char ossl_der_oid_id_RSASSA_PSS[DER_OID_SZ_id_RSASSA_PSS] = { + DER_OID_V_id_RSASSA_PSS +}; + +/* + * md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 } + */ +const unsigned char ossl_der_oid_md2WithRSAEncryption[DER_OID_SZ_md2WithRSAEncryption] = { + DER_OID_V_md2WithRSAEncryption +}; + +/* + * md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 } + */ +const unsigned char ossl_der_oid_md5WithRSAEncryption[DER_OID_SZ_md5WithRSAEncryption] = { + DER_OID_V_md5WithRSAEncryption +}; + +/* + * sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 } + */ +const unsigned char ossl_der_oid_sha1WithRSAEncryption[DER_OID_SZ_sha1WithRSAEncryption] = { + DER_OID_V_sha1WithRSAEncryption +}; + +/* + * sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 14 } + */ +const unsigned char ossl_der_oid_sha224WithRSAEncryption[DER_OID_SZ_sha224WithRSAEncryption] = { + DER_OID_V_sha224WithRSAEncryption +}; + +/* + * sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 } + */ +const unsigned char ossl_der_oid_sha256WithRSAEncryption[DER_OID_SZ_sha256WithRSAEncryption] = { + DER_OID_V_sha256WithRSAEncryption +}; + +/* + * sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 } + */ +const unsigned char ossl_der_oid_sha384WithRSAEncryption[DER_OID_SZ_sha384WithRSAEncryption] = { + DER_OID_V_sha384WithRSAEncryption +}; + +/* + * sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 } + */ +const unsigned char ossl_der_oid_sha512WithRSAEncryption[DER_OID_SZ_sha512WithRSAEncryption] = { + DER_OID_V_sha512WithRSAEncryption +}; + +/* + * sha512-224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 15 } + */ +const unsigned char ossl_der_oid_sha512_224WithRSAEncryption[DER_OID_SZ_sha512_224WithRSAEncryption] = { + DER_OID_V_sha512_224WithRSAEncryption +}; + +/* + * sha512-256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 16 } + */ +const unsigned char ossl_der_oid_sha512_256WithRSAEncryption[DER_OID_SZ_sha512_256WithRSAEncryption] = { + DER_OID_V_sha512_256WithRSAEncryption +}; + +/* + * id-mgf1 OBJECT IDENTIFIER ::= { pkcs-1 8 } + */ +const unsigned char ossl_der_oid_id_mgf1[DER_OID_SZ_id_mgf1] = { + DER_OID_V_id_mgf1 +}; + +/* + * id-rsassa-pkcs1-v1_5-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 13 } + */ +const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_224[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_224] = { + DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_224 +}; + +/* + * id-rsassa-pkcs1-v1_5-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 14 } + */ +const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_256[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_256] = { + DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_256 +}; + +/* + * id-rsassa-pkcs1-v1_5-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 15 } + */ +const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_384[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_384] = { + DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_384 +}; + +/* + * id-rsassa-pkcs1-v1_5-with-sha3-512 OBJECT IDENTIFIER ::= { sigAlgs 16 } + */ +const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_512] = { + DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_512 +}; + +/* + * md4WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 3 } + */ +const unsigned char ossl_der_oid_md4WithRSAEncryption[DER_OID_SZ_md4WithRSAEncryption] = { + DER_OID_V_md4WithRSAEncryption +}; + +/* + * ripemd160WithRSAEncryption OBJECT IDENTIFIER ::= { + * iso(1) identified-organization(3) teletrust(36) algorithm(3) signatureAlgorithm(3) rsaSignature(1) 2 + * } + */ +const unsigned char ossl_der_oid_ripemd160WithRSAEncryption[DER_OID_SZ_ripemd160WithRSAEncryption] = { + DER_OID_V_ripemd160WithRSAEncryption +}; + +/* + * mdc2WithRSASignature OBJECT IDENTIFIER ::= { + * iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) mdc2WithRSASignature(14) + * } + */ +const unsigned char ossl_der_oid_mdc2WithRSASignature[DER_OID_SZ_mdc2WithRSASignature] = { + DER_OID_V_mdc2WithRSASignature +}; + diff --git a/contrib/openssl-cmake/common/providers/der_slh_dsa_gen.c b/contrib/openssl-cmake/common/providers/der_slh_dsa_gen.c new file mode 100644 index 000000000000..1419a9515097 --- /dev/null +++ b/contrib/openssl-cmake/common/providers/der_slh_dsa_gen.c @@ -0,0 +1,100 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from providers/common/der/der_slh_dsa_gen.c.in + * + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "prov/der_slh_dsa.h" + +/* Well known OIDs precompiled */ + +/* + * id-slh-dsa-sha2-128s OBJECT IDENTIFIER ::= { sigAlgs 20 } + */ +const unsigned char ossl_der_oid_id_slh_dsa_sha2_128s[DER_OID_SZ_id_slh_dsa_sha2_128s] = { + DER_OID_V_id_slh_dsa_sha2_128s +}; + +/* + * id-slh-dsa-sha2-128f OBJECT IDENTIFIER ::= { sigAlgs 21 } + */ +const unsigned char ossl_der_oid_id_slh_dsa_sha2_128f[DER_OID_SZ_id_slh_dsa_sha2_128f] = { + DER_OID_V_id_slh_dsa_sha2_128f +}; + +/* + * id-slh-dsa-sha2-192s OBJECT IDENTIFIER ::= { sigAlgs 22 } + */ +const unsigned char ossl_der_oid_id_slh_dsa_sha2_192s[DER_OID_SZ_id_slh_dsa_sha2_192s] = { + DER_OID_V_id_slh_dsa_sha2_192s +}; + +/* + * id-slh-dsa-sha2-192f OBJECT IDENTIFIER ::= { sigAlgs 23 } + */ +const unsigned char ossl_der_oid_id_slh_dsa_sha2_192f[DER_OID_SZ_id_slh_dsa_sha2_192f] = { + DER_OID_V_id_slh_dsa_sha2_192f +}; + +/* + * id-slh-dsa-sha2-256s OBJECT IDENTIFIER ::= { sigAlgs 24 } + */ +const unsigned char ossl_der_oid_id_slh_dsa_sha2_256s[DER_OID_SZ_id_slh_dsa_sha2_256s] = { + DER_OID_V_id_slh_dsa_sha2_256s +}; + +/* + * id-slh-dsa-sha2-256f OBJECT IDENTIFIER ::= { sigAlgs 25 } + */ +const unsigned char ossl_der_oid_id_slh_dsa_sha2_256f[DER_OID_SZ_id_slh_dsa_sha2_256f] = { + DER_OID_V_id_slh_dsa_sha2_256f +}; + +/* + * id-slh-dsa-shake-128s OBJECT IDENTIFIER ::= { sigAlgs 26 } + */ +const unsigned char ossl_der_oid_id_slh_dsa_shake_128s[DER_OID_SZ_id_slh_dsa_shake_128s] = { + DER_OID_V_id_slh_dsa_shake_128s +}; + +/* + * id-slh-dsa-shake-128f OBJECT IDENTIFIER ::= { sigAlgs 27 } + */ +const unsigned char ossl_der_oid_id_slh_dsa_shake_128f[DER_OID_SZ_id_slh_dsa_shake_128f] = { + DER_OID_V_id_slh_dsa_shake_128f +}; + +/* + * id-slh-dsa-shake-192s OBJECT IDENTIFIER ::= { sigAlgs 28 } + */ +const unsigned char ossl_der_oid_id_slh_dsa_shake_192s[DER_OID_SZ_id_slh_dsa_shake_192s] = { + DER_OID_V_id_slh_dsa_shake_192s +}; + +/* + * id-slh-dsa-shake-192f OBJECT IDENTIFIER ::= { sigAlgs 29 } + */ +const unsigned char ossl_der_oid_id_slh_dsa_shake_192f[DER_OID_SZ_id_slh_dsa_shake_192f] = { + DER_OID_V_id_slh_dsa_shake_192f +}; + +/* + * id-slh-dsa-shake-256s OBJECT IDENTIFIER ::= { sigAlgs 30 } + */ +const unsigned char ossl_der_oid_id_slh_dsa_shake_256s[DER_OID_SZ_id_slh_dsa_shake_256s] = { + DER_OID_V_id_slh_dsa_shake_256s +}; + +/* + * id-slh-dsa-shake-256f OBJECT IDENTIFIER ::= { sigAlgs 31 } + */ +const unsigned char ossl_der_oid_id_slh_dsa_shake_256f[DER_OID_SZ_id_slh_dsa_shake_256f] = { + DER_OID_V_id_slh_dsa_shake_256f +}; + diff --git a/contrib/openssl-cmake/common/providers/der_sm2_gen.c b/contrib/openssl-cmake/common/providers/der_sm2_gen.c new file mode 100644 index 000000000000..6424ea166b7e --- /dev/null +++ b/contrib/openssl-cmake/common/providers/der_sm2_gen.c @@ -0,0 +1,30 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from providers/common/der/der_sm2_gen.c.in + * + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "prov/der_sm2.h" + +/* Well known OIDs precompiled */ + +/* + * sm2-with-SM3 OBJECT IDENTIFIER ::= { sm-scheme 501 } + */ +const unsigned char ossl_der_oid_sm2_with_SM3[DER_OID_SZ_sm2_with_SM3] = { + DER_OID_V_sm2_with_SM3 +}; + +/* + * curveSM2 OBJECT IDENTIFIER ::= { sm-scheme 301 } + */ +const unsigned char ossl_der_oid_curveSM2[DER_OID_SZ_curveSM2] = { + DER_OID_V_curveSM2 +}; + diff --git a/contrib/openssl-cmake/common/providers/der_wrap_gen.c b/contrib/openssl-cmake/common/providers/der_wrap_gen.c new file mode 100644 index 000000000000..6cf93972f48b --- /dev/null +++ b/contrib/openssl-cmake/common/providers/der_wrap_gen.c @@ -0,0 +1,46 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from providers/common/der/der_wrap_gen.c.in + * + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "prov/der_wrap.h" + +/* Well known OIDs precompiled */ + +/* + * id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 + * } + */ +const unsigned char ossl_der_oid_id_alg_CMS3DESwrap[DER_OID_SZ_id_alg_CMS3DESwrap] = { + DER_OID_V_id_alg_CMS3DESwrap +}; + +/* + * id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 } + */ +const unsigned char ossl_der_oid_id_aes128_wrap[DER_OID_SZ_id_aes128_wrap] = { + DER_OID_V_id_aes128_wrap +}; + +/* + * id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 } + */ +const unsigned char ossl_der_oid_id_aes192_wrap[DER_OID_SZ_id_aes192_wrap] = { + DER_OID_V_id_aes192_wrap +}; + +/* + * id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 } + */ +const unsigned char ossl_der_oid_id_aes256_wrap[DER_OID_SZ_id_aes256_wrap] = { + DER_OID_V_id_aes256_wrap +}; + diff --git a/contrib/openssl-cmake/darwin_aarch64/include/openssl/cmp.h b/contrib/openssl-cmake/darwin_aarch64/include/openssl/cmp.h index 60beffd57ef6..1b25211ebb3a 100644 --- a/contrib/openssl-cmake/darwin_aarch64/include/openssl/cmp.h +++ b/contrib/openssl-cmake/darwin_aarch64/include/openssl/cmp.h @@ -194,6 +194,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; * -- CertReqMsg * } */ +# define OSSL_CMP_PKISTATUS_rejected_by_client -5 +# define OSSL_CMP_PKISTATUS_checking_response -4 # define OSSL_CMP_PKISTATUS_request -3 # define OSSL_CMP_PKISTATUS_trans -2 # define OSSL_CMP_PKISTATUS_unspecified -1 diff --git a/contrib/openssl-cmake/darwin_aarch64/include/openssl/opensslv.h b/contrib/openssl-cmake/darwin_aarch64/include/openssl/opensslv.h index b38d64da5930..110c34de0e46 100644 --- a/contrib/openssl-cmake/darwin_aarch64/include/openssl/opensslv.h +++ b/contrib/openssl-cmake/darwin_aarch64/include/openssl/opensslv.h @@ -28,8 +28,8 @@ extern "C" { * These macros express version number MAJOR.MINOR.PATCH exactly */ # define OPENSSL_VERSION_MAJOR 3 -# define OPENSSL_VERSION_MINOR 2 -# define OPENSSL_VERSION_PATCH 1 +# define OPENSSL_VERSION_MINOR 5 +# define OPENSSL_VERSION_PATCH 6 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.2.1" -# define OPENSSL_FULL_VERSION_STR "3.2.1" +# define OPENSSL_VERSION_STR "3.5.6" +# define OPENSSL_FULL_VERSION_STR "3.5.6" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 Jan 2024" +# define OPENSSL_RELEASE_DATE "7 Apr 2026" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.1 30 Jan 2024" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.5.6 7 Apr 2026" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/contrib/openssl-cmake/darwin_aarch64/include_private/buildinf.h b/contrib/openssl-cmake/darwin_aarch64/include_private/buildinf.h index 0b63021d18ce..e06bdda45093 100644 --- a/contrib/openssl-cmake/darwin_aarch64/include_private/buildinf.h +++ b/contrib/openssl-cmake/darwin_aarch64/include_private/buildinf.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by util/mkbuildinf.pl * - * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: darwin64-arm64" -#define DATE "built on: Thu Feb 22 19:39:51 2024 UTC" +#define DATE "built on: Tue Oct 21 14:52:13 2025 UTC" /* * Generate compiler_flags as an array of individual characters. This is a @@ -19,13 +19,14 @@ * literal */ static const char compiler_flags[] = { - 'c','o','m','p','i','l','e','r',':',' ','/','o','p','t','/','h', - 'o','m','e','b','r','e','w','/','o','p','t','/','l','l','v','m', - '/','b','i','n','/','c','l','a','n','g',' ','-','f','P','I','C', - ' ','-','a','r','c','h',' ','a','r','m','6','4',' ','-','O','3', - ' ','-','W','a','l','l',' ','-','D','L','_','E','N','D','I','A', - 'N',' ','-','D','O','P','E','N','S','S','L','_','P','I','C',' ', - '-','D','_','R','E','E','N','T','R','A','N','T',' ','-','D','O', - 'P','E','N','S','S','L','_','B','U','I','L','D','I','N','G','_', - 'O','P','E','N','S','S','L',' ','-','D','N','D','E','B','U','G','\0' + 'c','o','m','p','i','l','e','r',':',' ','c','l','a','n','g',' ', + '-','f','P','I','C',' ','-','a','r','c','h',' ','a','r','m','6', + '4',' ','-','W','a',',','-','-','n','o','e','x','e','c','s','t', + 'a','c','k',' ','-','Q','u','n','u','s','e','d','-','a','r','g', + 'u','m','e','n','t','s',' ','-','O','3',' ','-','W','a','l','l', + ' ','-','D','L','_','E','N','D','I','A','N',' ','-','D','O','P', + 'E','N','S','S','L','_','P','I','C',' ','-','D','_','R','E','E', + 'N','T','R','A','N','T',' ','-','D','O','P','E','N','S','S','L', + '_','B','U','I','L','D','I','N','G','_','O','P','E','N','S','S', + 'L',' ','-','D','N','D','E','B','U','G','\0' }; diff --git a/contrib/openssl-cmake/darwin_x86_64/include_private/buildinf.h b/contrib/openssl-cmake/darwin_x86_64/include_private/buildinf.h index ca39312766de..2c049aad35c7 100644 --- a/contrib/openssl-cmake/darwin_x86_64/include_private/buildinf.h +++ b/contrib/openssl-cmake/darwin_x86_64/include_private/buildinf.