external/boringssl: Sync to 9113e0996fd445ce187ae9dfeabfc95805b947a2.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/fa3aadcd40ec4fd27a6e9492ef099b3dcc6eb2af..9113e0996fd445ce187ae9dfeabfc95805b947a2
Test: atest CtsLibcoreTestCases
Change-Id: I31ed8a7c9481e7b42f0454f0ee64c26e17a85d52
diff --git a/BORINGSSL_REVISION b/BORINGSSL_REVISION
index 21971f5..6826a81 100644
--- a/BORINGSSL_REVISION
+++ b/BORINGSSL_REVISION
@@ -1 +1 @@
-fa3aadcd40ec4fd27a6e9492ef099b3dcc6eb2af
+9113e0996fd445ce187ae9dfeabfc95805b947a2
diff --git a/err_data.c b/err_data.c
index e295820..9546ad2 100644
--- a/err_data.c
+++ b/err_data.c
@@ -19,39 +19,39 @@
#include <openssl/type_check.h>
-OPENSSL_COMPILE_ASSERT(ERR_LIB_NONE == 1, library_values_changed_1);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_SYS == 2, library_values_changed_2);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_BN == 3, library_values_changed_3);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_RSA == 4, library_values_changed_4);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_DH == 5, library_values_changed_5);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_EVP == 6, library_values_changed_6);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_BUF == 7, library_values_changed_7);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_OBJ == 8, library_values_changed_8);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_PEM == 9, library_values_changed_9);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_DSA == 10, library_values_changed_10);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_X509 == 11, library_values_changed_11);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_ASN1 == 12, library_values_changed_12);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_CONF == 13, library_values_changed_13);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_CRYPTO == 14, library_values_changed_14);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_EC == 15, library_values_changed_15);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_SSL == 16, library_values_changed_16);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_BIO == 17, library_values_changed_17);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_PKCS7 == 18, library_values_changed_18);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_PKCS8 == 19, library_values_changed_19);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_X509V3 == 20, library_values_changed_20);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_RAND == 21, library_values_changed_21);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_ENGINE == 22, library_values_changed_22);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_OCSP == 23, library_values_changed_23);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_UI == 24, library_values_changed_24);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_COMP == 25, library_values_changed_25);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_ECDSA == 26, library_values_changed_26);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_ECDH == 27, library_values_changed_27);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_HMAC == 28, library_values_changed_28);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_DIGEST == 29, library_values_changed_29);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_CIPHER == 30, library_values_changed_30);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_HKDF == 31, library_values_changed_31);
-OPENSSL_COMPILE_ASSERT(ERR_LIB_USER == 32, library_values_changed_32);
-OPENSSL_COMPILE_ASSERT(ERR_NUM_LIBS == 33, library_values_changed_num);
+OPENSSL_STATIC_ASSERT(ERR_LIB_NONE == 1, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_SYS == 2, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_BN == 3, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_RSA == 4, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_DH == 5, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_EVP == 6, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_BUF == 7, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_OBJ == 8, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_PEM == 9, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_DSA == 10, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_X509 == 11, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_ASN1 == 12, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_CONF == 13, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_CRYPTO == 14, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_EC == 15, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_SSL == 16, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_BIO == 17, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_PKCS7 == 18, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_PKCS8 == 19, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_X509V3 == 20, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_RAND == 21, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_ENGINE == 22, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_OCSP == 23, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_UI == 24, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_COMP == 25, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_ECDSA == 26, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_ECDH == 27, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_HMAC == 28, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_DIGEST == 29, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_CIPHER == 30, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_HKDF == 31, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_USER == 32, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_NUM_LIBS == 33, "number of libraries changed");
const uint32_t kOpenSSLReasonValues[] = {
0xc32083a,
diff --git a/ios-aarch64/crypto/chacha/chacha-armv8.S b/ios-aarch64/crypto/chacha/chacha-armv8.S
index 1cb00b7..c34bb59 100644
--- a/ios-aarch64/crypto/chacha/chacha-armv8.S
+++ b/ios-aarch64/crypto/chacha/chacha-armv8.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
@@ -10,9 +13,9 @@
#endif
#include <openssl/arm_arch.h>
-.text
+.section __TEXT,__const
.align 5
Lsigma:
@@ -28,21 +31,19 @@
.byte 67,104,97,67,104,97,50,48,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align 2
+.text
+
.globl _ChaCha20_ctr32
.private_extern _ChaCha20_ctr32
.align 5
_ChaCha20_ctr32:
cbz x2,Labort
- adr x5,LOPENSSL_armcap_P
+ adrp x5,_OPENSSL_armcap_P@PAGE
cmp x2,#192
b.lo Lshort
-#ifdef __ILP32__
- ldrsw x6,[x5]
-#else
- ldr x6,[x5]
-#endif
- ldr w17,[x6,x5]
+ add x5,x5,_OPENSSL_armcap_P@PAGEOFF
+ ldr w17,[x5]
tst w17,#ARMV7_NEON
b.ne ChaCha20_neon
@@ -50,7 +51,8 @@
stp x29,x30,[sp,#-96]!
add x29,sp,#0
- adr x5,Lsigma
+ adrp x5,Lsigma@PAGE
+ add x5,x5,Lsigma@PAGEOFF
stp x19,x20,[sp,#16]
stp x21,x22,[sp,#32]
stp x23,x24,[sp,#48]
@@ -323,7 +325,8 @@
stp x29,x30,[sp,#-96]!
add x29,sp,#0
- adr x5,Lsigma
+ adrp x5,Lsigma@PAGE
+ add x5,x5,Lsigma@PAGEOFF
stp x19,x20,[sp,#16]
stp x21,x22,[sp,#32]
stp x23,x24,[sp,#48]
@@ -816,7 +819,8 @@
stp x29,x30,[sp,#-96]!
add x29,sp,#0
- adr x5,Lsigma
+ adrp x5,Lsigma@PAGE
+ add x5,x5,Lsigma@PAGEOFF
stp x19,x20,[sp,#16]
stp x21,x22,[sp,#32]
stp x23,x24,[sp,#48]
diff --git a/ios-aarch64/crypto/fipsmodule/aesv8-armx64.S b/ios-aarch64/crypto/fipsmodule/aesv8-armx64.S
index fe4742f..78e0379 100644
--- a/ios-aarch64/crypto/fipsmodule/aesv8-armx64.S
+++ b/ios-aarch64/crypto/fipsmodule/aesv8-armx64.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
@@ -13,12 +16,15 @@
#if __ARM_MAX_ARCH__>=7
.text
+.section __TEXT,__const
.align 5
Lrcon:
.long 0x01,0x01,0x01,0x01
.long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d // rotate-n-splat
.long 0x1b,0x1b,0x1b,0x1b
+.text
+
.globl _aes_hw_set_encrypt_key
.private_extern _aes_hw_set_encrypt_key
@@ -40,7 +46,8 @@
tst w1,#0x3f
b.ne Lenc_key_abort
- adr x3,Lrcon
+ adrp x3,Lrcon@PAGE
+ add x3,x3,Lrcon@PAGEOFF
cmp w1,#192
eor v0.16b,v0.16b,v0.16b
diff --git a/ios-aarch64/crypto/fipsmodule/armv8-mont.S b/ios-aarch64/crypto/fipsmodule/armv8-mont.S
index d228592..6f11fd7 100644
--- a/ios-aarch64/crypto/fipsmodule/armv8-mont.S
+++ b/ios-aarch64/crypto/fipsmodule/armv8-mont.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/ios-aarch64/crypto/fipsmodule/ghashv8-armx64.S b/ios-aarch64/crypto/fipsmodule/ghashv8-armx64.S
index 79a1df5..b0af99d 100644
--- a/ios-aarch64/crypto/fipsmodule/ghashv8-armx64.S
+++ b/ios-aarch64/crypto/fipsmodule/ghashv8-armx64.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/ios-aarch64/crypto/fipsmodule/sha1-armv8.S b/ios-aarch64/crypto/fipsmodule/sha1-armv8.S
index 17e1a56..0b91916 100644
--- a/ios-aarch64/crypto/fipsmodule/sha1-armv8.S
+++ b/ios-aarch64/crypto/fipsmodule/sha1-armv8.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
@@ -18,13 +21,8 @@
.align 6
_sha1_block_data_order:
-#ifdef __ILP32__
- ldrsw x16,LOPENSSL_armcap_P
-#else
- ldr x16,LOPENSSL_armcap_P
-#endif
- adr x17,LOPENSSL_armcap_P
- add x16,x16,x17
+ adrp x16,_OPENSSL_armcap_P@PAGE
+ add x16,x16,_OPENSSL_armcap_P@PAGEOFF
ldr w16,[x16]
tst w16,#ARMV8_SHA1
b.ne Lv8_entry
@@ -1091,7 +1089,8 @@
stp x29,x30,[sp,#-16]!
add x29,sp,#0
- adr x4,Lconst
+ adrp x4,Lconst@PAGE
+ add x4,x4,Lconst@PAGEOFF
eor v1.16b,v1.16b,v1.16b
ld1 {v0.4s},[x0],#16
ld1 {v1.s}[0],[x0]
@@ -1214,18 +1213,13 @@
ldr x29,[sp],#16
ret
+.section __TEXT,__const
.align 6
Lconst:
.long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 //K_00_19
.long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 //K_20_39
.long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc //K_40_59
.long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 //K_60_79
-LOPENSSL_armcap_P:
-#ifdef __ILP32__
-.long _OPENSSL_armcap_P-.
-#else
-.quad _OPENSSL_armcap_P-.