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by util/mkbuildinf.pl * - * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: darwin64-x86_64" -#define DATE "built on: Thu Feb 22 19:59:27 2024 UTC" +#define DATE "built on: Tue Oct 21 14:50:23 2025 UTC" /* * Generate compiler_flags as an array of individual characters. This is a @@ -19,14 +19,14 @@ * literal */ static const char compiler_flags[] = { - 'c','o','m','p','i','l','e','r',':',' ','/','o','p','t','/','h', - 'o','m','e','b','r','e','w','/','o','p','t','/','l','l','v','m', - '/','b','i','n','/','c','l','a','n','g',' ','-','f','P','I','C', - ' ','-','a','r','c','h',' ','x','8','6','_','6','4',' ','-','O', - '3',' ','-','W','a','l','l',' ','-','D','L','_','E','N','D','I', - 'A','N',' ','-','D','O','P','E','N','S','S','L','_','P','I','C', - ' ','-','D','_','R','E','E','N','T','R','A','N','T',' ','-','D', - 'O','P','E','N','S','S','L','_','B','U','I','L','D','I','N','G', - '_','O','P','E','N','S','S','L',' ','-','D','N','D','E','B','U', - 'G','\0' + 'c','o','m','p','i','l','e','r',':',' ','c','l','a','n','g',' ', + '-','f','P','I','C',' ','-','a','r','c','h',' ','x','8','6','_', + '6','4',' ','-','W','a',',','-','-','n','o','e','x','e','c','s', + 't','a','c','k',' ','-','Q','u','n','u','s','e','d','-','a','r', + 'g','u','m','e','n','t','s',' ','-','O','3',' ','-','W','a','l', + 'l',' ','-','D','L','_','E','N','D','I','A','N',' ','-','D','O', + 'P','E','N','S','S','L','_','P','I','C',' ','-','D','_','R','E', + 'E','N','T','R','A','N','T',' ','-','D','O','P','E','N','S','S', + 'L','_','B','U','I','L','D','I','N','G','_','O','P','E','N','S', + 'S','L',' ','-','D','N','D','E','B','U','G','\0' }; diff --git a/contrib/openssl-cmake/linux_aarch64/include/openssl/cmp.h b/contrib/openssl-cmake/linux_aarch64/include/openssl/cmp.h index 60beffd57ef6..1b25211ebb3a 100644 --- a/contrib/openssl-cmake/linux_aarch64/include/openssl/cmp.h +++ b/contrib/openssl-cmake/linux_aarch64/include/openssl/cmp.h @@ -194,6 +194,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; * -- CertReqMsg * } */ +# define OSSL_CMP_PKISTATUS_rejected_by_client -5 +# define OSSL_CMP_PKISTATUS_checking_response -4 # define OSSL_CMP_PKISTATUS_request -3 # define OSSL_CMP_PKISTATUS_trans -2 # define OSSL_CMP_PKISTATUS_unspecified -1 diff --git a/contrib/openssl-cmake/linux_aarch64/include/openssl/opensslv.h b/contrib/openssl-cmake/linux_aarch64/include/openssl/opensslv.h index b38d64da5930..110c34de0e46 100644 --- a/contrib/openssl-cmake/linux_aarch64/include/openssl/opensslv.h +++ b/contrib/openssl-cmake/linux_aarch64/include/openssl/opensslv.h @@ -28,8 +28,8 @@ extern "C" { * These macros express version number MAJOR.MINOR.PATCH exactly */ # define OPENSSL_VERSION_MAJOR 3 -# define OPENSSL_VERSION_MINOR 2 -# define OPENSSL_VERSION_PATCH 1 +# define OPENSSL_VERSION_MINOR 5 +# define OPENSSL_VERSION_PATCH 6 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.2.1" -# define OPENSSL_FULL_VERSION_STR "3.2.1" +# define OPENSSL_VERSION_STR "3.5.6" +# define OPENSSL_FULL_VERSION_STR "3.5.6" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 Jan 2024" +# define OPENSSL_RELEASE_DATE "7 Apr 2026" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.1 30 Jan 2024" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.5.6 7 Apr 2026" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/contrib/openssl-cmake/linux_aarch64/include_private/buildinf.h b/contrib/openssl-cmake/linux_aarch64/include_private/buildinf.h index 194ad73c7a36..140e6f2f2515 100644 --- a/contrib/openssl-cmake/linux_aarch64/include_private/buildinf.h +++ b/contrib/openssl-cmake/linux_aarch64/include_private/buildinf.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by util/mkbuildinf.pl * - * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux-aarch64" -#define DATE "built on: Tue Feb 13 14:16:46 2024 UTC" +#define DATE "built on: Tue Oct 21 14:48:11 2025 UTC" /* * Generate compiler_flags as an array of individual characters. This is a @@ -19,14 +19,14 @@ * literal */ static const char compiler_flags[] = { - 'c','o','m','p','i','l','e','r',':',' ','c','l','a','n','g','-', - '1','8',' ','-','f','P','I','C',' ','-','p','t','h','r','e','a', - 'd',' ','-','W','a',',','-','-','n','o','e','x','e','c','s','t', - 'a','c','k',' ','-','Q','u','n','u','s','e','d','-','a','r','g', - 'u','m','e','n','t','s',' ','-','W','a','l','l',' ','-','O','3', - ' ','-','D','O','P','E','N','S','S','L','_','U','S','E','_','N', - 'O','D','E','L','E','T','E',' ','-','D','O','P','E','N','S','S', - 'L','_','P','I','C',' ','-','D','O','P','E','N','S','S','L','_', - 'B','U','I','L','D','I','N','G','_','O','P','E','N','S','S','L', - ' ','-','D','N','D','E','B','U','G','\0' + 'c','o','m','p','i','l','e','r',':',' ','c','l','a','n','g',' ', + '-','f','P','I','C',' ','-','p','t','h','r','e','a','d',' ','-', + 'W','a',',','-','-','n','o','e','x','e','c','s','t','a','c','k', + ' ','-','Q','u','n','u','s','e','d','-','a','r','g','u','m','e', + 'n','t','s',' ','-','W','a','l','l',' ','-','O','3',' ','-','D', + 'O','P','E','N','S','S','L','_','U','S','E','_','N','O','D','E', + 'L','E','T','E',' ','-','D','O','P','E','N','S','S','L','_','P', + 'I','C',' ','-','D','O','P','E','N','S','S','L','_','B','U','I', + 'L','D','I','N','G','_','O','P','E','N','S','S','L',' ','-','D', + 'N','D','E','B','U','G','\0' }; diff --git a/contrib/openssl-cmake/linux_loongarch64/include/openssl/cmp.h b/contrib/openssl-cmake/linux_loongarch64/include/openssl/cmp.h index 60beffd57ef6..1b25211ebb3a 100644 --- a/contrib/openssl-cmake/linux_loongarch64/include/openssl/cmp.h +++ b/contrib/openssl-cmake/linux_loongarch64/include/openssl/cmp.h @@ -194,6 +194,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; * -- CertReqMsg * } */ +# define OSSL_CMP_PKISTATUS_rejected_by_client -5 +# define OSSL_CMP_PKISTATUS_checking_response -4 # define OSSL_CMP_PKISTATUS_request -3 # define OSSL_CMP_PKISTATUS_trans -2 # define OSSL_CMP_PKISTATUS_unspecified -1 diff --git a/contrib/openssl-cmake/linux_loongarch64/include/openssl/opensslv.h b/contrib/openssl-cmake/linux_loongarch64/include/openssl/opensslv.h index b38d64da5930..110c34de0e46 100644 --- a/contrib/openssl-cmake/linux_loongarch64/include/openssl/opensslv.h +++ b/contrib/openssl-cmake/linux_loongarch64/include/openssl/opensslv.h @@ -28,8 +28,8 @@ extern "C" { * These macros express version number MAJOR.MINOR.PATCH exactly */ # define OPENSSL_VERSION_MAJOR 3 -# define OPENSSL_VERSION_MINOR 2 -# define OPENSSL_VERSION_PATCH 1 +# define OPENSSL_VERSION_MINOR 5 +# define OPENSSL_VERSION_PATCH 6 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.2.1" -# define OPENSSL_FULL_VERSION_STR "3.2.1" +# define OPENSSL_VERSION_STR "3.5.6" +# define OPENSSL_FULL_VERSION_STR "3.5.6" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 Jan 2024" +# define OPENSSL_RELEASE_DATE "7 Apr 2026" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.1 30 Jan 2024" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.5.6 7 Apr 2026" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/contrib/openssl-cmake/linux_loongarch64/include_private/buildinf.h b/contrib/openssl-cmake/linux_loongarch64/include_private/buildinf.h index a3a6485bbe9b..41428e11406f 100644 --- a/contrib/openssl-cmake/linux_loongarch64/include_private/buildinf.h +++ b/contrib/openssl-cmake/linux_loongarch64/include_private/buildinf.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by util/mkbuildinf.pl * - * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux64-loongarch64" -#define DATE "built on: Thu Apr 18 07:53:56 2024 UTC" +#define DATE "built on: Tue Oct 21 14:56:50 2025 UTC" /* * Generate compiler_flags as an array of individual characters. This is a @@ -19,12 +19,15 @@ * literal */ static const char compiler_flags[] = { - 'c','o','m','p','i','l','e','r',':',' ','g','c','c',' ','-','f', - 'P','I','C',' ','-','p','t','h','r','e','a','d',' ','-','W','a', - 'l','l',' ','-','O','3',' ','-','D','O','P','E','N','S','S','L', - '_','U','S','E','_','N','O','D','E','L','E','T','E',' ','-','D', - 'L','_','E','N','D','I','A','N',' ','-','D','O','P','E','N','S', - 'S','L','_','P','I','C',' ','-','D','O','P','E','N','S','S','L', - '_','B','U','I','L','D','I','N','G','_','O','P','E','N','S','S', - 'L',' ','-','D','N','D','E','B','U','G','\0' + 'c','o','m','p','i','l','e','r',':',' ','c','l','a','n','g',' ', + '-','f','P','I','C',' ','-','p','t','h','r','e','a','d',' ','-', + 'W','a',',','-','-','n','o','e','x','e','c','s','t','a','c','k', + ' ','-','Q','u','n','u','s','e','d','-','a','r','g','u','m','e', + 'n','t','s',' ','-','W','a','l','l',' ','-','O','3',' ','-','D', + 'O','P','E','N','S','S','L','_','U','S','E','_','N','O','D','E', + 'L','E','T','E',' ','-','D','L','_','E','N','D','I','A','N',' ', + '-','D','O','P','E','N','S','S','L','_','P','I','C',' ','-','D', + 'O','P','E','N','S','S','L','_','B','U','I','L','D','I','N','G', + '_','O','P','E','N','S','S','L',' ','-','D','N','D','E','B','U', + 'G','\0' }; diff --git a/contrib/openssl-cmake/linux_ppc64le/include/openssl/cmp.h b/contrib/openssl-cmake/linux_ppc64le/include/openssl/cmp.h index 60beffd57ef6..1b25211ebb3a 100644 --- a/contrib/openssl-cmake/linux_ppc64le/include/openssl/cmp.h +++ b/contrib/openssl-cmake/linux_ppc64le/include/openssl/cmp.h @@ -194,6 +194,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; * -- CertReqMsg * } */ +# define OSSL_CMP_PKISTATUS_rejected_by_client -5 +# define OSSL_CMP_PKISTATUS_checking_response -4 # define OSSL_CMP_PKISTATUS_request -3 # define OSSL_CMP_PKISTATUS_trans -2 # define OSSL_CMP_PKISTATUS_unspecified -1 diff --git a/contrib/openssl-cmake/linux_ppc64le/include/openssl/opensslv.h b/contrib/openssl-cmake/linux_ppc64le/include/openssl/opensslv.h index b38d64da5930..110c34de0e46 100644 --- a/contrib/openssl-cmake/linux_ppc64le/include/openssl/opensslv.h +++ b/contrib/openssl-cmake/linux_ppc64le/include/openssl/opensslv.h @@ -28,8 +28,8 @@ extern "C" { * These macros express version number MAJOR.MINOR.PATCH exactly */ # define OPENSSL_VERSION_MAJOR 3 -# define OPENSSL_VERSION_MINOR 2 -# define OPENSSL_VERSION_PATCH 1 +# define OPENSSL_VERSION_MINOR 5 +# define OPENSSL_VERSION_PATCH 6 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.2.1" -# define OPENSSL_FULL_VERSION_STR "3.2.1" +# define OPENSSL_VERSION_STR "3.5.6" +# define OPENSSL_FULL_VERSION_STR "3.5.6" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 Jan 2024" +# define OPENSSL_RELEASE_DATE "7 Apr 2026" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.1 30 Jan 2024" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.5.6 7 Apr 2026" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/contrib/openssl-cmake/linux_ppc64le/include_private/buildinf.h b/contrib/openssl-cmake/linux_ppc64le/include_private/buildinf.h index f1dba0c989df..124e3aaf3760 100644 --- a/contrib/openssl-cmake/linux_ppc64le/include_private/buildinf.h +++ b/contrib/openssl-cmake/linux_ppc64le/include_private/buildinf.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by util/mkbuildinf.pl * - * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux-ppc64le" -#define DATE "built on: Thu Feb 22 12:58:04 2024 UTC" +#define DATE "built on: Tue Oct 21 14:58:20 2025 UTC" /* * Generate compiler_flags as an array of individual characters. This is a @@ -19,13 +19,15 @@ * literal */ static const char compiler_flags[] = { - 'c','o','m','p','i','l','e','r',':',' ','c','l','a','n','g','-', - '1','7',' ','-','f','P','I','C',' ','-','p','t','h','r','e','a', - 'd',' ','-','m','6','4',' ','-','W','a','l','l',' ','-','O','3', - ' ','-','D','O','P','E','N','S','S','L','_','U','S','E','_','N', - 'O','D','E','L','E','T','E',' ','-','D','L','_','E','N','D','I', - 'A','N',' ','-','D','O','P','E','N','S','S','L','_','P','I','C', - ' ','-','D','O','P','E','N','S','S','L','_','B','U','I','L','D', - 'I','N','G','_','O','P','E','N','S','S','L',' ','-','D','N','D', - 'E','B','U','G','\0' + 'c','o','m','p','i','l','e','r',':',' ','c','l','a','n','g',' ', + '-','f','P','I','C',' ','-','p','t','h','r','e','a','d',' ','-', + 'm','6','4',' ','-','W','a',',','-','-','n','o','e','x','e','c', + 's','t','a','c','k',' ','-','Q','u','n','u','s','e','d','-','a', + 'r','g','u','m','e','n','t','s',' ','-','W','a','l','l',' ','-', + 'O','3',' ','-','D','O','P','E','N','S','S','L','_','U','S','E', + '_','N','O','D','E','L','E','T','E',' ','-','D','L','_','E','N', + 'D','I','A','N',' ','-','D','O','P','E','N','S','S','L','_','P', + 'I','C',' ','-','D','O','P','E','N','S','S','L','_','B','U','I', + 'L','D','I','N','G','_','O','P','E','N','S','S','L',' ','-','D', + 'N','D','E','B','U','G','\0' }; diff --git a/contrib/openssl-cmake/linux_riscv64/include/openssl/cmp.h b/contrib/openssl-cmake/linux_riscv64/include/openssl/cmp.h index 60beffd57ef6..1b25211ebb3a 100644 --- a/contrib/openssl-cmake/linux_riscv64/include/openssl/cmp.h +++ b/contrib/openssl-cmake/linux_riscv64/include/openssl/cmp.h @@ -194,6 +194,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; * -- CertReqMsg * } */ +# define OSSL_CMP_PKISTATUS_rejected_by_client -5 +# define OSSL_CMP_PKISTATUS_checking_response -4 # define OSSL_CMP_PKISTATUS_request -3 # define OSSL_CMP_PKISTATUS_trans -2 # define OSSL_CMP_PKISTATUS_unspecified -1 diff --git a/contrib/openssl-cmake/linux_riscv64/include/openssl/opensslv.h b/contrib/openssl-cmake/linux_riscv64/include/openssl/opensslv.h index b38d64da5930..110c34de0e46 100644 --- a/contrib/openssl-cmake/linux_riscv64/include/openssl/opensslv.h +++ b/contrib/openssl-cmake/linux_riscv64/include/openssl/opensslv.h @@ -28,8 +28,8 @@ extern "C" { * These macros express version number MAJOR.MINOR.PATCH exactly */ # define OPENSSL_VERSION_MAJOR 3 -# define OPENSSL_VERSION_MINOR 2 -# define OPENSSL_VERSION_PATCH 1 +# define OPENSSL_VERSION_MINOR 5 +# define OPENSSL_VERSION_PATCH 6 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.2.1" -# define OPENSSL_FULL_VERSION_STR "3.2.1" +# define OPENSSL_VERSION_STR "3.5.6" +# define OPENSSL_FULL_VERSION_STR "3.5.6" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 Jan 2024" +# define OPENSSL_RELEASE_DATE "7 Apr 2026" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.1 30 Jan 2024" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.5.6 7 Apr 2026" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/contrib/openssl-cmake/linux_riscv64/include_private/buildinf.h b/contrib/openssl-cmake/linux_riscv64/include_private/buildinf.h index cfa3b3079f2b..7114f2bbbdfd 100644 --- a/contrib/openssl-cmake/linux_riscv64/include_private/buildinf.h +++ b/contrib/openssl-cmake/linux_riscv64/include_private/buildinf.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by util/mkbuildinf.pl * - * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux64-riscv64" -#define DATE "built on: Thu Feb 22 16:18:09 2024 UTC" +#define DATE "built on: Tue Oct 21 15:00:11 2025 UTC" /* * Generate compiler_flags as an array of individual characters. This is a @@ -19,12 +19,14 @@ * literal */ static const char compiler_flags[] = { - 'c','o','m','p','i','l','e','r',':',' ','c','l','a','n','g','-', - '1','7',' ','-','f','P','I','C',' ','-','p','t','h','r','e','a', - 'd',' ','-','W','a','l','l',' ','-','O','3',' ','-','D','O','P', - 'E','N','S','S','L','_','U','S','E','_','N','O','D','E','L','E', - 'T','E',' ','-','D','O','P','E','N','S','S','L','_','P','I','C', - ' ','-','D','O','P','E','N','S','S','L','_','B','U','I','L','D', - 'I','N','G','_','O','P','E','N','S','S','L',' ','-','D','N','D', - 'E','B','U','G','\0' + 'c','o','m','p','i','l','e','r',':',' ','c','l','a','n','g',' ', + '-','f','P','I','C',' ','-','p','t','h','r','e','a','d',' ','-', + 'W','a',',','-','-','n','o','e','x','e','c','s','t','a','c','k', + ' ','-','Q','u','n','u','s','e','d','-','a','r','g','u','m','e', + 'n','t','s',' ','-','W','a','l','l',' ','-','O','3',' ','-','D', + 'O','P','E','N','S','S','L','_','U','S','E','_','N','O','D','E', + 'L','E','T','E',' ','-','D','O','P','E','N','S','S','L','_','P', + 'I','C',' ','-','D','O','P','E','N','S','S','L','_','B','U','I', + 'L','D','I','N','G','_','O','P','E','N','S','S','L',' ','-','D', + 'N','D','E','B','U','G','\0' }; diff --git a/contrib/openssl-cmake/linux_s390x/include/openssl/cmp.h b/contrib/openssl-cmake/linux_s390x/include/openssl/cmp.h index 60beffd57ef6..1b25211ebb3a 100644 --- a/contrib/openssl-cmake/linux_s390x/include/openssl/cmp.h +++ b/contrib/openssl-cmake/linux_s390x/include/openssl/cmp.h @@ -194,6 +194,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; * -- CertReqMsg * } */ +# define OSSL_CMP_PKISTATUS_rejected_by_client -5 +# define OSSL_CMP_PKISTATUS_checking_response -4 # define OSSL_CMP_PKISTATUS_request -3 # define OSSL_CMP_PKISTATUS_trans -2 # define OSSL_CMP_PKISTATUS_unspecified -1 diff --git a/contrib/openssl-cmake/linux_s390x/include/openssl/opensslv.h b/contrib/openssl-cmake/linux_s390x/include/openssl/opensslv.h index b38d64da5930..110c34de0e46 100644 --- a/contrib/openssl-cmake/linux_s390x/include/openssl/opensslv.h +++ b/contrib/openssl-cmake/linux_s390x/include/openssl/opensslv.h @@ -28,8 +28,8 @@ extern "C" { * These macros express version number MAJOR.MINOR.PATCH exactly */ # define OPENSSL_VERSION_MAJOR 3 -# define OPENSSL_VERSION_MINOR 2 -# define OPENSSL_VERSION_PATCH 1 +# define OPENSSL_VERSION_MINOR 5 +# define OPENSSL_VERSION_PATCH 6 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.2.1" -# define OPENSSL_FULL_VERSION_STR "3.2.1" +# define OPENSSL_VERSION_STR "3.5.6" +# define OPENSSL_FULL_VERSION_STR "3.5.6" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 Jan 2024" +# define OPENSSL_RELEASE_DATE "7 Apr 2026" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.1 30 Jan 2024" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.5.6 7 Apr 2026" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/contrib/openssl-cmake/linux_s390x/include_private/buildinf.h b/contrib/openssl-cmake/linux_s390x/include_private/buildinf.h index f1dba0c989df..18dee70bb178 100644 --- a/contrib/openssl-cmake/linux_s390x/include_private/buildinf.h +++ b/contrib/openssl-cmake/linux_s390x/include_private/buildinf.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by util/mkbuildinf.pl * - * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,8 +10,8 @@ * https://www.openssl.org/source/license.html */ -#define PLATFORM "platform: linux-ppc64le" -#define DATE "built on: Thu Feb 22 12:58:04 2024 UTC" +#define PLATFORM "platform: linux64-s390x" +#define DATE "built on: Tue Oct 21 14:43:11 2025 UTC" /* * Generate compiler_flags as an array of individual characters. This is a @@ -19,13 +19,15 @@ * literal */ static const char compiler_flags[] = { - 'c','o','m','p','i','l','e','r',':',' ','c','l','a','n','g','-', - '1','7',' ','-','f','P','I','C',' ','-','p','t','h','r','e','a', - 'd',' ','-','m','6','4',' ','-','W','a','l','l',' ','-','O','3', - ' ','-','D','O','P','E','N','S','S','L','_','U','S','E','_','N', - 'O','D','E','L','E','T','E',' ','-','D','L','_','E','N','D','I', - 'A','N',' ','-','D','O','P','E','N','S','S','L','_','P','I','C', - ' ','-','D','O','P','E','N','S','S','L','_','B','U','I','L','D', - 'I','N','G','_','O','P','E','N','S','S','L',' ','-','D','N','D', - 'E','B','U','G','\0' + 'c','o','m','p','i','l','e','r',':',' ','c','l','a','n','g',' ', + '-','f','P','I','C',' ','-','p','t','h','r','e','a','d',' ','-', + 'm','6','4',' ','-','W','a',',','-','-','n','o','e','x','e','c', + 's','t','a','c','k',' ','-','Q','u','n','u','s','e','d','-','a', + 'r','g','u','m','e','n','t','s',' ','-','W','a','l','l',' ','-', + 'O','3',' ','-','D','O','P','E','N','S','S','L','_','U','S','E', + '_','N','O','D','E','L','E','T','E',' ','-','D','B','_','E','N', + 'D','I','A','N',' ','-','D','O','P','E','N','S','S','L','_','P', + 'I','C',' ','-','D','O','P','E','N','S','S','L','_','B','U','I', + 'L','D','I','N','G','_','O','P','E','N','S','S','L',' ','-','D', + 'N','D','E','B','U','G','\0' }; diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/cmp.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/cmp.h index 60beffd57ef6..1b25211ebb3a 100644 --- a/contrib/openssl-cmake/linux_x86_64/include/openssl/cmp.h +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/cmp.h @@ -194,6 +194,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; * -- CertReqMsg * } */ +# define OSSL_CMP_PKISTATUS_rejected_by_client -5 +# define OSSL_CMP_PKISTATUS_checking_response -4 # define OSSL_CMP_PKISTATUS_request -3 # define OSSL_CMP_PKISTATUS_trans -2 # define OSSL_CMP_PKISTATUS_unspecified -1 diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/opensslv.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/opensslv.h index b38d64da5930..110c34de0e46 100644 --- a/contrib/openssl-cmake/linux_x86_64/include/openssl/opensslv.h +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/opensslv.h @@ -28,8 +28,8 @@ extern "C" { * These macros express version number MAJOR.MINOR.PATCH exactly */ # define OPENSSL_VERSION_MAJOR 3 -# define OPENSSL_VERSION_MINOR 2 -# define OPENSSL_VERSION_PATCH 1 +# define OPENSSL_VERSION_MINOR 5 +# define OPENSSL_VERSION_PATCH 6 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.2.1" -# define OPENSSL_FULL_VERSION_STR "3.2.1" +# define OPENSSL_VERSION_STR "3.5.6" +# define OPENSSL_FULL_VERSION_STR "3.5.6" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 Jan 2024" +# define OPENSSL_RELEASE_DATE "7 Apr 2026" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.1 30 Jan 2024" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.5.6 7 Apr 2026" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/buildinf.h b/contrib/openssl-cmake/linux_x86_64/include_private/buildinf.h index aa43a964f2f1..04a5c9184046 100644 --- a/contrib/openssl-cmake/linux_x86_64/include_private/buildinf.h +++ b/contrib/openssl-cmake/linux_x86_64/include_private/buildinf.