-#endif
.byte 83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align 2
.align 2
diff --git a/ios-aarch64/crypto/fipsmodule/sha256-armv8.S b/ios-aarch64/crypto/fipsmodule/sha256-armv8.S
index 9076eeb..617afc9 100644
--- a/ios-aarch64/crypto/fipsmodule/sha256-armv8.S
+++ b/ios-aarch64/crypto/fipsmodule/sha256-armv8.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
@@ -60,13 +63,8 @@
.align 6
_sha256_block_data_order:
#ifndef __KERNEL__
-# ifdef __ILP32__
- ldrsw x16,LOPENSSL_armcap_P
-# else
- ldr x16,LOPENSSL_armcap_P
-# endif
- adr x17,LOPENSSL_armcap_P
- add x16,x16,x17
+ adrp x16,_OPENSSL_armcap_P@PAGE
+ add x16,x16,_OPENSSL_armcap_P@PAGEOFF
ldr w16,[x16]
tst w16,#ARMV8_SHA256
b.ne Lv8_entry
@@ -86,7 +84,8 @@
ldp w24,w25,[x0,#4*4]
add x2,x1,x2,lsl#6 // end of input
ldp w26,w27,[x0,#6*4]
- adr x30,LK256
+ adrp x30,LK256@PAGE
+ add x30,x30,LK256@PAGEOFF
stp x0,x2,[x29,#96]
Loop:
@@ -1033,6 +1032,7 @@
ret
+.section __TEXT,__const
.align 6
LK256:
@@ -1054,18 +1054,10 @@
.long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
.long 0 //terminator
-#ifndef __KERNEL__
-.align 3
-LOPENSSL_armcap_P:
-# ifdef __ILP32__
-.long _OPENSSL_armcap_P-.
-# else
-.quad _OPENSSL_armcap_P-.
-# endif
-#endif
.byte 83,72,65,50,53,54,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align 2
.align 2
+.text
#ifndef __KERNEL__
.align 6
@@ -1075,7 +1067,8 @@
add x29,sp,#0
ld1 {v0.4s,v1.4s},[x0]
- adr x3,LK256
+ adrp x3,LK256@PAGE
+ add x3,x3,LK256@PAGEOFF
Loop_hw:
ld1 {v4.16b,v5.16b,v6.16b,v7.16b},[x1],#64
diff --git a/ios-aarch64/crypto/fipsmodule/sha512-armv8.S b/ios-aarch64/crypto/fipsmodule/sha512-armv8.S
index d4fd317..a2a92d7 100644
--- a/ios-aarch64/crypto/fipsmodule/sha512-armv8.S
+++ b/ios-aarch64/crypto/fipsmodule/sha512-armv8.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
@@ -74,7 +77,8 @@
ldp x24,x25,[x0,#4*8]
add x2,x1,x2,lsl#7 // end of input
ldp x26,x27,[x0,#6*8]
- adr x30,LK512
+ adrp x30,LK512@PAGE
+ add x30,x30,LK512@PAGEOFF
stp x0,x2,[x29,#96]
Loop:
@@ -1021,6 +1025,7 @@
ret
+.section __TEXT,__const
.align 6
LK512:
@@ -1066,15 +1071,6 @@
.quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817
.quad 0 // terminator
-#ifndef __KERNEL__
-.align 3
-LOPENSSL_armcap_P:
-# ifdef __ILP32__
-.long _OPENSSL_armcap_P-.
-# else
-.quad _OPENSSL_armcap_P-.
-# endif
-#endif
.byte 83,72,65,53,49,50,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align 2
.align 2
diff --git a/ios-arm/crypto/chacha/chacha-armv4.S b/ios-arm/crypto/chacha/chacha-armv4.S
index 9f86ad5..79d4389 100644
--- a/ios-arm/crypto/chacha/chacha-armv4.S
+++ b/ios-arm/crypto/chacha/chacha-armv4.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/ios-arm/crypto/fipsmodule/aes-armv4.S b/ios-arm/crypto/fipsmodule/aes-armv4.S
index 6543d8c..2feb29e 100644
--- a/ios-arm/crypto/fipsmodule/aes-armv4.S
+++ b/ios-arm/crypto/fipsmodule/aes-armv4.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/ios-arm/crypto/fipsmodule/aesv8-armx32.S b/ios-arm/crypto/fipsmodule/aesv8-armx32.S
index aafcea1..17d9727 100644
--- a/ios-arm/crypto/fipsmodule/aesv8-armx32.S
+++ b/ios-arm/crypto/fipsmodule/aesv8-armx32.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
@@ -22,6 +25,8 @@
.long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d @ rotate-n-splat
.long 0x1b,0x1b,0x1b,0x1b
+.text
+
.globl _aes_hw_set_encrypt_key
.private_extern _aes_hw_set_encrypt_key
#ifdef __thumb2__
diff --git a/ios-arm/crypto/fipsmodule/armv4-mont.S b/ios-arm/crypto/fipsmodule/armv4-mont.S
index 7a502f0..8ccc763 100644
--- a/ios-arm/crypto/fipsmodule/armv4-mont.S
+++ b/ios-arm/crypto/fipsmodule/armv4-mont.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/ios-arm/crypto/fipsmodule/bsaes-armv7.S b/ios-arm/crypto/fipsmodule/bsaes-armv7.S
index beb294c..d997c6c 100644
--- a/ios-arm/crypto/fipsmodule/bsaes-armv7.S
+++ b/ios-arm/crypto/fipsmodule/bsaes-armv7.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/ios-arm/crypto/fipsmodule/ghash-armv4.S b/ios-arm/crypto/fipsmodule/ghash-armv4.S
index efb018c..2f4370e 100644
--- a/ios-arm/crypto/fipsmodule/ghash-armv4.S
+++ b/ios-arm/crypto/fipsmodule/ghash-armv4.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/ios-arm/crypto/fipsmodule/ghashv8-armx32.S b/ios-arm/crypto/fipsmodule/ghashv8-armx32.S
index 946293a..5f4b0c6 100644
--- a/ios-arm/crypto/fipsmodule/ghashv8-armx32.S
+++ b/ios-arm/crypto/fipsmodule/ghashv8-armx32.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/ios-arm/crypto/fipsmodule/sha1-armv4-large.S b/ios-arm/crypto/fipsmodule/sha1-armv4-large.S
index 8b1790a..aef735f 100644
--- a/ios-arm/crypto/fipsmodule/sha1-armv4-large.S
+++ b/ios-arm/crypto/fipsmodule/sha1-armv4-large.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/ios-arm/crypto/fipsmodule/sha256-armv4.S b/ios-arm/crypto/fipsmodule/sha256-armv4.S
index a101952..4da89c5 100644
--- a/ios-arm/crypto/fipsmodule/sha256-armv4.S
+++ b/ios-arm/crypto/fipsmodule/sha256-armv4.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/ios-arm/crypto/fipsmodule/sha512-armv4.S b/ios-arm/crypto/fipsmodule/sha512-armv4.S
index ddaa1a0..e212bad 100644
--- a/ios-arm/crypto/fipsmodule/sha512-armv4.S
+++ b/ios-arm/crypto/fipsmodule/sha512-armv4.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-aarch64/crypto/chacha/chacha-armv8.S b/linux-aarch64/crypto/chacha/chacha-armv8.S
index 1832a30..ff8f977 100644
--- a/linux-aarch64/crypto/chacha/chacha-armv8.S
+++ b/linux-aarch64/crypto/chacha/chacha-armv8.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
@@ -11,9 +14,9 @@
#endif
#include <openssl/arm_arch.h>
-.text
+.section .rodata
.align 5
.Lsigma:
@@ -29,21 +32,19 @@
.byte 67,104,97,67,104,97,50,48,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align 2
+.text
+
.globl ChaCha20_ctr32
.hidden ChaCha20_ctr32
.type ChaCha20_ctr32,%function
.align 5
ChaCha20_ctr32:
cbz x2,.Labort
- adr x5,.LOPENSSL_armcap_P
+ adrp x5,OPENSSL_armcap_P
cmp x2,#192
b.lo .Lshort
-#ifdef __ILP32__
- ldrsw x6,[x5]
-#else
- ldr x6,[x5]
-#endif
- ldr w17,[x6,x5]
+ add x5,x5,:lo12:OPENSSL_armcap_P
+ ldr w17,[x5]
tst w17,#ARMV7_NEON
b.ne ChaCha20_neon
@@ -51,7 +52,8 @@
stp x29,x30,[sp,#-96]!
add x29,sp,#0
- adr x5,.Lsigma
+ adrp x5,.Lsigma
+ add x5,x5,:lo12:.Lsigma
stp x19,x20,[sp,#16]
stp x21,x22,[sp,#32]
stp x23,x24,[sp,#48]
@@ -324,7 +326,8 @@
stp x29,x30,[sp,#-96]!
add x29,sp,#0
- adr x5,.Lsigma
+ adrp x5,.Lsigma
+ add x5,x5,:lo12:.Lsigma
stp x19,x20,[sp,#16]
stp x21,x22,[sp,#32]
stp x23,x24,[sp,#48]
@@ -817,7 +820,8 @@
stp x29,x30,[sp,#-96]!
add x29,sp,#0
- adr x5,.Lsigma
+ adrp x5,.Lsigma
+ add x5,x5,:lo12:.Lsigma
stp x19,x20,[sp,#16]
stp x21,x22,[sp,#32]
stp x23,x24,[sp,#48]
diff --git a/linux-aarch64/crypto/fipsmodule/aesv8-armx64.S b/linux-aarch64/crypto/fipsmodule/aesv8-armx64.S
index 0e5526f..19b585f 100644
--- a/linux-aarch64/crypto/fipsmodule/aesv8-armx64.S
+++ b/linux-aarch64/crypto/fipsmodule/aesv8-armx64.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
@@ -14,12 +17,15 @@
#if __ARM_MAX_ARCH__>=7
.text
.arch armv8-a+crypto
+.section .rodata
.align 5
.Lrcon:
.long 0x01,0x01,0x01,0x01
.long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d // rotate-n-splat
.long 0x1b,0x1b,0x1b,0x1b
+.text
+
.globl aes_hw_set_encrypt_key
.hidden aes_hw_set_encrypt_key
.type aes_hw_set_encrypt_key,%function
@@ -41,7 +47,8 @@
tst w1,#0x3f
b.ne .Lenc_key_abort
- adr x3,.Lrcon
+ adrp x3,.Lrcon
+ add x3,x3,:lo12:.Lrcon
cmp w1,#192
eor v0.16b,v0.16b,v0.16b
diff --git a/linux-aarch64/crypto/fipsmodule/armv8-mont.S b/linux-aarch64/crypto/fipsmodule/armv8-mont.S
index c65dd18..3dca443 100644
--- a/linux-aarch64/crypto/fipsmodule/armv8-mont.S
+++ b/linux-aarch64/crypto/fipsmodule/armv8-mont.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-aarch64/crypto/fipsmodule/ghashv8-armx64.S b/linux-aarch64/crypto/fipsmodule/ghashv8-armx64.S
index f3ae6c7..a611324 100644
--- a/linux-aarch64/crypto/fipsmodule/ghashv8-armx64.S
+++ b/linux-aarch64/crypto/fipsmodule/ghashv8-armx64.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-aarch64/crypto/fipsmodule/sha1-armv8.S b/linux-aarch64/crypto/fipsmodule/sha1-armv8.S
index 3b6cf6a..8a16fea 100644
--- a/linux-aarch64/crypto/fipsmodule/sha1-armv8.S
+++ b/linux-aarch64/crypto/fipsmodule/sha1-armv8.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
@@ -19,13 +22,8 @@
.type sha1_block_data_order,%function
.align 6
sha1_block_data_order:
-#ifdef __ILP32__
- ldrsw x16,.LOPENSSL_armcap_P
-#else
- ldr x16,.LOPENSSL_armcap_P
-#endif
- adr x17,.LOPENSSL_armcap_P
- add x16,x16,x17
+ adrp x16,OPENSSL_armcap_P
+ add x16,x16,:lo12:OPENSSL_armcap_P
ldr w16,[x16]
tst w16,#ARMV8_SHA1
b.ne .Lv8_entry
@@ -1092,7 +1090,8 @@
stp x29,x30,[sp,#-16]!