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by util/mkbuildinf.pl * - * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,8 +10,8 @@ * https://www.openssl.org/source/license.html */ -#define PLATFORM "platform: linux-x86_64" -#define DATE "built on: Mon Feb 12 14:02:48 2024 UTC" +#define PLATFORM "platform: linux-x86_64-clang" +#define DATE "built on: Tue Oct 21 14:46:34 2025 UTC" /* * Generate compiler_flags as an array of individual characters. This is a @@ -19,15 +19,15 @@ * literal */ static const char compiler_flags[] = { - 'c','o','m','p','i','l','e','r',':',' ','c','l','a','n','g','-', - '1','7',' ','-','f','P','I','C',' ','-','p','t','h','r','e','a', - 'd',' ','-','m','6','4',' ','-','W','a',',','-','-','n','o','e', - 'x','e','c','s','t','a','c','k',' ','-','Q','u','n','u','s','e', - 'd','-','a','r','g','u','m','e','n','t','s',' ','-','W','a','l', - 'l',' ','-','O','3',' ','-','D','O','P','E','N','S','S','L','_', - 'U','S','E','_','N','O','D','E','L','E','T','E',' ','-','D','L', - '_','E','N','D','I','A','N',' ','-','D','O','P','E','N','S','S', - 'L','_','P','I','C',' ','-','D','O','P','E','N','S','S','L','_', - 'B','U','I','L','D','I','N','G','_','O','P','E','N','S','S','L', - ' ','-','D','N','D','E','B','U','G','\0' + 'c','o','m','p','i','l','e','r',':',' ','c','l','a','n','g',' ', + '-','f','P','I','C',' ','-','p','t','h','r','e','a','d',' ','-', + 'm','6','4',' ','-','W','a',',','-','-','n','o','e','x','e','c', + 's','t','a','c','k',' ','-','Q','u','n','u','s','e','d','-','a', + 'r','g','u','m','e','n','t','s',' ','-','W','a','l','l',' ','-', + 'O','3',' ','-','D','O','P','E','N','S','S','L','_','U','S','E', + '_','N','O','D','E','L','E','T','E',' ','-','D','L','_','E','N', + 'D','I','A','N',' ','-','D','O','P','E','N','S','S','L','_','P', + 'I','C',' ','-','D','O','P','E','N','S','S','L','_','B','U','I', + 'L','D','I','N','G','_','O','P','E','N','S','S','L',' ','-','D', + 'N','D','E','B','U','G','\0' }; From 88b09dd36534d076b65e86c9d8fc85019a2acb6f Mon Sep 17 00:00:00 2001 From: Konstantin Bogdanov Date: Wed, 15 Apr 2026 17:41:55 +0200 Subject: [PATCH 122/141] Fix build --- contrib/openssl-cmake/CMakeLists.txt | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/contrib/openssl-cmake/CMakeLists.txt b/contrib/openssl-cmake/CMakeLists.txt index e5fa8e641c9f..8af5aab169e6 100644 --- a/contrib/openssl-cmake/CMakeLists.txt +++ b/contrib/openssl-cmake/CMakeLists.txt @@ -33,7 +33,16 @@ set(OPENSSLDIR "/etc/ssl" CACHE PATH "Set the default openssl directory") set(OPENSSL_ENGINESDIR "/usr/local/lib/engines-3" CACHE PATH "Set the default openssl directory for engines") set(OPENSSL_MODULESDIR "/usr/local/lib/ossl-modules" CACHE PATH "Set the default openssl directory for modules") -add_definitions(-DOPENSSL_NO_KTLS -DOPENSSLDIR="${OPENSSLDIR}" -DENGINESDIR="${OPENSSL_ENGINESDIR}" -DMODULESDIR="${OPENSSL_MODULESDIR}" -DOPENSSL_USE_NODELETE -DOPENSSL_PIC) +# special type of build during cross-compilation +if(OPENSSL_AUX_BUILD_FOR_CROSS_COMPILATION) + add_definitions(-DOPENSSL_NO_KTLS -DOPENSSLDIR="\\\"${OPENSSLDIR}\\\"" -DENGINESDIR="\\\"${OPENSSL_ENGINESDIR}\\\"" -DMODULESDIR="\\\"${OPENSSL_MODULESDIR}\\\"" -DOPENSSL_USE_NODELETE -DOPENSSL_PIC) + add_compile_options("-Wno-deprecated-declarations") + add_compile_options("-Wno-poison-system-directories") +else() + add_definitions(-DOPENSSL_NO_KTLS -DOPENSSLDIR="${OPENSSLDIR}" -DENGINESDIR="${OPENSSL_ENGINESDIR}" -DMODULESDIR="${OPENSSL_MODULESDIR}" -DOPENSSL_USE_NODELETE -DOPENSSL_PIC) + target_compile_options(global-group INTERFACE "-Wno-deprecated-declarations") + target_compile_options(global-group INTERFACE "-Wno-poison-system-directories") +endif() if(ARCH_AMD64) if(OS_DARWIN) @@ -1409,6 +1418,7 @@ add_definitions(-DSTATIC_LEGACY) target_include_directories(crypto SYSTEM PUBLIC "common/include" + SYSTEM PUBLIC "${PLATFORM_DIRECTORY}/include" PRIVATE "${PLATFORM_DIRECTORY}/include_private") target_include_directories(crypto @@ -1431,4 +1441,9 @@ target_link_libraries(ssl crypto) add_library(OpenSSL::Crypto ALIAS crypto) add_library(OpenSSL::SSL ALIAS ssl) -install(FILES openssl.conf fipsmodule.conf DESTINATION "${CLICKHOUSE_ETC_DIR}/clickhouse-server" COMPONENT clickhouse) +if(OPENSSL_AUX_BUILD_FOR_CROSS_COMPILATION) + install(DIRECTORY "${PLATFORM_DIRECTORY}/include" DESTINATION "${CMAKE_BINARY_DIR}") + install(DIRECTORY "${OPENSSL_SOURCE_DIR}/include" DESTINATION "${CMAKE_BINARY_DIR}") +else() + install(FILES openssl.conf fipsmodule.conf DESTINATION "${CLICKHOUSE_ETC_DIR}/clickhouse-server" COMPONENT clickhouse) +endif() From 3f492ad327e658df45190cf7b53e1b9794e1de62 Mon Sep 17 00:00:00 2001 From: Konstantin Bogdanov Date: Wed, 15 Apr 2026 17:56:20 +0200 Subject: [PATCH 123/141] Fix build --- contrib/openssl-cmake/CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/openssl-cmake/CMakeLists.txt b/contrib/openssl-cmake/CMakeLists.txt index 8af5aab169e6..4d629f1ec12c 100644 --- a/contrib/openssl-cmake/CMakeLists.txt +++ b/contrib/openssl-cmake/CMakeLists.txt @@ -1444,6 +1444,7 @@ add_library(OpenSSL::SSL ALIAS ssl) if(OPENSSL_AUX_BUILD_FOR_CROSS_COMPILATION) install(DIRECTORY "${PLATFORM_DIRECTORY}/include" DESTINATION "${CMAKE_BINARY_DIR}") install(DIRECTORY "${OPENSSL_SOURCE_DIR}/include" DESTINATION "${CMAKE_BINARY_DIR}") + install(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/common/include" DESTINATION "${CMAKE_BINARY_DIR}") else() install(FILES openssl.conf fipsmodule.conf DESTINATION "${CLICKHOUSE_ETC_DIR}/clickhouse-server" COMPONENT clickhouse) endif() From cb8bc2a7c1b6a8393dd000ab8da4613404a0603a Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Wed, 15 Apr 2026 16:35:58 +0000 Subject: [PATCH 124/141] Backport #102607 to 25.8: Use `xz` 5.8.3 --- .gitmodules | 2 +- contrib/xz | 2 +- contrib/xz-cmake/CMakeLists.txt | 19 ++++++++++++++++--- 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/.gitmodules b/.gitmodules index 1c7304defc3c..835ad0b2e922 100644 --- a/.gitmodules +++ b/.gitmodules @@ -154,7 +154,7 @@ url = https://github.com/ClickHouse/rocksdb [submodule "contrib/xz"] path = contrib/xz - url = https://github.com/xz-mirror/xz + url = https://github.com/tukaani-project/xz [submodule "contrib/abseil-cpp"] path = contrib/abseil-cpp url = https://github.com/ClickHouse/abseil-cpp.git diff --git a/contrib/xz b/contrib/xz index 869b9d1b4edd..4b73f2ec19a9 160000 --- a/contrib/xz +++ b/contrib/xz @@ -1 +1 @@ -Subproject commit 869b9d1b4edd6df07f819d360d306251f8147353 +Subproject commit 4b73f2ec19a99ef465282fbce633e8deb33691b3 diff --git a/contrib/xz-cmake/CMakeLists.txt b/contrib/xz-cmake/CMakeLists.txt index c73433d9863c..0848fc753a10 100644 --- a/contrib/xz-cmake/CMakeLists.txt +++ b/contrib/xz-cmake/CMakeLists.txt @@ -30,22 +30,26 @@ add_compile_definitions( HAVE_CHECK_SHA256 HAVE_DECODERS HAVE_DECODER_ARM + HAVE_DECODER_ARM64 HAVE_DECODER_ARMTHUMB HAVE_DECODER_DELTA HAVE_DECODER_IA64 HAVE_DECODER_LZMA1 HAVE_DECODER_LZMA2 HAVE_DECODER_POWERPC + HAVE_DECODER_RISCV HAVE_DECODER_SPARC HAVE_DECODER_X86 HAVE_ENCODERS HAVE_ENCODER_ARM + HAVE_ENCODER_ARM64 HAVE_ENCODER_ARMTHUMB HAVE_ENCODER_DELTA HAVE_ENCODER_IA64 HAVE_ENCODER_LZMA1 HAVE_ENCODER_LZMA2 HAVE_ENCODER_POWERPC + HAVE_ENCODER_RISCV HAVE_ENCODER_SPARC HAVE_ENCODER_X86 HAVE_MF_BT2 @@ -126,15 +130,16 @@ add_library(_liblzma ${SRC_DIR}/src/liblzma/api/lzma/vli.h ${SRC_DIR}/src/liblzma/check/check.c ${SRC_DIR}/src/liblzma/check/check.h + ${SRC_DIR}/src/liblzma/check/crc32_arm64.h ${SRC_DIR}/src/liblzma/check/crc32_fast.c - ${SRC_DIR}/src/liblzma/check/crc32_table.c + ${SRC_DIR}/src/liblzma/check/crc32_loongarch.h ${SRC_DIR}/src/liblzma/check/crc32_table_be.h ${SRC_DIR}/src/liblzma/check/crc32_table_le.h ${SRC_DIR}/src/liblzma/check/crc64_fast.c - ${SRC_DIR}/src/liblzma/check/crc64_table.c ${SRC_DIR}/src/liblzma/check/crc64_table_be.h ${SRC_DIR}/src/liblzma/check/crc64_table_le.h - ${SRC_DIR}/src/liblzma/check/crc_macros.h + ${SRC_DIR}/src/liblzma/check/crc_common.h + ${SRC_DIR}/src/liblzma/check/crc_x86_clmul.h ${SRC_DIR}/src/liblzma/check/sha256.c ${SRC_DIR}/src/liblzma/common/alone_decoder.c ${SRC_DIR}/src/liblzma/common/alone_decoder.h @@ -178,19 +183,25 @@ add_library(_liblzma ${SRC_DIR}/src/liblzma/common/index_encoder.c ${SRC_DIR}/src/liblzma/common/index_encoder.h ${SRC_DIR}/src/liblzma/common/index_hash.c + ${SRC_DIR}/src/liblzma/common/lzip_decoder.c + ${SRC_DIR}/src/liblzma/common/lzip_decoder.h ${SRC_DIR}/src/liblzma/common/memcmplen.h + ${SRC_DIR}/src/liblzma/common/microlzma_decoder.c + ${SRC_DIR}/src/liblzma/common/microlzma_encoder.c ${SRC_DIR}/src/liblzma/common/outqueue.c ${SRC_DIR}/src/liblzma/common/outqueue.h ${SRC_DIR}/src/liblzma/common/stream_buffer_decoder.c ${SRC_DIR}/src/liblzma/common/stream_buffer_encoder.c ${SRC_DIR}/src/liblzma/common/stream_decoder.c ${SRC_DIR}/src/liblzma/common/stream_decoder.h + ${SRC_DIR}/src/liblzma/common/stream_decoder_mt.c ${SRC_DIR}/src/liblzma/common/stream_encoder.c ${SRC_DIR}/src/liblzma/common/stream_encoder_mt.c ${SRC_DIR}/src/liblzma/common/stream_flags_common.c ${SRC_DIR}/src/liblzma/common/stream_flags_common.h ${SRC_DIR}/src/liblzma/common/stream_flags_decoder.c ${SRC_DIR}/src/liblzma/common/stream_flags_encoder.c + ${SRC_DIR}/src/liblzma/common/string_conversion.c ${SRC_DIR}/src/liblzma/common/vli_decoder.c ${SRC_DIR}/src/liblzma/common/vli_encoder.c ${SRC_DIR}/src/liblzma/common/vli_size.c @@ -229,9 +240,11 @@ add_library(_liblzma ${SRC_DIR}/src/liblzma/rangecoder/range_decoder.h ${SRC_DIR}/src/liblzma/rangecoder/range_encoder.h ${SRC_DIR}/src/liblzma/simple/arm.c + ${SRC_DIR}/src/liblzma/simple/arm64.c ${SRC_DIR}/src/liblzma/simple/armthumb.c ${SRC_DIR}/src/liblzma/simple/ia64.c ${SRC_DIR}/src/liblzma/simple/powerpc.c + ${SRC_DIR}/src/liblzma/simple/riscv.c ${SRC_DIR}/src/liblzma/simple/simple_coder.c ${SRC_DIR}/src/liblzma/simple/simple_coder.h ${SRC_DIR}/src/liblzma/simple/simple_decoder.c From 9a12454c26316fc06c718f70a8463170a1a475db Mon Sep 17 00:00:00 2001 From: Konstantin Bogdanov Date: Wed, 15 Apr 2026 18:42:37 +0200 Subject: [PATCH 125/141] Fix build --- base/poco/NetSSL_OpenSSL/src/Context.cpp | 2 +- contrib/openssl-cmake/CMakeLists.txt | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/base/poco/NetSSL_OpenSSL/src/Context.cpp b/base/poco/NetSSL_OpenSSL/src/Context.cpp index 4cde1f7cd877..6a16bf525a44 100644 --- a/base/poco/NetSSL_OpenSSL/src/Context.cpp +++ b/base/poco/NetSSL_OpenSSL/src/Context.cpp @@ -408,7 +408,7 @@ void Context::flushSessionCache() poco_assert (isForServerUse()); Poco::Timestamp now; - SSL_CTX_flush_sessions(_pSSLContext, static_cast(now.epochTime())); + SSL_CTX_flush_sessions_ex(_pSSLContext, static_cast(now.epochTime())); } diff --git a/contrib/openssl-cmake/CMakeLists.txt b/contrib/openssl-cmake/CMakeLists.txt index 4d629f1ec12c..7b0e20a964b4 100644 --- a/contrib/openssl-cmake/CMakeLists.txt +++ b/contrib/openssl-cmake/CMakeLists.txt @@ -1418,7 +1418,6 @@ add_definitions(-DSTATIC_LEGACY) target_include_directories(crypto SYSTEM PUBLIC "common/include" - SYSTEM PUBLIC "${PLATFORM_DIRECTORY}/include" PRIVATE "${PLATFORM_DIRECTORY}/include_private") target_include_directories(crypto @@ -1442,9 +1441,8 @@ add_library(OpenSSL::Crypto ALIAS crypto) add_library(OpenSSL::SSL ALIAS ssl) if(OPENSSL_AUX_BUILD_FOR_CROSS_COMPILATION) - install(DIRECTORY "${PLATFORM_DIRECTORY}/include" DESTINATION "${CMAKE_BINARY_DIR}") - install(DIRECTORY "${OPENSSL_SOURCE_DIR}/include" DESTINATION "${CMAKE_BINARY_DIR}") install(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/common/include" DESTINATION "${CMAKE_BINARY_DIR}") + install(DIRECTORY "${OPENSSL_SOURCE_DIR}/include" DESTINATION "${CMAKE_BINARY_DIR}") else() install(FILES openssl.conf fipsmodule.conf DESTINATION "${CLICKHOUSE_ETC_DIR}/clickhouse-server" COMPONENT clickhouse) endif() From e83a9e5ee43f7b652034db5b3c59c517371420ae Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Fri, 17 Apr 2026 11:31:49 +0000 Subject: [PATCH 126/141] Backport #102674 to 25.8: Fix wrong date data type inference in case of overflow after timezone adjustment --- src/IO/parseDateTimeBestEffort.cpp | 9 +++++++++ ...me_timezone_boundary_range_check.reference | 4 ++++ ...datetime_timezone_boundary_range_check.sql | 20 +++++++++++++++++++ 3 files changed, 33 insertions(+) create mode 100644 tests/queries/0_stateless/04093_best_effort_datetime_timezone_boundary_range_check.reference create mode 100644 tests/queries/0_stateless/04093_best_effort_datetime_timezone_boundary_range_check.sql diff --git a/src/IO/parseDateTimeBestEffort.cpp b/src/IO/parseDateTimeBestEffort.cpp index 2b48109804cb..694dca66a262 100644 --- a/src/IO/parseDateTimeBestEffort.cpp +++ b/src/IO/parseDateTimeBestEffort.cpp @@ -793,6 +793,15 @@ ReturnType parseDateTimeBestEffortImpl( } res = *res_maybe; adjust_time_zone(); + + /// After timezone adjustment, the value may have shifted outside the valid range. + /// For example, "2106-02-07 06:28:15-01:00" is within range before adjustment, + /// but after converting to UTC it exceeds UINT32_MAX. + if constexpr (!is_64) + { + if (res < 0 || static_cast(res) > UINT32_MAX) + return false; + } } else { diff --git a/tests/queries/0_stateless/04093_best_effort_datetime_timezone_boundary_range_check.reference b/tests/queries/0_stateless/04093_best_effort_datetime_timezone_boundary_range_check.reference new file mode 100644 index 000000000000..2634ecb23695 --- /dev/null +++ b/tests/queries/0_stateless/04093_best_effort_datetime_timezone_boundary_range_check.reference @@ -0,0 +1,4 @@ +2106-02-07 07:28:15.000000000 Nullable(DateTime64(9)) +1969-12-31 23:00:00.000000000 Nullable(DateTime64(9)) +2106-02-07 05:28:15 Nullable(DateTime) +1970-01-01 00:00:00 Nullable(DateTime) diff --git a/tests/queries/0_stateless/04093_best_effort_datetime_timezone_boundary_range_check.sql b/tests/queries/0_stateless/04093_best_effort_datetime_timezone_boundary_range_check.sql new file mode 100644 index 000000000000..ec4567169f5b --- /dev/null +++ b/tests/queries/0_stateless/04093_best_effort_datetime_timezone_boundary_range_check.sql @@ -0,0 +1,20 @@ +-- Tags: no-fasttest +-- Test for missing range check after adjust_time_zone in parseDateTimeBestEffortImpl +-- https://github.com/ClickHouse/ClickHouse/issues/102601 + +SET session_timezone = 'UTC'; +SET date_time_input_format = 'best_effort'; + +-- Upper boundary: 2106-02-07 06:28:15 UTC is exactly UINT32_MAX. +-- With -01:00 offset, UTC time is 2106-02-07 07:28:15, which exceeds UINT32_MAX. +-- Should be inferred as DateTime64, not DateTime with wrap-around. +SELECT d, toTypeName(d) FROM format(JSONEachRow, '{"d" : "2106-02-07 06:28:15-01:00"}'); + +-- Lower boundary: 1970-01-01 00:00:00 UTC is timestamp 0. +-- With +01:00 offset, UTC time is 1969-12-31 23:00:00, which is negative. +-- Should be inferred as DateTime64, not DateTime with clamped value. +SELECT d, toTypeName(d) FROM format(JSONEachRow, '{"d" : "1970-01-01 00:00:00+01:00"}'); + +-- Control: values that SHOULD remain DateTime (timezone adjustment stays within range) +SELECT d, toTypeName(d) FROM format(JSONEachRow, '{"d" : "2106-02-07 06:28:15+01:00"}'); +SELECT d, toTypeName(d) FROM format(JSONEachRow, '{"d" : "1970-01-01 01:00:00+01:00"}'); From 659b38c1aff2f752c7b817f1a2a57a45e0f37278 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Fri, 17 Apr 2026 14:40:08 +0000 Subject: [PATCH 127/141] Backport #102915 to 25.8: Optimize row policy OR-chains to IN in the new analyzer --- src/Planner/Utils.cpp | 7 ++++ ..._policy_disjunction_optimization.reference | 8 +++++ ...98_row_policy_disjunction_optimization.sql | 36 +++++++++++++++++++ 3 files changed, 51 insertions(+) create mode 100644 tests/queries/0_stateless/04098_row_policy_disjunction_optimization.reference create mode 100644 tests/queries/0_stateless/04098_row_policy_disjunction_optimization.sql diff --git a/src/Planner/Utils.cpp b/src/Planner/Utils.cpp index f9e1d0bbf4d9..783e946240bf 100644 --- a/src/Planner/Utils.cpp +++ b/src/Planner/Utils.cpp @@ -38,6 +38,7 @@ #include #include #include +#include #include #include @@ -486,6 +487,12 @@ FilterDAGInfo buildFilterInfo(ASTPtr filter_expression, QueryAnalysisPass query_analysis_pass(table_expression); query_analysis_pass.run(filter_query_tree, query_context); + /// Optimize logical expressions in the filter, e.g. convert OR-chains of + /// equalities into IN (important for row policies that produce many + /// permissive conditions like `x = 1 OR x = 2 OR ... OR x = N`). + LogicalExpressionOptimizerPass logical_expression_optimizer_pass; + logical_expression_optimizer_pass.run(filter_query_tree, query_context); + return buildFilterInfo(std::move(filter_query_tree), table_expression, planner_context, std::move(table_expression_required_names_without_filter)); } diff --git a/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.reference b/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.reference new file mode 100644 index 000000000000..67d82bc6da81 --- /dev/null +++ b/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.reference @@ -0,0 +1,8 @@ +old analyzer + Row level filter column: in(id, (1, 3, 5)) (removed) +new analyzer + Row level filter column: in(id, __set_UInt64_) (removed) +result +1 +3 +5 diff --git a/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.sql b/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.sql new file mode 100644 index 000000000000..e97074ad7079 --- /dev/null +++ b/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.sql @@ -0,0 +1,36 @@ +-- Tags: no-parallel, no-parallel-replicas + +DROP TABLE IF EXISTS t_row_policy_or; +CREATE TABLE t_row_policy_or (id UInt64, value String) ENGINE = MergeTree ORDER BY id; +INSERT INTO t_row_policy_or SELECT number, toString(number) FROM numbers(10); + +DROP ROW POLICY IF EXISTS 04098_p1 ON t_row_policy_or; +DROP ROW POLICY IF EXISTS 04098_p2 ON t_row_policy_or; +DROP ROW POLICY IF EXISTS 04098_p3 ON t_row_policy_or; + +CREATE ROW POLICY 04098_p1 ON t_row_policy_or USING id = 1 AS permissive TO ALL; +CREATE ROW POLICY 04098_p2 ON t_row_policy_or USING id = 3 AS permissive TO ALL; +CREATE ROW POLICY 04098_p3 ON t_row_policy_or USING id = 5 AS permissive TO ALL; + +-- With the old analyzer the OR chain is converted to IN by LogicalExpressionsOptimizer. +-- With the new analyzer the same should happen via LogicalExpressionOptimizerPass +-- applied to the row policy filter in buildFilterInfo. + +SET enable_analyzer = 0; +SELECT 'old analyzer'; +SELECT explain FROM (EXPLAIN actions = 1 SELECT id FROM t_row_policy_or) +WHERE explain LIKE '%Row level filter column:%'; + +SET enable_analyzer = 1; +SELECT 'new analyzer'; +SELECT replaceRegexpOne(explain, '__set_UInt64_\\d+_\\d+', '__set_UInt64_') +FROM (EXPLAIN actions = 1 SELECT id FROM t_row_policy_or) +WHERE explain LIKE '%Row level filter column:%'; + +SELECT 'result'; +SELECT id FROM t_row_policy_or ORDER BY id; + +DROP ROW POLICY 04098_p1 ON t_row_policy_or; +DROP ROW POLICY 04098_p2 ON t_row_policy_or; +DROP ROW POLICY 04098_p3 ON t_row_policy_or; +DROP TABLE t_row_policy_or; From 3f6c029ea990d9a368094e971a131a949776a0d0 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Fri, 17 Apr 2026 18:01:21 +0000 Subject: [PATCH 128/141] Update autogenerated version to 25.8.22.28 and contributors --- cmake/autogenerated_versions.txt | 10 +++++----- .../System/StorageSystemContributors.generated.cpp | 1 + 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/cmake/autogenerated_versions.txt b/cmake/autogenerated_versions.txt index f114a1e87bcf..3f721de321fe 100644 --- a/cmake/autogenerated_versions.txt +++ b/cmake/autogenerated_versions.txt @@ -2,11 +2,11 @@ # NOTE: VERSION_REVISION has nothing common with DBMS_TCP_PROTOCOL_VERSION, # only DBMS_TCP_PROTOCOL_VERSION should be incremented on protocol changes. -SET(VERSION_REVISION 54522) +SET(VERSION_REVISION 54523) SET(VERSION_MAJOR 25) SET(VERSION_MINOR 8) -SET(VERSION_PATCH 22) -SET(VERSION_GITHASH 099badce0f7744623716d4efa2971d3e1c63d1cf) -SET(VERSION_DESCRIBE v25.8.22.1-lts) -SET(VERSION_STRING 25.8.22.1) +SET(VERSION_PATCH 23) +SET(VERSION_GITHASH 6d29497525664acca46a1d1cd0d5787e9ad0857d) +SET(VERSION_DESCRIBE v25.8.23.1-lts) +SET(VERSION_STRING 25.8.23.1) # end of autochange diff --git a/src/Storages/System/StorageSystemContributors.generated.cpp b/src/Storages/System/StorageSystemContributors.generated.cpp index 064736620152..d85cb2413c66 100644 --- a/src/Storages/System/StorageSystemContributors.generated.cpp +++ b/src/Storages/System/StorageSystemContributors.generated.cpp @@ -1089,6 +1089,7 @@ const char * auto_contributors[] { "Rafael Acevedo", "Rafael David Tinoco", "Rafael Roquetto", + "Rahul", "Rajakavitha Kodhandapani", "Rajkumar", "Rajkumar Varada", From 9201c773d3a5136a6027f204a43fe0f5c5dd74c8 Mon Sep 17 00:00:00 2001 From: Rahul <254529899+motsc@users.noreply.github.com> Date: Mon, 20 Apr 2026 06:39:13 -0700 Subject: [PATCH 129/141] Upgrade distroless base image from cc-debian12 to cc-debian13 cc-debian12 has 16 CVEs (3 HIGH in libssl3 3.0.18), giving Docker Scout a D score. cc-debian13 has zero CVEs. Pin digests from 2026-04-20. --- docker/keeper/Dockerfile.distroless | 12 ++++++------ docker/server/Dockerfile.distroless | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/docker/keeper/Dockerfile.distroless b/docker/keeper/Dockerfile.distroless index 37491d02f883..a2f17591262c 100644 --- a/docker/keeper/Dockerfile.distroless +++ b/docker/keeper/Dockerfile.distroless @@ -3,8 +3,8 @@ # The entrypoint is the compiled `clickhouse docker-init --keeper` subcommand. # # Build targets: -# production — gcr.io/distroless/cc-debian12:nonroot (default) -# debug — gcr.io/distroless/cc-debian12:debug-nonroot (includes busybox shell) +# production — gcr.io/distroless/cc-debian13:nonroot (default) +# debug — gcr.io/distroless/cc-debian13:debug-nonroot (includes busybox shell) # # Usage: # docker build -f Dockerfile.distroless --target production -t clickhouse/clickhouse-keeper:distroless . @@ -138,8 +138,8 @@ RUN mkdir -p \ # ────────────────────────────────────────────────────────────────────────────── # Stage 2: Production distroless image. # ────────────────────────────────────────────────────────────────────────────── -# Pinned 2026-03-10. Refresh: docker pull gcr.io/distroless/cc-debian12:nonroot && docker inspect --format='{{index .RepoDigests 0}}' gcr.io/distroless/cc-debian12:nonroot -FROM gcr.io/distroless/cc-debian12:nonroot@sha256:7e5b8df2f4d36f5599ef4ab856d7d444922531709becb03f3368c6d797d0a5eb AS production +# Pinned 2026-04-20. Refresh: docker pull gcr.io/distroless/cc-debian13:nonroot && docker inspect --format='{{index .RepoDigests 0}}' gcr.io/distroless/cc-debian13:nonroot +FROM gcr.io/distroless/cc-debian13:nonroot@sha256:9c4fe2381c2e6d53c4cfdefeff6edbd2a67ec7713e2c3ca6653806cbdbf27a1e AS production COPY --from=ch-builder /output/ / @@ -161,8 +161,8 @@ ENTRYPOINT ["/usr/bin/clickhouse", "docker-init", "--keeper"] # Stage 3: Debug image — same as production but includes the busybox shell # at /busybox/sh for interactive troubleshooting. # ────────────────────────────────────────────────────────────────────────────── -# Pinned 2026-03-10. Refresh: docker pull gcr.io/distroless/cc-debian12:debug-nonroot && docker inspect --format='{{index .RepoDigests 0}}' gcr.io/distroless/cc-debian12:debug-nonroot -FROM gcr.io/distroless/cc-debian12:debug-nonroot@sha256:641f055b21555d5e4f77b7f1f3caca80840a76c4f7ae5df36a159a436941d2c2 AS debug +# Pinned 2026-04-20. Refresh: docker pull gcr.io/distroless/cc-debian13:debug-nonroot && docker inspect --format='{{index .RepoDigests 0}}' gcr.io/distroless/cc-debian13:debug-nonroot +FROM gcr.io/distroless/cc-debian13:debug-nonroot@sha256:d47b319b1047dff7cdee335e3e61468f3610fac20060653aabe3786d6ecba621 AS debug COPY --from=ch-builder /output/ / diff --git a/docker/server/Dockerfile.distroless b/docker/server/Dockerfile.distroless index bf6dbb903ebc..a1b57a2d2bcd 100644 --- a/docker/server/Dockerfile.distroless +++ b/docker/server/Dockerfile.distroless @@ -3,8 +3,8 @@ # The entrypoint is the compiled `clickhouse docker-init` subcommand. # # Build targets: -# production — gcr.io/distroless/cc-debian12:nonroot (default) -# debug — gcr.io/distroless/cc-debian12:debug-nonroot (includes busybox shell) +# production — gcr.io/distroless/cc-debian13:nonroot (default) +# debug — gcr.io/distroless/cc-debian13:debug-nonroot (includes busybox shell) # # Usage: # docker build -f Dockerfile.distroless --target production -t clickhouse/clickhouse-server:distroless . @@ -156,8 +156,8 @@ RUN { \ # ────────────────────────────────────────────────────────────────────────────── # Stage 2: Production distroless image. # ────────────────────────────────────────────────────────────────────────────── -# Pinned 2026-03-10. Refresh: docker pull gcr.io/distroless/cc-debian12:nonroot && docker inspect --format='{{index .RepoDigests 0}}' gcr.io/distroless/cc-debian12:nonroot -FROM gcr.io/distroless/cc-debian12:nonroot@sha256:7e5b8df2f4d36f5599ef4ab856d7d444922531709becb03f3368c6d797d0a5eb AS production +# Pinned 2026-04-20. Refresh: docker pull gcr.io/distroless/cc-debian13:nonroot && docker inspect --format='{{index .RepoDigests 0}}' gcr.io/distroless/cc-debian13:nonroot +FROM gcr.io/distroless/cc-debian13:nonroot@sha256:9c4fe2381c2e6d53c4cfdefeff6edbd2a67ec7713e2c3ca6653806cbdbf27a1e AS production COPY --from=ch-builder /output/ / @@ -179,8 +179,8 @@ ENTRYPOINT ["/usr/bin/clickhouse", "docker-init"] # Stage 3: Debug image — same as production but includes the busybox shell # at /busybox/sh for interactive troubleshooting. # ────────────────────────────────────────────────────────────────────────────── -# Pinned 2026-03-10. Refresh: docker pull gcr.io/distroless/cc-debian12:debug-nonroot && docker inspect --format='{{index .RepoDigests 0}}' gcr.io/distroless/cc-debian12:debug-nonroot -FROM gcr.io/distroless/cc-debian12:debug-nonroot@sha256:641f055b21555d5e4f77b7f1f3caca80840a76c4f7ae5df36a159a436941d2c2 AS debug +# Pinned 2026-04-20. Refresh: docker pull gcr.io/distroless/cc-debian13:debug-nonroot && docker inspect --format='{{index .RepoDigests 0}}' gcr.io/distroless/cc-debian13:debug-nonroot +FROM gcr.io/distroless/cc-debian13:debug-nonroot@sha256:d47b319b1047dff7cdee335e3e61468f3610fac20060653aabe3786d6ecba621 AS debug COPY --from=ch-builder /output/ / From 42b3a5fcfc93f80cedebf83cdcf869492b47f5e0 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Mon, 20 Apr 2026 17:35:43 +0000 Subject: [PATCH 130/141] Backport #103160 to 25.8: CI: disable automerge for backport branches --- ci/workflows/backport_branches.