add x29,sp,#0
- adr x4,.Lconst
+ adrp x4,.Lconst
+ add x4,x4,:lo12:.Lconst
eor v1.16b,v1.16b,v1.16b
ld1 {v0.4s},[x0],#16
ld1 {v1.s}[0],[x0]
@@ -1215,18 +1214,13 @@
ldr x29,[sp],#16
ret
.size sha1_block_armv8,.-sha1_block_armv8
+.section .rodata
.align 6
.Lconst:
.long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 //K_00_19
.long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 //K_20_39
.long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc //K_40_59
.long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 //K_60_79
-.LOPENSSL_armcap_P:
-#ifdef __ILP32__
-.long OPENSSL_armcap_P-.
-#else
-.quad OPENSSL_armcap_P-.
-#endif
.byte 83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align 2
.align 2
diff --git a/linux-aarch64/crypto/fipsmodule/sha256-armv8.S b/linux-aarch64/crypto/fipsmodule/sha256-armv8.S
index 8bb535c..cf9c65b 100644
--- a/linux-aarch64/crypto/fipsmodule/sha256-armv8.S
+++ b/linux-aarch64/crypto/fipsmodule/sha256-armv8.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
@@ -61,13 +64,8 @@
.align 6
sha256_block_data_order:
#ifndef __KERNEL__
-# ifdef __ILP32__
- ldrsw x16,.LOPENSSL_armcap_P
-# else
- ldr x16,.LOPENSSL_armcap_P
-# endif
- adr x17,.LOPENSSL_armcap_P
- add x16,x16,x17
+ adrp x16,OPENSSL_armcap_P
+ add x16,x16,:lo12:OPENSSL_armcap_P
ldr w16,[x16]
tst w16,#ARMV8_SHA256
b.ne .Lv8_entry
@@ -87,7 +85,8 @@
ldp w24,w25,[x0,#4*4]
add x2,x1,x2,lsl#6 // end of input
ldp w26,w27,[x0,#6*4]
- adr x30,.LK256
+ adrp x30,.LK256
+ add x30,x30,:lo12:.LK256
stp x0,x2,[x29,#96]
.Loop:
@@ -1034,6 +1033,7 @@
ret
.size sha256_block_data_order,.-sha256_block_data_order
+.section .rodata
.align 6
.type .LK256,%object
.LK256:
@@ -1055,18 +1055,10 @@
.long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
.long 0 //terminator
.size .LK256,.-.LK256
-#ifndef __KERNEL__
-.align 3
-.LOPENSSL_armcap_P:
-# ifdef __ILP32__
-.long OPENSSL_armcap_P-.
-# else
-.quad OPENSSL_armcap_P-.
-# endif
-#endif
.byte 83,72,65,50,53,54,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align 2
.align 2
+.text
#ifndef __KERNEL__
.type sha256_block_armv8,%function
.align 6
@@ -1076,7 +1068,8 @@
add x29,sp,#0
ld1 {v0.4s,v1.4s},[x0]
- adr x3,.LK256
+ adrp x3,.LK256
+ add x3,x3,:lo12:.LK256
.Loop_hw:
ld1 {v4.16b,v5.16b,v6.16b,v7.16b},[x1],#64
diff --git a/linux-aarch64/crypto/fipsmodule/sha512-armv8.S b/linux-aarch64/crypto/fipsmodule/sha512-armv8.S
index ac9d5f0..d1e0aa4 100644
--- a/linux-aarch64/crypto/fipsmodule/sha512-armv8.S
+++ b/linux-aarch64/crypto/fipsmodule/sha512-armv8.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
@@ -75,7 +78,8 @@
ldp x24,x25,[x0,#4*8]
add x2,x1,x2,lsl#7 // end of input
ldp x26,x27,[x0,#6*8]
- adr x30,.LK512
+ adrp x30,.LK512
+ add x30,x30,:lo12:.LK512
stp x0,x2,[x29,#96]
.Loop:
@@ -1022,6 +1026,7 @@
ret
.size sha512_block_data_order,.-sha512_block_data_order
+.section .rodata
.align 6
.type .LK512,%object
.LK512:
@@ -1067,15 +1072,6 @@
.quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817
.quad 0 // terminator
.size .LK512,.-.LK512
-#ifndef __KERNEL__
-.align 3
-.LOPENSSL_armcap_P:
-# ifdef __ILP32__
-.long OPENSSL_armcap_P-.
-# else
-.quad OPENSSL_armcap_P-.
-# endif
-#endif
.byte 83,72,65,53,49,50,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align 2
.align 2
diff --git a/linux-arm/crypto/chacha/chacha-armv4.S b/linux-arm/crypto/chacha/chacha-armv4.S
index 489021c..4c17124 100644
--- a/linux-arm/crypto/chacha/chacha-armv4.S
+++ b/linux-arm/crypto/chacha/chacha-armv4.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-arm/crypto/fipsmodule/aes-armv4.S b/linux-arm/crypto/fipsmodule/aes-armv4.S
index cdd91ae..0a01694 100644
--- a/linux-arm/crypto/fipsmodule/aes-armv4.S
+++ b/linux-arm/crypto/fipsmodule/aes-armv4.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-arm/crypto/fipsmodule/aesv8-armx32.S b/linux-arm/crypto/fipsmodule/aesv8-armx32.S
index bdda4c3..42625fe 100644
--- a/linux-arm/crypto/fipsmodule/aesv8-armx32.S
+++ b/linux-arm/crypto/fipsmodule/aesv8-armx32.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
@@ -23,6 +26,8 @@
.long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d @ rotate-n-splat
.long 0x1b,0x1b,0x1b,0x1b
+.text
+
.globl aes_hw_set_encrypt_key
.hidden aes_hw_set_encrypt_key
.type aes_hw_set_encrypt_key,%function
diff --git a/linux-arm/crypto/fipsmodule/armv4-mont.S b/linux-arm/crypto/fipsmodule/armv4-mont.S
index 6a01ae0..702830a 100644
--- a/linux-arm/crypto/fipsmodule/armv4-mont.S
+++ b/linux-arm/crypto/fipsmodule/armv4-mont.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-arm/crypto/fipsmodule/bsaes-armv7.S b/linux-arm/crypto/fipsmodule/bsaes-armv7.S
index 4b53131..38a0290 100644
--- a/linux-arm/crypto/fipsmodule/bsaes-armv7.S
+++ b/linux-arm/crypto/fipsmodule/bsaes-armv7.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-arm/crypto/fipsmodule/ghash-armv4.S b/linux-arm/crypto/fipsmodule/ghash-armv4.S
index 99b2bc3..459ee82 100644
--- a/linux-arm/crypto/fipsmodule/ghash-armv4.S
+++ b/linux-arm/crypto/fipsmodule/ghash-armv4.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-arm/crypto/fipsmodule/ghashv8-armx32.S b/linux-arm/crypto/fipsmodule/ghashv8-armx32.S
index 10a9b4d..ddf74cd 100644
--- a/linux-arm/crypto/fipsmodule/ghashv8-armx32.S
+++ b/linux-arm/crypto/fipsmodule/ghashv8-armx32.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-arm/crypto/fipsmodule/sha1-armv4-large.S b/linux-arm/crypto/fipsmodule/sha1-armv4-large.S
index e168d68..3e44698 100644
--- a/linux-arm/crypto/fipsmodule/sha1-armv4-large.S
+++ b/linux-arm/crypto/fipsmodule/sha1-armv4-large.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-arm/crypto/fipsmodule/sha256-armv4.S b/linux-arm/crypto/fipsmodule/sha256-armv4.S
index e5092df..4f5739a 100644
--- a/linux-arm/crypto/fipsmodule/sha256-armv4.S
+++ b/linux-arm/crypto/fipsmodule/sha256-armv4.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-arm/crypto/fipsmodule/sha512-armv4.S b/linux-arm/crypto/fipsmodule/sha512-armv4.S
index 5f1b67e..3d1d781 100644
--- a/linux-arm/crypto/fipsmodule/sha512-armv4.S
+++ b/linux-arm/crypto/fipsmodule/sha512-armv4.S
@@ -1,3 +1,6 @@
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-ppc64le/crypto/fipsmodule/aesp8-ppc.S b/linux-ppc64le/crypto/fipsmodule/aesp8-ppc.S
index 618bd1c..42b69c1 100644
--- a/linux-ppc64le/crypto/fipsmodule/aesp8-ppc.S
+++ b/linux-ppc64le/crypto/fipsmodule/aesp8-ppc.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-ppc64le/crypto/fipsmodule/ghashp8-ppc.S b/linux-ppc64le/crypto/fipsmodule/ghashp8-ppc.S
index f4f9d25..88a8a25 100644
--- a/linux-ppc64le/crypto/fipsmodule/ghashp8-ppc.S
+++ b/linux-ppc64le/crypto/fipsmodule/ghashp8-ppc.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-x86/crypto/chacha/chacha-x86.S b/linux-x86/crypto/chacha/chacha-x86.S
index 519081b..1c9fdc3 100644
--- a/linux-x86/crypto/chacha/chacha-x86.S
+++ b/linux-x86/crypto/chacha/chacha-x86.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.globl ChaCha20_ctr32
diff --git a/linux-x86/crypto/fipsmodule/aes-586.S b/linux-x86/crypto/fipsmodule/aes-586.S
index 17b459c..3d6fbf7 100644
--- a/linux-x86/crypto/fipsmodule/aes-586.S
+++ b/linux-x86/crypto/fipsmodule/aes-586.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.hidden _x86_AES_encrypt_compact
diff --git a/linux-x86/crypto/fipsmodule/aesni-x86.S b/linux-x86/crypto/fipsmodule/aesni-x86.S
index cc53fa4..2e8e98a 100644
--- a/linux-x86/crypto/fipsmodule/aesni-x86.S
+++ b/linux-x86/crypto/fipsmodule/aesni-x86.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.globl aesni_encrypt
diff --git a/linux-x86/crypto/fipsmodule/bn-586.S b/linux-x86/crypto/fipsmodule/bn-586.S
index cc067f7..1934744 100644
--- a/linux-x86/crypto/fipsmodule/bn-586.S
+++ b/linux-x86/crypto/fipsmodule/bn-586.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.globl bn_mul_add_words
diff --git a/linux-x86/crypto/fipsmodule/co-586.S b/linux-x86/crypto/fipsmodule/co-586.S
index 56834d0..5e02a90 100644
--- a/linux-x86/crypto/fipsmodule/co-586.S
+++ b/linux-x86/crypto/fipsmodule/co-586.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.globl bn_mul_comba8