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/workflows/backport_branches.py b/ci/workflows/backport_branches.py index a69d98ce6f34..ed18efa8e9a1 100644 --- a/ci/workflows/backport_branches.py +++ b/ci/workflows/backport_branches.py @@ -48,7 +48,7 @@ enable_job_filtering_by_changes=True, enable_cache=True, enable_report=True, - enable_automerge=True, + enable_automerge=False, enable_cidb=True, enable_commit_status_on_failure=True, pre_hooks=[ From bb6aa71bdc94c4e4928f690a407899991cd68226 Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Mon, 20 Apr 2026 18:36:21 +0000 Subject: [PATCH 131/141] Backport #101918 to 25.8: Fix using wrong extreams in min-max index created on JSON column --- src/Columns/ColumnObject.cpp | 24 ++++++--- .../04076_json_in_min_max_index_bug.reference | 54 +++++++++++++++++++ .../04076_json_in_min_max_index_bug.sql | 21 ++++++++ 3 files changed, 92 insertions(+), 7 deletions(-) create mode 100644 tests/queries/0_stateless/04076_json_in_min_max_index_bug.reference create mode 100644 tests/queries/0_stateless/04076_json_in_min_max_index_bug.sql diff --git a/src/Columns/ColumnObject.cpp b/src/Columns/ColumnObject.cpp index d5d6d8876817..7e6a1e356c19 100644 --- a/src/Columns/ColumnObject.cpp +++ b/src/Columns/ColumnObject.cpp @@ -1505,16 +1505,26 @@ bool ColumnObject::isFinalized() const void ColumnObject::getExtremes(DB::Field & min, DB::Field & max) const { + min = Object(); + max = Object(); + if (empty()) + return; + + size_t min_idx = 0; + size_t max_idx = 0; + + size_t end = size(); + for (size_t i = 1; i < end; ++i) { - min = Object(); - max = Object(); - } - else - { - get(0, min); - get(0, max); + if (compareAt(i, min_idx, *this, /* nan_direction_hint = */ 1) < 0) + min_idx = i; + else if (compareAt(i, max_idx, *this, /* nan_direction_hint = */ -1) > 0) + max_idx = i; } + + get(min_idx, min); + get(max_idx, max); } void ColumnObject::prepareForSquashing(const std::vector & source_columns, size_t factor) diff --git a/tests/queries/0_stateless/04076_json_in_min_max_index_bug.reference b/tests/queries/0_stateless/04076_json_in_min_max_index_bug.reference new file mode 100644 index 000000000000..e9202056898b --- /dev/null +++ b/tests/queries/0_stateless/04076_json_in_min_max_index_bug.reference @@ -0,0 +1,54 @@ +3 +Expression (Project names) + Sorting (Sorting for ORDER BY) + Expression ((Before ORDER BY + Projection)) + Expression ((WHERE + Change column names to column identifiers)) + ReadFromMergeTree (default.t_json_minmax_idx) + Indexes: + PrimaryKey + Condition: true + Parts: 1/1 + Granules: 3/3 + Skip + Name: idx_j + Description: minmax GRANULARITY 1 + Condition: (j in (\'{"a": "2"}\', +Inf)) + Parts: 1/1 + Granules: 1/3 + Ranges: 1 +2 +Expression (Project names) + Sorting (Sorting for ORDER BY) + Expression ((Before ORDER BY + Projection)) + Expression ((WHERE + Change column names to column identifiers)) + ReadFromMergeTree (default.t_json_minmax_idx) + Indexes: + PrimaryKey + Condition: true + Parts: 1/1 + Granules: 3/3 + Skip + Name: idx_j + Description: minmax GRANULARITY 1 + Condition: (j in [\'{"a": "2"}\', \'{"a": "2"}\']) + Parts: 1/1 + Granules: 1/3 + Ranges: 1 +1 +Expression (Project names) + Sorting (Sorting for ORDER BY) + Expression ((Before ORDER BY + Projection)) + Expression ((WHERE + Change column names to column identifiers)) + ReadFromMergeTree (default.t_json_minmax_idx) + Indexes: + PrimaryKey + Condition: true + Parts: 1/1 + Granules: 3/3 + Skip + Name: idx_j + Description: minmax GRANULARITY 1 + Condition: (j in (-Inf, \'{"a": "2"}\')) + Parts: 1/1 + Granules: 1/3 + Ranges: 1 diff --git a/tests/queries/0_stateless/04076_json_in_min_max_index_bug.sql b/tests/queries/0_stateless/04076_json_in_min_max_index_bug.sql new file mode 100644 index 000000000000..cb754f3faa1e --- /dev/null +++ b/tests/queries/0_stateless/04076_json_in_min_max_index_bug.sql @@ -0,0 +1,21 @@ +-- Tags: no-parallel-replicas +-- Tag no-parallel-replicas: output of explain is different + +DROP TABLE IF EXISTS t_json_minmax_idx; + +CREATE TABLE t_json_minmax_idx (id UInt32, j JSON, INDEX idx_j j TYPE minmax GRANULARITY 1) ENGINE = MergeTree() ORDER BY id SETTINGS index_granularity=1; + +INSERT INTO t_json_minmax_idx VALUES (1, '{"a":"1"}'), (2, '{"a":"2"}'), (3, '{"a":"3"}'); + +SET enable_analyzer = 1; +SET optimize_move_to_prewhere = 1; +SET query_plan_optimize_prewhere = 1; + +SELECT id FROM t_json_minmax_idx WHERE j > '{"a":"2"}'::JSON ORDER BY id; +EXPLAIN indexes=1 SELECT id FROM t_json_minmax_idx WHERE j > '{"a":"2"}'::JSON ORDER BY id; +SELECT id FROM t_json_minmax_idx WHERE j = '{"a":"2"}'::JSON ORDER BY id; +EXPLAIN indexes=1 SELECT id FROM t_json_minmax_idx WHERE j = '{"a":"2"}'::JSON ORDER BY id; +SELECT id FROM t_json_minmax_idx WHERE j < '{"a":"2"}'::JSON ORDER BY id; +EXPLAIN indexes=1 SELECT id FROM t_json_minmax_idx WHERE j < '{"a":"2"}'::JSON ORDER BY id; + +DROP TABLE IF EXISTS t_json_minmax_idx; From ac8c55c0245d015f8b8a8961b7ffbe70a6c4e6dc Mon Sep 17 00:00:00 2001 From: Azat Khuzhin Date: Tue, 21 Apr 2026 16:49:46 +0200 Subject: [PATCH 132/141] Update 04098_row_policy_disjunction_optimization In 25.8 the row policy filter is rendered as a separate Filter step ("Filter (Row-level security filter)" / "Filter column: ...") instead of the "Row level filter column:" line produced by master's ReadFromMergeTree. The test's LIKE predicate therefore matched nothing. Additionally, with default settings the policy predicate is moved to PREWHERE, so disable optimize_move_to_prewhere to keep the filter in the dedicated Row-level security Filter step and get a stable plan. Match on "Filter column: in(" and trim leading spaces so the reference does not depend on indentation. --- ...04098_row_policy_disjunction_optimization.reference | 4 ++-- .../04098_row_policy_disjunction_optimization.sql | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.reference b/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.reference index 67d82bc6da81..30678f7b7969 100644 --- a/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.reference +++ b/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.reference @@ -1,7 +1,7 @@ old analyzer - Row level filter column: in(id, (1, 3, 5)) (removed) +Filter column: in(id, (1, 3, 5)) (removed) new analyzer - Row level filter column: in(id, __set_UInt64_) (removed) +Filter column: in(id, __set_UInt64_) (removed) result 1 3 diff --git a/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.sql b/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.sql index e97074ad7079..2e8f5a9b76bc 100644 --- a/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.sql +++ b/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.sql @@ -18,14 +18,14 @@ CREATE ROW POLICY 04098_p3 ON t_row_policy_or USING id = 5 AS permissive TO ALL; SET enable_analyzer = 0; SELECT 'old analyzer'; -SELECT explain FROM (EXPLAIN actions = 1 SELECT id FROM t_row_policy_or) -WHERE explain LIKE '%Row level filter column:%'; +SELECT trim(BOTH ' ' FROM explain) FROM (EXPLAIN actions = 1 SELECT id FROM t_row_policy_or SETTINGS optimize_move_to_prewhere = 0) +WHERE explain LIKE '%Filter column: in(%'; SET enable_analyzer = 1; SELECT 'new analyzer'; -SELECT replaceRegexpOne(explain, '__set_UInt64_\\d+_\\d+', '__set_UInt64_') -FROM (EXPLAIN actions = 1 SELECT id FROM t_row_policy_or) -WHERE explain LIKE '%Row level filter column:%'; +SELECT trim(BOTH ' ' FROM replaceRegexpOne(explain, '__set_UInt64_\\d+_\\d+', '__set_UInt64_')) +FROM (EXPLAIN actions = 1 SELECT id FROM t_row_policy_or SETTINGS optimize_move_to_prewhere = 0) +WHERE explain LIKE '%Filter column: in(%'; SELECT 'result'; SELECT id FROM t_row_policy_or ORDER BY id; From e854a5fe927d7364b4dd590147c1179b1e3e9f4e Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Tue, 21 Apr 2026 21:29:46 +0000 Subject: [PATCH 133/141] Backport #102692 to 25.8: Fix flattened Dynamic type serialization with binary encoded data types --- .../Serializations/SerializationDynamic.cpp | 2 +- ...dynamic_native_encode_types_binary.reference | 3 +++ ...ttened_dynamic_native_encode_types_binary.sh | 17 +++++++++++++++++ 3 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 tests/queries/0_stateless/04094_flattened_dynamic_native_encode_types_binary.reference create mode 100755 tests/queries/0_stateless/04094_flattened_dynamic_native_encode_types_binary.sh diff --git a/src/DataTypes/Serializations/SerializationDynamic.cpp b/src/DataTypes/Serializations/SerializationDynamic.cpp index 5864b6a6e585..e21836f408bf 100644 --- a/src/DataTypes/Serializations/SerializationDynamic.cpp +++ b/src/DataTypes/Serializations/SerializationDynamic.cpp @@ -160,7 +160,7 @@ void SerializationDynamic::serializeBinaryBulkStatePrefix( for (const auto & type : flattened_column.types) { if (settings.native_format && settings.format_settings && settings.format_settings->native.encode_types_in_binary_format) - encodeDataType(type); + encodeDataType(type, *stream); else writeStringBinary(type->getName(), *stream); } diff --git a/tests/queries/0_stateless/04094_flattened_dynamic_native_encode_types_binary.reference b/tests/queries/0_stateless/04094_flattened_dynamic_native_encode_types_binary.reference new file mode 100644 index 000000000000..664388937d73 --- /dev/null +++ b/tests/queries/0_stateless/04094_flattened_dynamic_native_encode_types_binary.reference @@ -0,0 +1,3 @@ +42 Int64 +hello String +2020-01-01 Date diff --git a/tests/queries/0_stateless/04094_flattened_dynamic_native_encode_types_binary.sh b/tests/queries/0_stateless/04094_flattened_dynamic_native_encode_types_binary.sh new file mode 100755 index 000000000000..fa66b56af53b --- /dev/null +++ b/tests/queries/0_stateless/04094_flattened_dynamic_native_encode_types_binary.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash + +CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +# shellcheck source=../shell_config.sh +. "$CURDIR"/../shell_config.sh + +# Test: flattened Dynamic serialization with encode_types_in_binary_format=1. +# encodeDataType at SerializationDynamic.cpp must use the two-arg overload +# that writes to the stream, not the one-arg overload that returns a String. + +$CLICKHOUSE_LOCAL -m -q " + CREATE TABLE test (d Dynamic(max_types=2)) ENGINE=Memory; + INSERT INTO test VALUES (42::Int64), ('hello'), ('2020-01-01'::Date); + SELECT * FROM test FORMAT Native SETTINGS + output_format_native_use_flattened_dynamic_and_json_serialization=1, + output_format_native_encode_types_in_binary_format=1; +" | $CLICKHOUSE_LOCAL --table test --input-format Native --input_format_native_decode_types_in_binary_format=1 -q "SELECT d, dynamicType(d) FROM test" From 4cce3bdc2a12f4467cbf3534ab600a9ba3cd889a Mon Sep 17 00:00:00 2001 From: avogar Date: Wed, 22 Apr 2026 11:46:26 +0000 Subject: [PATCH 134/141] Update test reference --- .../04076_json_in_min_max_index_bug.reference | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/tests/queries/0_stateless/04076_json_in_min_max_index_bug.reference b/tests/queries/0_stateless/04076_json_in_min_max_index_bug.reference index e9202056898b..702c2663b6d3 100644 --- a/tests/queries/0_stateless/04076_json_in_min_max_index_bug.reference +++ b/tests/queries/0_stateless/04076_json_in_min_max_index_bug.reference @@ -12,10 +12,9 @@ Expression (Project names) Skip Name: idx_j Description: minmax GRANULARITY 1 - Condition: (j in (\'{"a": "2"}\', +Inf)) Parts: 1/1 Granules: 1/3 - Ranges: 1 + Ranges: 1 2 Expression (Project names) Sorting (Sorting for ORDER BY) @@ -30,10 +29,9 @@ Expression (Project names) Skip Name: idx_j Description: minmax GRANULARITY 1 - Condition: (j in [\'{"a": "2"}\', \'{"a": "2"}\']) Parts: 1/1 Granules: 1/3 - Ranges: 1 + Ranges: 1 1 Expression (Project names) Sorting (Sorting for ORDER BY) @@ -48,7 +46,6 @@ Expression (Project names) Skip Name: idx_j Description: minmax GRANULARITY 1 - Condition: (j in (-Inf, \'{"a": "2"}\')) Parts: 1/1 Granules: 1/3 - Ranges: 1 + Ranges: 1 From 457bc28f980b5c10bdf49ae1da10c9da8df5d1cd Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Thu, 23 Apr 2026 00:56:11 +0000 Subject: [PATCH 135/141] Backport #103392 to 25.8: Check for malformed flattened Dynamic data in Native format --- .../SerializationDynamicHelpers.cpp | 12 ++++++++++++ ..._dynamic_flattened_malformed_index.reference | 1 + .../04108_dynamic_flattened_malformed_index.sh | 16 ++++++++++++++++ .../dynamic_flattened_bad_index.native | Bin 0 -> 64 bytes 4 files changed, 29 insertions(+) create mode 100644 tests/queries/0_stateless/04108_dynamic_flattened_malformed_index.reference create mode 100755 tests/queries/0_stateless/04108_dynamic_flattened_malformed_index.sh create mode 100644 tests/queries/0_stateless/data_native/dynamic_flattened_bad_index.native diff --git a/src/DataTypes/Serializations/SerializationDynamicHelpers.cpp b/src/DataTypes/Serializations/SerializationDynamicHelpers.cpp index 7736a875540d..8c4f0dd67f1b 100644 --- a/src/DataTypes/Serializations/SerializationDynamicHelpers.cpp +++ b/src/DataTypes/Serializations/SerializationDynamicHelpers.cpp @@ -14,6 +14,7 @@ namespace DB namespace ErrorCodes { extern const int LOGICAL_ERROR; + extern const int INCORRECT_DATA; } namespace @@ -157,6 +158,17 @@ void fillDynamicColumn( for (size_t i = 0; i != indexes_data.size(); ++i) { auto index = indexes_data[i]; + if (index > null_index) + throw Exception( + ErrorCodes::INCORRECT_DATA, + "Incorrect index {} in indexes column of flattened Dynamic column at row {}: " + "the index should be in range [0, {}] (there are {} types, index {} is reserved for NULL values)", + static_cast(index), + i, + null_index, + flattened_column.types.size(), + null_index); + if (index == null_index) { local_discriminators.push_back(ColumnVariant::NULL_DISCRIMINATOR); diff --git a/tests/queries/0_stateless/04108_dynamic_flattened_malformed_index.reference b/tests/queries/0_stateless/04108_dynamic_flattened_malformed_index.reference new file mode 100644 index 000000000000..336d78135719 --- /dev/null +++ b/tests/queries/0_stateless/04108_dynamic_flattened_malformed_index.reference @@ -0,0 +1 @@ +Incorrect index 10 in indexes column of flattened Dynamic column at row 2: the index should be in range [0, 2] (there are 2 types, index 2 is reserved for NULL values) diff --git a/tests/queries/0_stateless/04108_dynamic_flattened_malformed_index.sh b/tests/queries/0_stateless/04108_dynamic_flattened_malformed_index.sh new file mode 100755 index 000000000000..027009815edb --- /dev/null +++ b/tests/queries/0_stateless/04108_dynamic_flattened_malformed_index.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash +# Tags: no-fasttest + +CUR_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +# shellcheck source=../shell_config.sh +. "$CUR_DIR"/../shell_config.sh + +# Test that reading a Native file with a corrupted index in flattened Dynamic +# serialization produces an informative error message instead of a crash. +# +# The file data_native/dynamic_flattened_bad_index.native is a pregenerated +# Native file with flattened Dynamic serialization for Dynamic(max_types=2) +# containing 3 rows: (42::Int64, 'hello', NULL). The NULL index byte (value 2) +# was changed to 10, which exceeds the valid range [0, 2]. + +$CLICKHOUSE_LOCAL --table test --input-format Native -q "SELECT * FROM test" < "${CUR_DIR}/data_native/dynamic_flattened_bad_index.native" 2>&1 | grep -o 'Incorrect index.*reserved for NULL values)' diff --git a/tests/queries/0_stateless/data_native/dynamic_flattened_bad_index.native b/tests/queries/0_stateless/data_native/dynamic_flattened_bad_index.native new file mode 100644 index 0000000000000000000000000000000000000000..787e73ad1e27f15e99e97f1de6a8ac8d471548c3 GIT binary patch literal 64 zcmZQ%W=s)rsmx2v%}mzFO{|D7sVqn>wl&gZW`F=DR?oZ=GZVJplA_GKbOuH)EvN)* JMruw@J^=RG4o3h0 literal 0 HcmV?d00001 From 5f8b23ca16d5500aa8c2574a7dfc6533d405dfa2 Mon Sep 17 00:00:00 2001 From: Rahul <254529899+motsc@users.noreply.github.com> Date: Sun, 26 Apr 2026 22:46:04 -0700 Subject: [PATCH 136/141] Refresh distroless base image digests to pick up libssl3t64 3.5.5-1~deb13u2 Mend.io scan found 1 CRITICAL + 4 HIGH CVEs in libssl3t64 3.5.5-1~deb13u1 (CVE-2026-31789, CVE-2026-28387..28390). All fixed in 3.5.5-1~deb13u2. Pin digests from 2026-04-26. --- docker/keeper/Dockerfile.distroless | 8 ++++---- docker/server/Dockerfile.distroless | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docker/keeper/Dockerfile.distroless b/docker/keeper/Dockerfile.distroless index a2f17591262c..cb72dac78208 100644 --- a/docker/keeper/Dockerfile.distroless +++ b/docker/keeper/Dockerfile.distroless @@ -138,8 +138,8 @@ RUN mkdir -p \ # ────────────────────────────────────────────────────────────────────────────── # Stage 2: Production distroless image. # ────────────────────────────────────────────────────────────────────────────── -# Pinned 2026-04-20. Refresh: docker pull gcr.io/distroless/cc-debian13:nonroot && docker inspect --format='{{index .RepoDigests 0}}' gcr.io/distroless/cc-debian13:nonroot -FROM gcr.io/distroless/cc-debian13:nonroot@sha256:9c4fe2381c2e6d53c4cfdefeff6edbd2a67ec7713e2c3ca6653806cbdbf27a1e AS production +# Pinned 2026-04-26. Refresh: docker pull gcr.io/distroless/cc-debian13:nonroot && docker inspect --format='{{index .RepoDigests 0}}' gcr.io/distroless/cc-debian13:nonroot +FROM gcr.io/distroless/cc-debian13:nonroot@sha256:8f960b7fc6a5d6e28bb07f982655925d6206678bd9a6cde2ad00ddb5e2077d78 AS production COPY --from=ch-builder /output/ / @@ -161,8 +161,8 @@ ENTRYPOINT ["/usr/bin/clickhouse", "docker-init", "--keeper"] # Stage 3: Debug image — same as production but includes the busybox shell # at /busybox/sh for interactive troubleshooting. # ────────────────────────────────────────────────────────────────────────────── -# Pinned 2026-04-20. Refresh: docker pull gcr.io/distroless/cc-debian13:debug-nonroot && docker inspect --format='{{index .RepoDigests 0}}' gcr.io/distroless/cc-debian13:debug-nonroot -FROM gcr.io/distroless/cc-debian13:debug-nonroot@sha256:d47b319b1047dff7cdee335e3e61468f3610fac20060653aabe3786d6ecba621 AS debug +# Pinned 2026-04-26. Refresh: docker pull gcr.io/distroless/cc-debian13:debug-nonroot && docker inspect --format='{{index .RepoDigests 0}}' gcr.io/distroless/cc-debian13:debug-nonroot +FROM gcr.io/distroless/cc-debian13:debug-nonroot@sha256:55dd32378f7562c890342098a04726f4ef386bb86c87bec3db6ed4eef27d99fb AS debug COPY --from=ch-builder /output/ / diff --git a/docker/server/Dockerfile.distroless b/docker/server/Dockerfile.distroless index a1b57a2d2bcd..d10e2efe8d36 100644 --- a/docker/server/Dockerfile.distroless +++ b/docker/server/Dockerfile.distroless @@ -156,8 +156,8 @@ RUN { \ # ────────────────────────────────────────────────────────────────────────────── # Stage 2: Production distroless image. # ────────────────────────────────────────────────────────────────────────────── -# Pinned 2026-04-20. Refresh: docker pull gcr.io/distroless/cc-debian13:nonroot && docker inspect --format='{{index .RepoDigests 0}}' gcr.io/distroless/cc-debian13:nonroot -FROM gcr.io/distroless/cc-debian13:nonroot@sha256:9c4fe2381c2e6d53c4cfdefeff6edbd2a67ec7713e2c3ca6653806cbdbf27a1e AS production +# Pinned 2026-04-26. Refresh: docker pull gcr.io/distroless/cc-debian13:nonroot && docker inspect --format='{{index .RepoDigests 0}}' gcr.io/distroless/cc-debian13:nonroot +FROM gcr.io/distroless/cc-debian13:nonroot@sha256:8f960b7fc6a5d6e28bb07f982655925d6206678bd9a6cde2ad00ddb5e2077d78 AS production COPY --from=ch-builder /output/ / @@ -179,8 +179,8 @@ ENTRYPOINT ["/usr/bin/clickhouse", "docker-init"] # Stage 3: Debug image — same as production but includes the busybox shell # at /busybox/sh for interactive troubleshooting. # ────────────────────────────────────────────────────────────────────────────── -# Pinned 2026-04-20. Refresh: docker pull gcr.io/distroless/cc-debian13:debug-nonroot && docker inspect --format='{{index .RepoDigests 0}}' gcr.io/distroless/cc-debian13:debug-nonroot -FROM gcr.io/distroless/cc-debian13:debug-nonroot@sha256:d47b319b1047dff7cdee335e3e61468f3610fac20060653aabe3786d6ecba621 AS debug +# Pinned 2026-04-26. Refresh: docker pull gcr.io/distroless/cc-debian13:debug-nonroot && docker inspect --format='{{index .RepoDigests 0}}' gcr.io/distroless/cc-debian13:debug-nonroot +FROM gcr.io/distroless/cc-debian13:debug-nonroot@sha256:55dd32378f7562c890342098a04726f4ef386bb86c87bec3db6ed4eef27d99fb AS debug COPY --from=ch-builder /output/ / From ebe77effafa150b62a6714101e9082f3a575dd50 Mon Sep 17 00:00:00 2001 From: robot-ch-test-poll1 <47390204+robot-ch-test-poll1@users.noreply.github.com> Date: Tue, 28 Apr 2026 12:44:35 +0200 Subject: [PATCH 137/141] Backport #103334 to 25.8: Fix Parquet ColumnIndex stats min_value > max_value for String columns (#103663) Co-authored-by: robot-clickhouse --- src/Processors/Formats/Impl/Parquet/Write.cpp | 17 +++++--- src/Processors/Formats/Impl/Parquet/Write.h | 3 ++ .../tests/gtest_write_parquet_page_index.cpp | 42 +++++++++++++++++++ 3 files changed, 56 insertions(+), 6 deletions(-) diff --git a/src/Processors/Formats/Impl/Parquet/Write.cpp b/src/Processors/Formats/Impl/Parquet/Write.cpp index 2102f50f879d..352131c7ff20 100644 --- a/src/Processors/Formats/Impl/Parquet/Write.cpp +++ b/src/Processors/Formats/Impl/Parquet/Write.cpp @@ -220,14 +220,12 @@ struct StatisticsStringRef parq::Statistics s; if (min.ptr == nullptr) return s; - if (static_cast(min.len) <= options.max_statistics_size) + if (static_cast(min.len) <= options.max_statistics_size + && static_cast(max.len) <= options.max_statistics_size) { s.__set_min_value(std::string(reinterpret_cast(min.ptr), static_cast(min.len))); - s.__set_is_min_value_exact(true); - } - if (static_cast(max.len) <= options.max_statistics_size) - { s.__set_max_value(std::string(reinterpret_cast(max.ptr), static_cast(max.len))); + s.__set_is_min_value_exact(true); s.__set_is_max_value_exact(true); } return s; @@ -250,7 +248,7 @@ struct StatisticsStringRef int t = memcmp(a.ptr, b.ptr, std::min(a.len, b.len)); if (t != 0) return t; - return a.len - b.len; + return int(a.len) - int(b.len); } }; @@ -829,6 +827,10 @@ void writeColumnImpl( if (options.write_page_index) { bool all_null_page = data_count == 0; + bool has_stats = page_stats.__isset.min_value && page_stats.__isset.max_value; + if (!all_null_page && !has_stats) + s.indexes.column_index_valid = false; + s.indexes.column_index.min_values.push_back(page_stats.min_value); s.indexes.column_index.max_values.push_back(page_stats.max_value); if (has_null_count) @@ -1265,6 +1267,9 @@ static void writePageIndex(FileWriteState & file, WriteBuffer & out) chassert(rg.column_indexes.size() == rg.row_group.columns.size()); for (size_t j = 0; j < rg.column_indexes.size(); ++j) { + if (!rg.column_indexes.at(j).column_index_valid) + continue; + auto & column = rg.row_group.columns.at(j); column.