diff --git a/linux-x86/crypto/fipsmodule/ghash-x86.S b/linux-x86/crypto/fipsmodule/ghash-x86.S
index a384d9a..af0d116 100644
--- a/linux-x86/crypto/fipsmodule/ghash-x86.S
+++ b/linux-x86/crypto/fipsmodule/ghash-x86.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.globl gcm_gmult_4bit_mmx
diff --git a/linux-x86/crypto/fipsmodule/md5-586.S b/linux-x86/crypto/fipsmodule/md5-586.S
index 7237f95..9c18410 100644
--- a/linux-x86/crypto/fipsmodule/md5-586.S
+++ b/linux-x86/crypto/fipsmodule/md5-586.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.globl md5_block_asm_data_order
diff --git a/linux-x86/crypto/fipsmodule/sha1-586.S b/linux-x86/crypto/fipsmodule/sha1-586.S
index 2c022ec..94cb06b 100644
--- a/linux-x86/crypto/fipsmodule/sha1-586.S
+++ b/linux-x86/crypto/fipsmodule/sha1-586.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.globl sha1_block_data_order
diff --git a/linux-x86/crypto/fipsmodule/sha256-586.S b/linux-x86/crypto/fipsmodule/sha256-586.S
index 984758f..ee9116b 100644
--- a/linux-x86/crypto/fipsmodule/sha256-586.S
+++ b/linux-x86/crypto/fipsmodule/sha256-586.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.globl sha256_block_data_order
diff --git a/linux-x86/crypto/fipsmodule/sha512-586.S b/linux-x86/crypto/fipsmodule/sha512-586.S
index 3617ce4..af6cec7 100644
--- a/linux-x86/crypto/fipsmodule/sha512-586.S
+++ b/linux-x86/crypto/fipsmodule/sha512-586.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.globl sha512_block_data_order
diff --git a/linux-x86/crypto/fipsmodule/vpaes-x86.S b/linux-x86/crypto/fipsmodule/vpaes-x86.S
index 0417b7e..5341134 100644
--- a/linux-x86/crypto/fipsmodule/vpaes-x86.S
+++ b/linux-x86/crypto/fipsmodule/vpaes-x86.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.align 64
diff --git a/linux-x86/crypto/fipsmodule/x86-mont.S b/linux-x86/crypto/fipsmodule/x86-mont.S
index 3ec24e2..ade5964 100644
--- a/linux-x86/crypto/fipsmodule/x86-mont.S
+++ b/linux-x86/crypto/fipsmodule/x86-mont.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.globl bn_mul_mont
diff --git a/linux-x86_64/crypto/chacha/chacha-x86_64.S b/linux-x86_64/crypto/chacha/chacha-x86_64.S
index c202957..785b2dc 100644
--- a/linux-x86_64/crypto/chacha/chacha-x86_64.S
+++ b/linux-x86_64/crypto/chacha/chacha-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S b/linux-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S
index 0d5b7ec..3eb1688 100644
--- a/linux-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S
+++ b/linux-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S b/linux-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S
index a466f13..677335b 100644
--- a/linux-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S
+++ b/linux-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-x86_64/crypto/fipsmodule/aes-x86_64.S b/linux-x86_64/crypto/fipsmodule/aes-x86_64.S
index 43b4e7d..0dca261 100644
--- a/linux-x86_64/crypto/fipsmodule/aes-x86_64.S
+++ b/linux-x86_64/crypto/fipsmodule/aes-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S b/linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S
index 1b7ef99..066f477 100644
--- a/linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S
+++ b/linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-x86_64/crypto/fipsmodule/aesni-x86_64.S b/linux-x86_64/crypto/fipsmodule/aesni-x86_64.S
index 44d5156..9ea9824 100644
--- a/linux-x86_64/crypto/fipsmodule/aesni-x86_64.S
+++ b/linux-x86_64/crypto/fipsmodule/aesni-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-x86_64/crypto/fipsmodule/bsaes-x86_64.S b/linux-x86_64/crypto/fipsmodule/bsaes-x86_64.S
index bc69c5d..7dd3161 100644
--- a/linux-x86_64/crypto/fipsmodule/bsaes-x86_64.S
+++ b/linux-x86_64/crypto/fipsmodule/bsaes-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-x86_64/crypto/fipsmodule/ghash-x86_64.S b/linux-x86_64/crypto/fipsmodule/ghash-x86_64.S
index 00804c2..ed0946d 100644
--- a/linux-x86_64/crypto/fipsmodule/ghash-x86_64.S
+++ b/linux-x86_64/crypto/fipsmodule/ghash-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-x86_64/crypto/fipsmodule/md5-x86_64.S b/linux-x86_64/crypto/fipsmodule/md5-x86_64.S
index 0713f96..6d08f17 100644
--- a/linux-x86_64/crypto/fipsmodule/md5-x86_64.S
+++ b/linux-x86_64/crypto/fipsmodule/md5-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S b/linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S
index 267e436..6a3cb1c 100644
--- a/linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S
+++ b/linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S b/linux-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S
index 64c62a1..98a2f8f 100644
--- a/linux-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S
+++ b/linux-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-x86_64/crypto/fipsmodule/rdrand-x86_64.S b/linux-x86_64/crypto/fipsmodule/rdrand-x86_64.S
index dc0d43c..d7b0cb4 100644
--- a/linux-x86_64/crypto/fipsmodule/rdrand-x86_64.S
+++ b/linux-x86_64/crypto/fipsmodule/rdrand-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-x86_64/crypto/fipsmodule/rsaz-avx2.S b/linux-x86_64/crypto/fipsmodule/rsaz-avx2.S
index 8dd5137..4ca2cab 100644
--- a/linux-x86_64/crypto/fipsmodule/rsaz-avx2.S
+++ b/linux-x86_64/crypto/fipsmodule/rsaz-avx2.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-x86_64/crypto/fipsmodule/sha1-x86_64.S b/linux-x86_64/crypto/fipsmodule/sha1-x86_64.S
index d9629ea..044f36f 100644
--- a/linux-x86_64/crypto/fipsmodule/sha1-x86_64.S
+++ b/linux-x86_64/crypto/fipsmodule/sha1-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-x86_64/crypto/fipsmodule/sha256-x86_64.S b/linux-x86_64/crypto/fipsmodule/sha256-x86_64.S
index c08afe8..55b540f 100644
--- a/linux-x86_64/crypto/fipsmodule/sha256-x86_64.S
+++ b/linux-x86_64/crypto/fipsmodule/sha256-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-x86_64/crypto/fipsmodule/sha512-x86_64.S b/linux-x86_64/crypto/fipsmodule/sha512-x86_64.S
index e2551fc..3c47199 100644
--- a/linux-x86_64/crypto/fipsmodule/sha512-x86_64.S
+++ b/linux-x86_64/crypto/fipsmodule/sha512-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S b/linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S
index 91b7aae..41b113a 100644
--- a/linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S
+++ b/linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-x86_64/crypto/fipsmodule/x86_64-mont.S b/linux-x86_64/crypto/fipsmodule/x86_64-mont.S
index 7bcfbe9..f3637f0 100644
--- a/linux-x86_64/crypto/fipsmodule/x86_64-mont.S
+++ b/linux-x86_64/crypto/fipsmodule/x86_64-mont.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/linux-x86_64/crypto/fipsmodule/x86_64-mont5.S b/linux-x86_64/crypto/fipsmodule/x86_64-mont5.S
index d98a045..8ac360d 100644
--- a/linux-x86_64/crypto/fipsmodule/x86_64-mont5.S
+++ b/linux-x86_64/crypto/fipsmodule/x86_64-mont5.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/mac-x86/crypto/chacha/chacha-x86.S b/mac-x86/crypto/chacha/chacha-x86.S
index e87467c..0bf1900 100644
--- a/mac-x86/crypto/chacha/chacha-x86.S
+++ b/mac-x86/crypto/chacha/chacha-x86.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.globl _ChaCha20_ctr32
diff --git a/mac-x86/crypto/fipsmodule/aes-586.S b/mac-x86/crypto/fipsmodule/aes-586.S
index fe951ee..781ab4b 100644
--- a/mac-x86/crypto/fipsmodule/aes-586.S
+++ b/mac-x86/crypto/fipsmodule/aes-586.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.private_extern __x86_AES_encrypt_compact
diff --git a/mac-x86/crypto/fipsmodule/aesni-x86.S b/mac-x86/crypto/fipsmodule/aesni-x86.S
index 3fe0e75..7e7cf08 100644
--- a/mac-x86/crypto/fipsmodule/aesni-x86.S
+++ b/mac-x86/crypto/fipsmodule/aesni-x86.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.globl _aesni_encrypt
diff --git a/mac-x86/crypto/fipsmodule/bn-586.S b/mac-x86/crypto/fipsmodule/bn-586.S
index d1be040..d48a42a 100644
--- a/mac-x86/crypto/fipsmodule/bn-586.S
+++ b/mac-x86/crypto/fipsmodule/bn-586.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.globl _bn_mul_add_words
diff --git a/mac-x86/crypto/fipsmodule/co-586.S b/mac-x86/crypto/fipsmodule/co-586.S
index 858ba37..c55fcb0 100644