__set_column_index_offset(file.offset); size_t length = serializeThriftStruct(rg.column_indexes.at(j).column_index, out); diff --git a/src/Processors/Formats/Impl/Parquet/Write.h b/src/Processors/Formats/Impl/Parquet/Write.h index bf027227e6d1..36355ac2f048 100644 --- a/src/Processors/Formats/Impl/Parquet/Write.h +++ b/src/Processors/Formats/Impl/Parquet/Write.h @@ -75,6 +75,9 @@ struct ColumnChunkIndexes { parq::ColumnIndex column_index; // if write_page_index parq::OffsetIndex offset_index; // if write_page_index + /// Set to false when a non-null page has stats dropped (e.g. value exceeded max_statistics_size). + /// When false, the column index must not be written because it would contain invalid bounds. + bool column_index_valid = true; parq::BloomFilterHeader bloom_filter_header; PODArray bloom_filter_data; // if write_bloom_filter, and not flushed yet }; diff --git a/src/Processors/tests/gtest_write_parquet_page_index.cpp b/src/Processors/tests/gtest_write_parquet_page_index.cpp index 789f3beca67a..9674703dcbfd 100644 --- a/src/Processors/tests/gtest_write_parquet_page_index.cpp +++ b/src/Processors/tests/gtest_write_parquet_page_index.cpp @@ -367,5 +367,47 @@ TEST(Parquet, WriteParquetPageIndexArrowEncoder) /// arrow doesn't write statistics to data page headers /*expect_statistics_in_page_headers*/ false); } + +/// Regression test for https://github.com/ClickHouse/ClickHouse/issues/103039 +/// When a page has a short min and a long max (exceeding max_statistics_size=4096), +/// the column index must not be written because it would contain invalid bounds +/// (e.g. min_value="a", max_value="" which violates min <= max). +TEST(Parquet, WriteParquetPageIndexOversizedStringStats) +{ + FormatSettings format_settings; + format_settings.parquet.row_group_rows = 10000; + format_settings.parquet.use_custom_encoder = true; + format_settings.parquet.parallel_encoding = false; + format_settings.parquet.write_page_index = true; + format_settings.parquet.data_page_size = 32; + + std::vector> values; + std::vector col; + col.push_back("a"); + col.push_back(String(5000, 'z')); + values.push_back(col); + + auto source = multiColumnsSource( + {std::make_shared()}, values, 1); + String path = "/tmp/test_oversized_stats.parquet"; + writeParquet(source, format_settings, path); + + auto reader = parquet::ParquetFileReader::OpenFile(path); + auto metadata = reader->metadata(); + + ASSERT_EQ(metadata->num_row_groups(), 1); + auto row_group = metadata->RowGroup(0); + ASSERT_EQ(row_group->num_columns(), 1); + + auto column_chunk = row_group->ColumnChunk(0); + auto column_index_location = column_chunk->GetColumnIndexLocation(); + auto offset_index_location = column_chunk->GetOffsetIndexLocation(); + + ASSERT_FALSE(column_index_location.has_value()); + + ASSERT_TRUE(offset_index_location.has_value()); + ASSERT_GT(offset_index_location.value().offset, 0); + ASSERT_GT(offset_index_location.value().length, 0); +} } #endif From e69ef71403f28cf373bf8dcbe8bfb08e45f34d7e Mon Sep 17 00:00:00 2001 From: robot-clickhouse Date: Fri, 1 May 2026 16:34:16 +0000 Subject: [PATCH 138/141] Backport #103834 to 25.8: Reliable key receiving from a chain of keyservers --- docker/keeper/Dockerfile.distroless | 15 +++++++++++---- docker/server/Dockerfile.distroless | 15 +++++++++++---- docker/server/Dockerfile.ubuntu | 15 +++++++++++---- 3 files changed, 33 insertions(+), 12 deletions(-) diff --git a/docker/keeper/Dockerfile.distroless b/docker/keeper/Dockerfile.distroless index cb72dac78208..1adc6a362498 100644 --- a/docker/keeper/Dockerfile.distroless +++ b/docker/keeper/Dockerfile.distroless @@ -80,10 +80,17 @@ RUN clickhouse local -q 'SELECT 1' >/dev/null 2>&1 && exit 0 || : \ && apt-get install --yes --no-install-recommends dirmngr gnupg2 \ && mkdir -p /etc/apt/sources.list.d \ && GNUPGHOME=$(mktemp -d) \ - && GNUPGHOME="$GNUPGHOME" gpg --batch --no-default-keyring \ - --keyring /usr/share/keyrings/clickhouse-keyring.gpg \ - --keyserver hkp://keyserver.ubuntu.com:80 \ - --recv-keys 3a9ea1193a97b548be1457d48919f6bd2b48d754 \ + && ( set +e; \ + for KEYSERVER in \ + hkp://keys.openpgp.org:80 \ + hkp://pgp.mit.edu:80 \ + hkp://keyserver.ubuntu.com:80; do \ + GNUPGHOME="$GNUPGHOME" gpg --batch --no-default-keyring \ + --keyring /usr/share/keyrings/clickhouse-keyring.gpg \ + --keyserver "$KEYSERVER" \ + --recv-keys 3a9ea1193a97b548be1457d48919f6bd2b48d754 && break; \ + done || exit 1 \ + ) \ && rm -rf "$GNUPGHOME" \ && chmod +r /usr/share/keyrings/clickhouse-keyring.gpg \ && echo "${REPOSITORY}" > /etc/apt/sources.list.d/clickhouse.list \ diff --git a/docker/server/Dockerfile.distroless b/docker/server/Dockerfile.distroless index d10e2efe8d36..bfadfe523c36 100644 --- a/docker/server/Dockerfile.distroless +++ b/docker/server/Dockerfile.distroless @@ -87,10 +87,17 @@ RUN clickhouse local -q 'SELECT 1' >/dev/null 2>&1 && exit 0 || : \ && apt-get install --yes --no-install-recommends dirmngr gnupg2 \ && mkdir -p /etc/apt/sources.list.d \ && GNUPGHOME=$(mktemp -d) \ - && GNUPGHOME="$GNUPGHOME" gpg --batch --no-default-keyring \ - --keyring /usr/share/keyrings/clickhouse-keyring.gpg \ - --keyserver hkp://keyserver.ubuntu.com:80 \ - --recv-keys 3a9ea1193a97b548be1457d48919f6bd2b48d754 \ + && ( set +e; \ + for KEYSERVER in \ + hkp://keys.openpgp.org:80 \ + hkp://pgp.mit.edu:80 \ + hkp://keyserver.ubuntu.com:80; do \ + GNUPGHOME="$GNUPGHOME" gpg --batch --no-default-keyring \ + --keyring /usr/share/keyrings/clickhouse-keyring.gpg \ + --keyserver "$KEYSERVER" \ + --recv-keys 3a9ea1193a97b548be1457d48919f6bd2b48d754 && break; \ + done || exit 1 \ + ) \ && rm -rf "$GNUPGHOME" \ && chmod +r /usr/share/keyrings/clickhouse-keyring.gpg \ && echo "${REPOSITORY}" > /etc/apt/sources.list.d/clickhouse.list \ diff --git a/docker/server/Dockerfile.ubuntu b/docker/server/Dockerfile.ubuntu index dc9c786c115e..8e3c0dc59547 100644 --- a/docker/server/Dockerfile.ubuntu +++ b/docker/server/Dockerfile.ubuntu @@ -98,10 +98,17 @@ RUN clickhouse local -q 'SELECT 1' >/dev/null 2>&1 && exit 0 || : \ gnupg2 \ && mkdir -p /etc/apt/sources.list.d \ && GNUPGHOME=$(mktemp -d) \ - && GNUPGHOME="$GNUPGHOME" gpg --batch --no-default-keyring \ - --keyring /usr/share/keyrings/clickhouse-keyring.gpg \ - --keyserver hkp://keyserver.ubuntu.com:80 \ - --recv-keys 3a9ea1193a97b548be1457d48919f6bd2b48d754 \ + && ( set +e; \ + for KEYSERVER in \ + hkp://keys.openpgp.org:80 \ + hkp://pgp.mit.edu:80 \ + hkp://keyserver.ubuntu.com:80; do \ + GNUPGHOME="$GNUPGHOME" gpg --batch --no-default-keyring \ + --keyring /usr/share/keyrings/clickhouse-keyring.gpg \ + --keyserver "$KEYSERVER" \ + --recv-keys 3a9ea1193a97b548be1457d48919f6bd2b48d754 && break; \ + done || exit 1 \ + ) \ && rm -rf "$GNUPGHOME" \ && chmod +r /usr/share/keyrings/clickhouse-keyring.gpg \ && echo "${REPOSITORY}" > /etc/apt/sources.list.d/clickhouse.list \ From 28716f32500f8fde4b4a5acd200ba677cc167b67 Mon Sep 17 00:00:00 2001 From: Andrey Zvonov Date: Fri, 8 May 2026 00:58:22 +0200 Subject: [PATCH 139/141] Fix two stateless test references for 25.8 03707_set_index_bad_get_null_bug: the `Ranges: 0` line is rendered indented under `Skip:` (8 spaces, not 6) in 25.8's EXPLAIN output. 04098_row_policy_disjunction_optimization: in 25.8 (same as upstream master) MergeTree row-policy filters are rendered as `Row level filter column: ...` from ReadFromMergeTree::describeActions when query_info.row_level_filter is set, not `Filter column: ...`. The earlier rewrite (commit ac8c55c0) had switched to `Filter column:`, which never appears for this plan, so both LIKE filters matched zero rows. --- .../0_stateless/03707_set_index_bad_get_null_bug.reference | 2 +- .../04098_row_policy_disjunction_optimization.reference | 4 ++-- .../0_stateless/04098_row_policy_disjunction_optimization.sql | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/queries/0_stateless/03707_set_index_bad_get_null_bug.reference b/tests/queries/0_stateless/03707_set_index_bad_get_null_bug.reference index 7d5596416eb0..6c3792712ba4 100644 --- a/tests/queries/0_stateless/03707_set_index_bad_get_null_bug.reference +++ b/tests/queries/0_stateless/03707_set_index_bad_get_null_bug.reference @@ -11,4 +11,4 @@ Expression Description: set GRANULARITY 1 Parts: 0/1 Granules: 0/1 - Ranges: 0 + Ranges: 0 diff --git a/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.reference b/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.reference index 30678f7b7969..13c8485ff153 100644 --- a/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.reference +++ b/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.reference @@ -1,7 +1,7 @@ old analyzer -Filter column: in(id, (1, 3, 5)) (removed) +Row level filter column: in(id, (1, 3, 5)) (removed) new analyzer -Filter column: in(id, __set_UInt64_) (removed) +Row level filter column: in(id, __set_UInt64_) (removed) result 1 3 diff --git a/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.sql b/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.sql index 2e8f5a9b76bc..d78888bcadcb 100644 --- a/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.sql +++ b/tests/queries/0_stateless/04098_row_policy_disjunction_optimization.sql @@ -19,13 +19,13 @@ CREATE ROW POLICY 04098_p3 ON t_row_policy_or USING id = 5 AS permissive TO ALL; SET enable_analyzer = 0; SELECT 'old analyzer'; SELECT trim(BOTH ' ' FROM explain) FROM (EXPLAIN actions = 1 SELECT id FROM t_row_policy_or SETTINGS optimize_move_to_prewhere = 0) -WHERE explain LIKE '%Filter column: in(%'; +WHERE explain LIKE '%Row level filter column: in(%'; SET enable_analyzer = 1; SELECT 'new analyzer'; SELECT trim(BOTH ' ' FROM replaceRegexpOne(explain, '__set_UInt64_\\d+_\\d+', '__set_UInt64_')) FROM (EXPLAIN actions = 1 SELECT id FROM t_row_policy_or SETTINGS optimize_move_to_prewhere = 0) -WHERE explain LIKE '%Filter column: in(%'; +WHERE explain LIKE '%Row level filter column: in(%'; SELECT 'result'; SELECT id FROM t_row_policy_or ORDER BY id; From a7c15fc61a3c0d105ef9623e0d441fac1db2dc29 Mon Sep 17 00:00:00 2001 From: Andrey Zvonov Date: Sun, 10 May 2026 23:21:09 +0200 Subject: [PATCH 140/141] Fix 02735_parquet_encoder reference for new string stats behavior Backport #103334 changed StatisticsStringRef::get() to drop both min and max when either exceeds max_statistics_size, but the matching reference update from upstream master was not carried over to 25.8. Co-Authored-By: Claude Opus 4.7 (1M context) --- tests/queries/0_stateless/02735_parquet_encoder.reference | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/queries/0_stateless/02735_parquet_encoder.reference b/tests/queries/0_stateless/02735_parquet_encoder.reference index e44ce99ed46f..e0b2f5655db0 100644 --- a/tests/queries/0_stateless/02735_parquet_encoder.reference +++ b/tests/queries/0_stateless/02735_parquet_encoder.reference @@ -43,7 +43,7 @@ datetime Nullable(DateTime64(3, \'UTC\')) (1000000,NULL,NULL,'0','-1294970296') (1000000,NULL,NULL,'-2147483296','2147481000') (100000,900000,NULL,'100009','999999') -[(2,NULL,NULL,'','[]')] +[(2,NULL,NULL,NULL,NULL)] 1 1 0 1 5090915589685802007 From 9b09c0ff766a08ad581d89676fc6d4314906c1d9 Mon Sep 17 00:00:00 2001 From: Andrey Zvonov Date: Mon, 11 May 2026 10:44:12 +0200 Subject: [PATCH 141/141] Cherry-pick aws-sdk-cpp 1.11.771 checksum config fix Set RequestChecksumCalculation/ResponseChecksumValidation to WHEN_REQUIRED to prevent the new AWS SDK from injecting x-amz-checksum-mode and chunked transfer-encoding headers that MinIO does not support and that break gtest_aws_s3_client's AppendExtraSSECHeaders* tests. Same as upstream/25.8 commit c14a1921fcc (merged via PR #103542), which was not part of v25.8.23.13-lts. Co-Authored-By: Claude Opus 4.7 (1M context) --- src/IO/S3/PocoHTTPClient.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/IO/S3/PocoHTTPClient.cpp b/src/IO/S3/PocoHTTPClient.cpp index 7f8b374de4f1..a002d298710d 100644 --- a/src/IO/S3/PocoHTTPClient.cpp +++ b/src/IO/S3/PocoHTTPClient.cpp @@ -133,6 +133,11 @@ PocoHTTPClientConfiguration::PocoHTTPClientConfiguration( LOG_INFO(getLogger("PocoHTTPClientConfiguration"), "Jitter factor for the retry strategy must be within the [0, 1], clamping"); retry_strategy.jitter_factor = std::clamp(retry_strategy.jitter_factor, 0.0, 1.0); } + + /// NOTE: Without these settings AWS SDK enable transfer-encoding: chunked and content-encoding: aws-chunked + /// We don't use them and MinIO server doesn't support them. + checksumConfig.requestChecksumCalculation = Aws::Client::RequestChecksumCalculation::WHEN_REQUIRED; + checksumConfig.responseChecksumValidation = Aws::Client::ResponseChecksumValidation::WHEN_REQUIRED; } void PocoHTTPClientConfiguration::updateSchemeAndRegion()