--- a/mac-x86/crypto/fipsmodule/co-586.S
+++ b/mac-x86/crypto/fipsmodule/co-586.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.globl _bn_mul_comba8
diff --git a/mac-x86/crypto/fipsmodule/ghash-x86.S b/mac-x86/crypto/fipsmodule/ghash-x86.S
index 320cd42..1d8f246 100644
--- a/mac-x86/crypto/fipsmodule/ghash-x86.S
+++ b/mac-x86/crypto/fipsmodule/ghash-x86.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.globl _gcm_gmult_4bit_mmx
diff --git a/mac-x86/crypto/fipsmodule/md5-586.S b/mac-x86/crypto/fipsmodule/md5-586.S
index 795e42e..5cb4b15 100644
--- a/mac-x86/crypto/fipsmodule/md5-586.S
+++ b/mac-x86/crypto/fipsmodule/md5-586.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.globl _md5_block_asm_data_order
diff --git a/mac-x86/crypto/fipsmodule/sha1-586.S b/mac-x86/crypto/fipsmodule/sha1-586.S
index efb6f52..d449b66 100644
--- a/mac-x86/crypto/fipsmodule/sha1-586.S
+++ b/mac-x86/crypto/fipsmodule/sha1-586.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.globl _sha1_block_data_order
diff --git a/mac-x86/crypto/fipsmodule/sha256-586.S b/mac-x86/crypto/fipsmodule/sha256-586.S
index 7f15397..68e3089 100644
--- a/mac-x86/crypto/fipsmodule/sha256-586.S
+++ b/mac-x86/crypto/fipsmodule/sha256-586.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.globl _sha256_block_data_order
diff --git a/mac-x86/crypto/fipsmodule/sha512-586.S b/mac-x86/crypto/fipsmodule/sha512-586.S
index f65cb10..1fe10cc 100644
--- a/mac-x86/crypto/fipsmodule/sha512-586.S
+++ b/mac-x86/crypto/fipsmodule/sha512-586.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.globl _sha512_block_data_order
diff --git a/mac-x86/crypto/fipsmodule/vpaes-x86.S b/mac-x86/crypto/fipsmodule/vpaes-x86.S
index f49e9f0..b232bad 100644
--- a/mac-x86/crypto/fipsmodule/vpaes-x86.S
+++ b/mac-x86/crypto/fipsmodule/vpaes-x86.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.align 6,0x90
diff --git a/mac-x86/crypto/fipsmodule/x86-mont.S b/mac-x86/crypto/fipsmodule/x86-mont.S
index 3b1954d..c6c16da 100644
--- a/mac-x86/crypto/fipsmodule/x86-mont.S
+++ b/mac-x86/crypto/fipsmodule/x86-mont.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__i386__)
.text
.globl _bn_mul_mont
diff --git a/mac-x86_64/crypto/chacha/chacha-x86_64.S b/mac-x86_64/crypto/chacha/chacha-x86_64.S
index 7b428ec..4f97274 100644
--- a/mac-x86_64/crypto/chacha/chacha-x86_64.S
+++ b/mac-x86_64/crypto/chacha/chacha-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/mac-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S b/mac-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S
index 0b51d06..0c921b3 100644
--- a/mac-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S
+++ b/mac-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/mac-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S b/mac-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S
index d2a1ed2..e50227a 100644
--- a/mac-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S
+++ b/mac-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/mac-x86_64/crypto/fipsmodule/aes-x86_64.S b/mac-x86_64/crypto/fipsmodule/aes-x86_64.S
index 6e3b750..c23234f 100644
--- a/mac-x86_64/crypto/fipsmodule/aes-x86_64.S
+++ b/mac-x86_64/crypto/fipsmodule/aes-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/mac-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S b/mac-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S
index 816ea86..b7902ca 100644
--- a/mac-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S
+++ b/mac-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/mac-x86_64/crypto/fipsmodule/aesni-x86_64.S b/mac-x86_64/crypto/fipsmodule/aesni-x86_64.S
index b9788be..381c574 100644
--- a/mac-x86_64/crypto/fipsmodule/aesni-x86_64.S
+++ b/mac-x86_64/crypto/fipsmodule/aesni-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/mac-x86_64/crypto/fipsmodule/bsaes-x86_64.S b/mac-x86_64/crypto/fipsmodule/bsaes-x86_64.S
index f144752..d0668ca 100644
--- a/mac-x86_64/crypto/fipsmodule/bsaes-x86_64.S
+++ b/mac-x86_64/crypto/fipsmodule/bsaes-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/mac-x86_64/crypto/fipsmodule/ghash-x86_64.S b/mac-x86_64/crypto/fipsmodule/ghash-x86_64.S
index 835abc4..5256fbf 100644
--- a/mac-x86_64/crypto/fipsmodule/ghash-x86_64.S
+++ b/mac-x86_64/crypto/fipsmodule/ghash-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/mac-x86_64/crypto/fipsmodule/md5-x86_64.S b/mac-x86_64/crypto/fipsmodule/md5-x86_64.S
index 829cc00..f6dd669 100644
--- a/mac-x86_64/crypto/fipsmodule/md5-x86_64.S
+++ b/mac-x86_64/crypto/fipsmodule/md5-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S b/mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S
index 03890a9..429887d 100644
--- a/mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S
+++ b/mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/mac-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S b/mac-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S
index 47fdb38..446dc34 100644
--- a/mac-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S
+++ b/mac-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/mac-x86_64/crypto/fipsmodule/rdrand-x86_64.S b/mac-x86_64/crypto/fipsmodule/rdrand-x86_64.S
index f9dfcbf..e65b5d6 100644
--- a/mac-x86_64/crypto/fipsmodule/rdrand-x86_64.S
+++ b/mac-x86_64/crypto/fipsmodule/rdrand-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/mac-x86_64/crypto/fipsmodule/rsaz-avx2.S b/mac-x86_64/crypto/fipsmodule/rsaz-avx2.S
index d31293f..e4345bd 100644
--- a/mac-x86_64/crypto/fipsmodule/rsaz-avx2.S
+++ b/mac-x86_64/crypto/fipsmodule/rsaz-avx2.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/mac-x86_64/crypto/fipsmodule/sha1-x86_64.S b/mac-x86_64/crypto/fipsmodule/sha1-x86_64.S
index 59423b2..ace121e 100644
--- a/mac-x86_64/crypto/fipsmodule/sha1-x86_64.S
+++ b/mac-x86_64/crypto/fipsmodule/sha1-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/mac-x86_64/crypto/fipsmodule/sha256-x86_64.S b/mac-x86_64/crypto/fipsmodule/sha256-x86_64.S
index ea50ea8..5e46e81 100644
--- a/mac-x86_64/crypto/fipsmodule/sha256-x86_64.S
+++ b/mac-x86_64/crypto/fipsmodule/sha256-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/mac-x86_64/crypto/fipsmodule/sha512-x86_64.S b/mac-x86_64/crypto/fipsmodule/sha512-x86_64.S
index 68c30f3..8a6d16c 100644
--- a/mac-x86_64/crypto/fipsmodule/sha512-x86_64.S
+++ b/mac-x86_64/crypto/fipsmodule/sha512-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/mac-x86_64/crypto/fipsmodule/vpaes-x86_64.S b/mac-x86_64/crypto/fipsmodule/vpaes-x86_64.S
index e582f15..312bf1d 100644
--- a/mac-x86_64/crypto/fipsmodule/vpaes-x86_64.S
+++ b/mac-x86_64/crypto/fipsmodule/vpaes-x86_64.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/mac-x86_64/crypto/fipsmodule/x86_64-mont.S b/mac-x86_64/crypto/fipsmodule/x86_64-mont.S
index 6d0ea6d..8d6444c 100644
--- a/mac-x86_64/crypto/fipsmodule/x86_64-mont.S
+++ b/mac-x86_64/crypto/fipsmodule/x86_64-mont.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/mac-x86_64/crypto/fipsmodule/x86_64-mont5.S b/mac-x86_64/crypto/fipsmodule/x86_64-mont5.S
index 0db3c3c..bfe2c15 100644
--- a/mac-x86_64/crypto/fipsmodule/x86_64-mont5.S
+++ b/mac-x86_64/crypto/fipsmodule/x86_64-mont5.S
@@ -1,3 +1,6 @@
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/src/BUILDING.md b/src/BUILDING.md
index 01f5480..924f6c9 100644
--- a/src/BUILDING.md
+++ b/src/BUILDING.md
@@ -20,7 +20,7 @@
* If you need to build Ninja from source, then a recent version of
[Python](https://www.python.org/downloads/) is required (Python 2.7.5 works).
- * On Windows only, [Yasm](http://yasm.tortall.net/) is required. If not found
+ * On Windows only, [NASM](https://www.nasm.us/) is required. If not found
by CMake, it may be configured explicitly by setting
`CMAKE_ASM_NASM_COMPILER`.
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 9c4edba..dd2d937 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -408,6 +408,9 @@
set(ARCH "aarch64")
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "arm64")
set(ARCH "aarch64")
+# Apple A12 Bionic chipset which is added in iPhone XS/XS Max/XR uses arm64e architecture.
+elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "arm64e")
+ set(ARCH "aarch64")
elseif(${CMAKE_SYSTEM_PROCESSOR} MATCHES "^arm*")
set(ARCH "arm")
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "mips")
diff --git a/src/crypto/asn1/a_enum.c b/src/crypto/asn1/a_enum.c
index 4a77971..11e60ac 100644
--- a/src/crypto/asn1/a_enum.c
+++ b/src/crypto/asn1/a_enum.c
@@ -120,8 +120,8 @@
else if (i != V_ASN1_ENUMERATED)
return -1;
- OPENSSL_COMPILE_ASSERT(sizeof(uint64_t) >= sizeof(long),
- long_larger_than_uint64_t);
+ OPENSSL_STATIC_ASSERT(sizeof(uint64_t) >= sizeof(long),
+ "long larger than uint64_t");
if (a->length > (int)sizeof(uint64_t)) {
/* hmm... a bit ugly */
diff --git a/src/crypto/asn1/a_int.c b/src/crypto/asn1/a_int.c
index dd74550..6dc18ba 100644
--- a/src/crypto/asn1/a_int.c
+++ b/src/crypto/asn1/a_int.c
@@ -400,8 +400,8 @@
else if (i != V_ASN1_INTEGER)
return -1;
- OPENSSL_COMPILE_ASSERT(sizeof(uint64_t) >= sizeof(long),
- long_larger_than_uint64_t);
+ OPENSSL_STATIC_ASSERT(sizeof(uint64_t) >= sizeof(long),
+ "long larger than uint64_t");
if (a->length > (int)sizeof(uint64_t)) {
/* hmm... a bit ugly, return all ones */
diff --git a/src/crypto/base64/base64.c b/src/crypto/base64/base64.c
index b701b0d..349452d 100644
--- a/src/crypto/base64/base64.c
+++ b/src/crypto/base64/base64.c
@@ -98,8 +98,8 @@
return ret;
}
-OPENSSL_COMPILE_ASSERT(sizeof(((EVP_ENCODE_CTX *)(NULL))->data) % 3 == 0,
- data_length_must_be_multiple_of_base64_chunk_size);
+OPENSSL_STATIC_ASSERT(sizeof(((EVP_ENCODE_CTX *)(NULL))->data) % 3 == 0,
+ "data length must be a multiple of base64 chunk size");
int EVP_EncodedLength(size_t *out_len, size_t len) {
if (len + 2 < len) {
diff --git a/src/crypto/bytestring/bytestring_test.cc b/src/crypto/bytestring/bytestring_test.cc
index 639ddc7..e99744d 100644
--- a/src/crypto/bytestring/bytestring_test.cc
+++ b/src/crypto/bytestring/bytestring_test.cc
@@ -12,10 +12,6 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#if !defined(__STDC_CONSTANT_MACROS)
-#define __STDC_CONSTANT_MACROS
-#endif
-
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
diff --git a/src/crypto/bytestring/cbs.c b/src/crypto/bytestring/cbs.c
index 458af38..372652c 100644
--- a/src/crypto/bytestring/cbs.c
+++ b/src/crypto/bytestring/cbs.c
@@ -12,10 +12,6 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#if !defined(__STDC_FORMAT_MACROS)
-#define __STDC_FORMAT_MACROS
-#endif
-
#include <openssl/buf.h>
#include <openssl/mem.h>
#include <openssl/bytestring.h>
diff --git a/src/crypto/chacha/asm/chacha-armv8.pl b/src/crypto/chacha/asm/chacha-armv8.pl
index 0a1c415..7795f2c 100755
--- a/src/crypto/chacha/asm/chacha-armv8.pl
+++ b/src/crypto/chacha/asm/chacha-armv8.pl
@@ -122,10 +122,10 @@
$code.=<<___;
#include <openssl/arm_arch.h>
-.text
-
.extern OPENSSL_armcap_P
+.section .rodata
+
.align 5
.Lsigma:
.quad 0x3320646e61707865,0x6b20657479622d32 // endian-neutral
@@ -139,20 +139,18 @@
#endif
.asciz "ChaCha20 for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
+.text
+
.globl ChaCha20_ctr32
.type ChaCha20_ctr32,%function
.align 5
ChaCha20_ctr32:
cbz $len,.Labort
- adr @x[0],.LOPENSSL_armcap_P
+ adrp @x[0],:pg_hi21:OPENSSL_armcap_P
cmp $len,#192
b.lo .Lshort
-#ifdef __ILP32__
- ldrsw @x[1],[@x[0]]
-#else
- ldr @x[1],[@x[0]]
-#endif
- ldr w17,[@x[1],@x[0]]
+ add @x[0],@x[0],:lo12:OPENSSL_armcap_P
+ ldr w17,[@x[0]]
tst w17,#ARMV7_NEON
b.ne ChaCha20_neon
@@ -160,7 +158,8 @@
stp x29,x30,[sp,#-96]!
add x29,sp,#0
- adr @x[0],.Lsigma
+ adrp @x[0],:pg_hi21:.Lsigma
+ add @x[0],@x[0],:lo12:.Lsigma
stp x19,x20,[sp,#16]
stp x21,x22,[sp,#32]
stp x23,x24,[sp,#48]
@@ -380,7 +379,8 @@
stp x29,x30,[sp,#-96]!
add x29,sp,#0
- adr @x[0],.Lsigma
+ adrp @x[0],:pg_hi21:.Lsigma
+ add @x[0],@x[0],:lo12:.Lsigma
stp x19,x20,[sp,#16]
stp x21,x22,[sp,#32]
stp x23,x24,[sp,#48]
@@ -699,7 +699,8 @@
stp x29,x30,[sp,#-96]!
add x29,sp,#0
- adr @x[0],.Lsigma
+ adrp @x[0],:pg_hi21:.Lsigma
+ add @x[0],@x[0],:lo12:.Lsigma
stp x19,x20,[sp,#16]
stp x21,x22,[sp,#32]
stp x23,x24,[sp,#48]
diff --git a/src/crypto/cipher_extra/e_aesccm.c b/src/crypto/cipher_extra/e_aesccm.c
index 37a9add..3e18659 100644
--- a/src/crypto/cipher_extra/e_aesccm.c
+++ b/src/crypto/cipher_extra/e_aesccm.c
@@ -33,13 +33,13 @@
CCM128_CONTEXT ccm;
};
-OPENSSL_COMPILE_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
- sizeof(struct aead_aes_ccm_ctx),
- AEAD_state_too_small);
+OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
+ sizeof(struct aead_aes_ccm_ctx),
+ "AEAD state is too small");
#if defined(__GNUC__) || defined(__clang__)
-OPENSSL_COMPILE_ASSERT(alignof(union evp_aead_ctx_st_state) >=
- alignof(struct aead_aes_ccm_ctx),
- AEAD_state_insufficient_alignment);
+OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
+ alignof(struct aead_aes_ccm_ctx),
+ "AEAD state has insufficient alignment");
#endif
static int aead_aes_ccm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
diff --git a/src/crypto/cipher_extra/e_aesctrhmac.c b/src/crypto/cipher_extra/e_aesctrhmac.c
index 54a50ec..8c45c81 100644
--- a/src/crypto/cipher_extra/e_aesctrhmac.c
+++ b/src/crypto/cipher_extra/e_aesctrhmac.c
@@ -35,13 +35,13 @@
SHA256_CTX outer_init_state;
};
-OPENSSL_COMPILE_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
- sizeof(struct aead_aes_ctr_hmac_sha256_ctx),
- AEAD_state_too_small);
+OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
+ sizeof(struct aead_aes_ctr_hmac_sha256_ctx),
+ "AEAD state is too small");
#if defined(__GNUC__) || defined(__clang__)
-OPENSSL_COMPILE_ASSERT(alignof(union evp_aead_ctx_st_state) >=
- alignof(struct aead_aes_ctr_hmac_sha256_ctx),
- AEAD_state_insufficient_alignment);
+OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
+ alignof(struct aead_aes_ctr_hmac_sha256_ctx),
+ "AEAD state has insufficient alignment");
#endif
static void hmac_init(SHA256_CTX *out_inner, SHA256_CTX *out_outer,
diff --git a/src/crypto/cipher_extra/e_aesgcmsiv.c b/src/crypto/cipher_extra/e_aesgcmsiv.c
index bf6c530..1deb918 100644
--- a/src/crypto/cipher_extra/e_aesgcmsiv.c
+++ b/src/crypto/cipher_extra/e_aesgcmsiv.c
@@ -38,12 +38,12 @@
// The assembly code assumes 8-byte alignment of the EVP_AEAD_CTX's state, and
// aligns to 16 bytes itself.
-OPENSSL_COMPILE_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) + 8 >=
- sizeof(struct aead_aes_gcm_siv_asm_ctx),
- AEAD_state_too_small_opt);
+OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) + 8 >=
+ sizeof(struct aead_aes_gcm_siv_asm_ctx),
+ "AEAD state is too small");
#if defined(__GNUC__) || defined(__clang__)
-OPENSSL_COMPILE_ASSERT(alignof(union evp_aead_ctx_st_state) >= 8,
- AEAD_state_insufficient_alignment_opt);
+OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >= 8,
+ "AEAD state has insufficient alignment");
#endif
// asm_ctx_from_ctx returns a 16-byte aligned context pointer from |ctx|.
@@ -560,13 +560,13 @@
unsigned is_256:1;
};
-OPENSSL_COMPILE_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
- sizeof(struct aead_aes_gcm_siv_ctx),
- AEAD_state_too_small);
+OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
+ sizeof(struct aead_aes_gcm_siv_ctx),
+ "AEAD state is too small");
#if defined(__GNUC__) || defined(__clang__)
-OPENSSL_COMPILE_ASSERT(alignof(union evp_aead_ctx_st_state) >=
- alignof(struct aead_aes_gcm_siv_ctx),
- AEAD_state_insufficient_alignment);
+OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
+ alignof(struct aead_aes_gcm_siv_ctx),
+ "AEAD state has insufficient alignment");
#endif
static int aead_aes_gcm_siv_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
diff --git a/src/crypto/cipher_extra/e_chacha20poly1305.c b/src/crypto/cipher_extra/e_chacha20poly1305.c
index 5aee4ae..1c175e9 100644
--- a/src/crypto/cipher_extra/e_chacha20poly1305.c
+++ b/src/crypto/cipher_extra/e_chacha20poly1305.c
@@ -35,13 +35,13 @@
uint8_t key[32];
};
-OPENSSL_COMPILE_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
- sizeof(struct aead_chacha20_poly1305_ctx),
- AEAD_state_too_small);
+OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
+ sizeof(struct aead_chacha20_poly1305_ctx),
+ "AEAD state is too small");
#if defined(__GNUC__) || defined(__clang__)
-OPENSSL_COMPILE_ASSERT(alignof(union evp_aead_ctx_st_state) >=
- alignof(struct aead_chacha20_poly1305_ctx),
- AEAD_state_insufficient_alignment);
+OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
+ alignof(struct aead_chacha20_poly1305_ctx),
+ "AEAD state has insufficient alignment");
#endif
// For convenience (the x86_64 calling convention allows only six parameters in
@@ -78,9 +78,9 @@
return sse41_capable;
}
-OPENSSL_COMPILE_ASSERT(sizeof(union open_data) == 48, wrong_open_data_size);
-OPENSSL_COMPILE_ASSERT(sizeof(union seal_data) == 48 + 8 + 8,
- wrong_seal_data_size);
+OPENSSL_STATIC_ASSERT(sizeof(union open_data) == 48, "wrong open_data size");
+OPENSSL_STATIC_ASSERT(sizeof(union seal_data) == 48 + 8 + 8,
+ "wrong seal_data size");
// chacha20_poly1305_open is defined in chacha20_poly1305_x86_64.pl. It decrypts
// |plaintext_len| bytes from |ciphertext| and writes them to |out_plaintext|.
diff --git a/src/crypto/cipher_extra/e_tls.c b/src/crypto/cipher_extra/e_tls.c
index 1f1fc3a..ff41989 100644
--- a/src/crypto/cipher_extra/e_tls.c
+++ b/src/crypto/cipher_extra/e_tls.c
@@ -42,15 +42,16 @@
char implicit_iv;
} AEAD_TLS_CTX;
-OPENSSL_COMPILE_ASSERT(EVP_MAX_MD_SIZE < 256, mac_key_len_fits_in_uint8_t);
+OPENSSL_STATIC_ASSERT(EVP_MAX_MD_SIZE < 256,
+ "mac_key_len does not fit in uint8_t");
-OPENSSL_COMPILE_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
- sizeof(AEAD_TLS_CTX),
- AEAD_state_too_small);
+OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
+ sizeof(AEAD_TLS_CTX),
+ "AEAD state is too small");
#if defined(__GNUC__) || defined(__clang__)
-OPENSSL_COMPILE_ASSERT(alignof(union evp_aead_ctx_st_state) >=
- alignof(AEAD_TLS_CTX),
- AEAD_state_insufficient_alignment);
+OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
+ alignof(AEAD_TLS_CTX),
+ "AEAD state has insufficient alignment");
#endif
static void aead_tls_cleanup(EVP_AEAD_CTX *ctx) {
diff --git a/src/crypto/cpu-arm-linux.c b/src/crypto/cpu-arm-linux.c
index 91078bd..8fe332c 100644
--- a/src/crypto/cpu-arm-linux.c
+++ b/src/crypto/cpu-arm-linux.c
@@ -14,9 +14,6 @@
#include <openssl/cpu.h>
-#include "cpu-arm-linux.h"
-#include "internal.h"
-
#if defined(OPENSSL_ARM) && !defined(OPENSSL_STATIC_ARMCAP)
#include <errno.h>
#include <fcntl.h>
@@ -26,155 +23,8 @@
#include <openssl/arm_arch.h>
#include <openssl/buf.h>
#include <openssl/mem.h>
-#endif
-
-// The following functions are only used in ARM, but they are defined on all
-// platforms for testing and fuzzing purposes.
-
-static int STRING_PIECE_equals(const STRING_PIECE *a, const char *b) {
- size_t b_len = strlen(b);
- return a->len == b_len && OPENSSL_memcmp(a->data, b, b_len) == 0;
-}
-
-// STRING_PIECE_split finds the first occurence of |sep| in |in| and, if found,
-// sets |*out_left| and |*out_right| to |in| split before and after it. It
-// returns one if |sep| was found and zero otherwise.
-static int STRING_PIECE_split(STRING_PIECE *out_left, STRING_PIECE *out_right,
- const STRING_PIECE *in, char sep) {
- const char *p = OPENSSL_memchr(in->data, sep, in->len);
- if (p == NULL) {
- return 0;
- }
- // |out_left| or |out_right| may alias |in|, so make a copy.
- STRING_PIECE in_copy = *in;
- out_left->data = in_copy.data;
- out_left->len = p - in_copy.data;
- out_right->data = in_copy.data + out_left->len + 1;
- out_right->len = in_copy.len - out_left->len - 1;
- return 1;
-}
-
-// STRING_PIECE_get_delimited reads a |sep|-delimited entry from |s|, writing it
-// to |out| and updating |s| to point beyond it. It returns one on success and
-// zero if |s| is empty. If |s| is has no copies of |sep| and is non-empty, it
-// reads the entire string to |out|.
-static int STRING_PIECE_get_delimited(STRING_PIECE *s, STRING_PIECE *out, char sep) {
- if (s->len == 0) {
- return 0;
- }
- if (!STRING_PIECE_split(out, s, s, sep)) {
- // |s| had no instances of |sep|. Return the entire string.
- *out = *s;
- s->data += s->len;
- s->len = 0;
- }
- return 1;
-}
-
-// STRING_PIECE_trim removes leading and trailing whitespace from |s|.
-static void STRING_PIECE_trim(STRING_PIECE *s) {
- while (s->len != 0 && (s->data[0] == ' ' || s->data[0] == '\t')) {
- s->data++;
- s->len--;
- }
- while (s->len != 0 &&
- (s->data[s->len - 1] == ' ' || s->data[s->len - 1] == '\t')) {
- s->len--;
- }
-}
-
-// extract_cpuinfo_field extracts a /proc/cpuinfo field named |field| from
-// |in|. If found, it sets |*out| to the value and returns one. Otherwise, it
-// returns zero.
-static int extract_cpuinfo_field(STRING_PIECE *out, const STRING_PIECE *in,
- const char *field) {
- // Process |in| one line at a time.
- STRING_PIECE remaining = *in, line;
- while (STRING_PIECE_get_delimited(&remaining, &line, '\n')) {
- STRING_PIECE key, value;
- if (!STRING_PIECE_split(&key, &value, &line, ':')) {
- continue;
- }
- STRING_PIECE_trim(&key);
- if (STRING_PIECE_equals(&key, field)) {
- STRING_PIECE_trim(&value);
- *out = value;
- return 1;
- }
- }
-
- return 0;
-}
-
-static int cpuinfo_field_equals(const STRING_PIECE *cpuinfo, const char *field,
- const char *value) {
- STRING_PIECE extracted;
- return extract_cpuinfo_field(&extracted, cpuinfo, field) &&
- STRING_PIECE_equals(&extracted, value);
-}
-
-// has_list_item treats |list| as a space-separated list of items and returns
-// one if |item| is contained in |list| and zero otherwise.
-static int has_list_item(const STRING_PIECE *list, const char *item) {
- STRING_PIECE remaining = *list, feature;
- while (STRING_PIECE_get_delimited(&remaining, &feature, ' ')) {
- if (STRING_PIECE_equals(&feature, item)) {
- return 1;
- }
- }
- return 0;
-}
-
-unsigned long crypto_get_arm_hwcap_from_cpuinfo(const STRING_PIECE *cpuinfo) {
- if (cpuinfo_field_equals(cpuinfo, "CPU architecture", "8")) {
- // This is a 32-bit ARM binary running on a 64-bit kernel. NEON is always
- // available on ARMv8. Linux omits required features, so reading the
- // "Features" line does not work. (For simplicity, use strict equality. We
- // assume everything running on future ARM architectures will have a
- // working |getauxval|.)
- return HWCAP_NEON;
- }
-
- STRING_PIECE features;
- if (extract_cpuinfo_field(&features, cpuinfo, "Features") &&
- has_list_item(&features, "neon")) {
- return HWCAP_NEON;
- }
- return 0;
-}
-
-unsigned long crypto_get_arm_hwcap2_from_cpuinfo(const STRING_PIECE *cpuinfo) {
- STRING_PIECE features;
- if (!extract_cpuinfo_field(&features, cpuinfo, "Features")) {
- return 0;
- }
-
- unsigned long ret = 0;
- if (has_list_item(&features, "aes")) {
- ret |= HWCAP2_AES;
- }
- if (has_list_item(&features, "pmull")) {
- ret |= HWCAP2_PMULL;
- }
- if (has_list_item(&features, "sha1")) {
- ret |= HWCAP2_SHA1;
- }
- if (has_list_item(&features, "sha2")) {
- ret |= HWCAP2_SHA2;
- }
- return ret;
-}
-
-int crypto_cpuinfo_has_broken_neon(const STRING_PIECE *cpuinfo) {
- return cpuinfo_field_equals(cpuinfo, "CPU implementer", "0x51") &&
- cpuinfo_field_equals(cpuinfo, "CPU architecture", "7") &&
- cpuinfo_field_equals(cpuinfo, "CPU variant", "0x1") &&
- cpuinfo_field_equals(cpuinfo, "CPU part", "0x04d") &&
- cpuinfo_field_equals(cpuinfo, "CPU revision", "0");
-}
-
-#if defined(OPENSSL_ARM) && !defined(OPENSSL_STATIC_ARMCAP)
+#include "cpu-arm-linux.h"
#define AT_HWCAP 16
#define AT_HWCAP2 26
diff --git a/src/crypto/cpu-arm-linux.h b/src/crypto/cpu-arm-linux.h
index eabf4ea..e326285 100644
--- a/src/crypto/cpu-arm-linux.h
+++ b/src/crypto/cpu-arm-linux.h
@@ -17,14 +17,17 @@
#include <openssl/base.h>
+#include <string.h>
+
+#include "internal.h"
+
#if defined(__cplusplus)
extern "C" {
#endif
-// The following symbols are defined on all platforms and exported for testing
-// and fuzzing purposes. They are not exported from the shared library so the
-// static linker will drop them outside of tests.
+// The cpuinfo parser lives in a header file so it may be accessible from
+// cross-platform fuzzers without adding code to those platforms normally.
#define HWCAP_NEON (1 << 12)
@@ -40,17 +43,156 @@
size_t len;
} STRING_PIECE;
+static int STRING_PIECE_equals(const STRING_PIECE *a, const char *b) {
+ size_t b_len = strlen(b);
+ return a->len == b_len && OPENSSL_memcmp(a->data, b, b_len) == 0;
+}
+
+// STRING_PIECE_split finds the first occurence of |sep| in |in| and, if found,
+// sets |*out_left| and |*out_right| to |in| split before and after it. It
+// returns one if |sep| was found and zero otherwise.
+static int STRING_PIECE_split(STRING_PIECE *out_left, STRING_PIECE *out_right,
+ const STRING_PIECE *in, char sep) {
+ const char *p = (const char *)OPENSSL_memchr(in->data, sep, in->len);
+ if (p == NULL) {
+ return 0;
+ }
+ // |out_left| or |out_right| may alias |in|, so make a copy.
+ STRING_PIECE in_copy = *in;
+ out_left->data = in_copy.data;
+ out_left->len = p - in_copy.data;
+ out_right->data = in_copy.data + out_left->len + 1;
+ out_right->len = in_copy.len - out_left->len - 1;
+ return 1;
+}
+
+// STRING_PIECE_get_delimited reads a |sep|-delimited entry from |s|, writing it
+// to |out| and updating |s| to point beyond it. It returns one on success and
+// zero if |s| is empty. If |s| is has no copies of |sep| and is non-empty, it
+// reads the entire string to |out|.
+static int STRING_PIECE_get_delimited(STRING_PIECE *s, STRING_PIECE *out, char sep) {
+ if (s->len == 0) {
+ return 0;
+ }
+ if (!STRING_PIECE_split(out, s, s, sep)) {
+ // |s| had no instances of |sep|. Return the entire string.
+ *out = *s;
+ s->data += s->len;
+ s->len = 0;
+ }
+ return 1;
+}
+
+// STRING_PIECE_trim removes leading and trailing whitespace from |s|.
+static void STRING_PIECE_trim(STRING_PIECE *s) {
+ while (s->len != 0 && (s->data[0] == ' ' || s->data[0] == '\t')) {
+ s->data++;
+ s->len--;
+ }
+ while (s->len != 0 &&
+ (s->data[s->len - 1] == ' ' || s->data[s->len - 1] == '\t')) {
+ s->len--;
+ }
+}
+
+// extract_cpuinfo_field extracts a /proc/cpuinfo field named |field| from
+// |in|. If found, it sets |*out| to the value and returns one. Otherwise, it
+// returns zero.
+static int extract_cpuinfo_field(STRING_PIECE *out, const STRING_PIECE *in,
+ const char *field) {
+ // Process |in| one line at a time.
+ STRING_PIECE remaining = *in, line;
+ while (STRING_PIECE_get_delimited(&remaining, &line, '\n')) {
+ STRING_PIECE key, value;
+ if (!STRING_PIECE_split(&key, &value, &line, ':')) {
+ continue;
+ }
+ STRING_PIECE_trim(&key);
+ if (STRING_PIECE_equals(&key, field)) {
+ STRING_PIECE_trim(&value);
+ *out = value;
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+static int cpuinfo_field_equals(const STRING_PIECE *cpuinfo, const char *field,
+ const char *value) {
+ STRING_PIECE extracted;
+ return extract_cpuinfo_field(&extracted, cpuinfo, field) &&
+ STRING_PIECE_equals(&extracted, value);
+}
+
+// has_list_item treats |list| as a space-separated list of items and returns
+// one if |item| is contained in |list| and zero otherwise.
+static int has_list_item(const STRING_PIECE *list, const char *item) {
+ STRING_PIECE remaining = *list, feature;
+ while (STRING_PIECE_get_delimited(&remaining, &feature, ' ')) {
+ if (STRING_PIECE_equals(&feature, item)) {
+ return 1;
+ }
+ }
+ return 0;
+}
+
// crypto_get_arm_hwcap_from_cpuinfo returns an equivalent ARM |AT_HWCAP| value
// from |cpuinfo|.
-unsigned long crypto_get_arm_hwcap_from_cpuinfo(const STRING_PIECE *cpuinfo);
+static unsigned long crypto_get_arm_hwcap_from_cpuinfo(
+ const STRING_PIECE *cpuinfo) {
+ if (cpuinfo_field_equals(cpuinfo, "CPU architecture", "8")) {
+ // This is a 32-bit ARM binary running on a 64-bit kernel. NEON is always
+ // available on ARMv8. Linux omits required features, so reading the
+ // "Features" line does not work. (For simplicity, use strict equality. We
+ // assume everything running on future ARM architectures will have a
+ // working |getauxval|.)
+ return HWCAP_NEON;
+ }
+
+ STRING_PIECE features;
+ if (extract_cpuinfo_field(&features, cpuinfo, "Features") &&
+ has_list_item(&features, "neon")) {
+ return HWCAP_NEON;
+ }
+ return 0;
+}
// crypto_get_arm_hwcap2_from_cpuinfo returns an equivalent ARM |AT_HWCAP2|
// value from |cpuinfo|.
-unsigned long crypto_get_arm_hwcap2_from_cpuinfo(const STRING_PIECE *cpuinfo);
+static unsigned long crypto_get_arm_hwcap2_from_cpuinfo(
+ const STRING_PIECE *cpuinfo) {
+ STRING_PIECE features;
+ if (!extract_cpuinfo_field(&features, cpuinfo, "Features")) {
+ return 0;
+ }
+
+ unsigned long ret = 0;
+ if (has_list_item(&features, "aes")) {
+ ret |= HWCAP2_AES;
+ }
+ if (has_list_item(&features, "pmull")) {
+ ret |= HWCAP2_PMULL;
+ }
+ if (has_list_item(&features, "sha1")) {
+ ret |= HWCAP2_SHA1;
+ }
+ if (has_list_item(&features, "sha2")) {
+ ret |= HWCAP2_SHA2;
+ }
+ return ret;
+}
// crypto_cpuinfo_has_broken_neon returns one if |cpuinfo| matches a CPU known
// to have broken NEON unit and zero otherwise. See https://crbug.com/341598.
-int crypto_cpuinfo_has_broken_neon(const STRING_PIECE *cpuinfo);
+static int crypto_cpuinfo_has_broken_neon(const STRING_PIECE *cpuinfo) {
+ return cpuinfo_field_equals(cpuinfo, "CPU implementer", "0x51") &&
+ cpuinfo_field_equals(cpuinfo, "CPU architecture", "7") &&
+ cpuinfo_field_equals(cpuinfo, "CPU variant", "0x1") &&
+ cpuinfo_field_equals(cpuinfo, "CPU part", "0x04d") &&
+ cpuinfo_field_equals(cpuinfo, "CPU revision", "0");
+}
+
#if defined(__cplusplus)
} // extern C
diff --git a/src/crypto/cpu-arm-linux_test.cc b/src/crypto/cpu-arm-linux_test.cc
index 3ca6e57..2b5bc11 100644
--- a/src/crypto/cpu-arm-linux_test.cc
+++ b/src/crypto/cpu-arm-linux_test.cc
@@ -19,8 +19,6 @@
#include <gtest/gtest.h>
-#if !defined(BORINGSSL_SHARED_LIBRARY)
-
TEST(ARMLinuxTest, CPUInfo) {
struct CPUInfoTest {
const char *cpuinfo;
@@ -232,5 +230,3 @@
EXPECT_EQ(t.broken_neon ? 1 : 0, crypto_cpuinfo_has_broken_neon(&sp));
}
}
-
-#endif // !BORINGSSL_SHARED_LIBRARY
diff --git a/src/crypto/cpu-intel.c b/src/crypto/cpu-intel.c
index 701ebed..20cfbe8 100644
--- a/src/crypto/cpu-intel.c
+++ b/src/crypto/cpu-intel.c
@@ -54,10 +54,6 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
-#if !defined(__STDC_FORMAT_MACROS)
-#define __STDC_FORMAT_MACROS
-#endif
-
#include <openssl/cpu.h>
diff --git a/src/crypto/crypto.c b/src/crypto/crypto.c
index 783d7d9..f7ac255 100644
--- a/src/crypto/crypto.c
+++ b/src/crypto/crypto.c
@@ -82,7 +82,8 @@
#if defined(OPENSSL_STATIC_ARMCAP)
HIDDEN uint32_t OPENSSL_armcap_P =
-#if defined(OPENSSL_STATIC_ARMCAP_NEON) || defined(__ARM_NEON__)
+#if defined(OPENSSL_STATIC_ARMCAP_NEON) || \
+ (defined(__ARM_NEON__) || defined(__ARM_NEON))
ARMV7_NEON |
#endif
#if defined(OPENSSL_STATIC_ARMCAP_AES) || defined(__ARM_FEATURE_CRYPTO)
@@ -101,6 +102,10 @@
#else
HIDDEN uint32_t OPENSSL_armcap_P = 0;
+
+uint32_t *OPENSSL_get_armcap_pointer_for_test(void) {
+ return &OPENSSL_armcap_P;
+}
#endif
#endif
diff --git a/src/crypto/ec_extra/ec_asn1.c b/src/crypto/ec_extra/ec_asn1.c
index bde6d0b..6e21275 100644
--- a/src/crypto/ec_extra/ec_asn1.c
+++ b/src/crypto/ec_extra/ec_asn1.c
@@ -159,7 +159,7 @@
(point_conversion_form_t)(CBS_data(&public_key)[0] & ~0x01);
} else {
// Compute the public key instead.
- if (!ec_point_mul_scalar(group, ret->pub_key, &ret->priv_key->scalar, NULL,
+ if (!ec_point_mul_scalar(group, &ret->pub_key->raw, &ret->priv_key->scalar,
NULL, NULL)) {
goto err;
}
diff --git a/src/crypto/ecdh_extra/ecdh_extra.c b/src/crypto/ecdh_extra/ecdh_extra.c
index 7634ba5..1e08099 100644
--- a/src/crypto/ecdh_extra/ecdh_extra.c
+++ b/src/crypto/ecdh_extra/ecdh_extra.c
@@ -69,7 +69,6 @@
#include <limits.h>
#include <string.h>
-#include <openssl/bn.h>
#include <openssl/digest.h>
#include <openssl/err.h>
#include <openssl/mem.h>
@@ -78,85 +77,48 @@
#include "../internal.h"
-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+int ECDH_compute_key(void *out, size_t out_len, const EC_POINT *pub_key,
const EC_KEY *priv_key,
void *(*kdf)(const void *in, size_t inlen, void *out,
- size_t *outlen)) {
+ size_t *out_len)) {
if (priv_key->priv_key == NULL) {
OPENSSL_PUT_ERROR(ECDH, ECDH_R_NO_PRIVATE_VALUE);
return -1;
}
const EC_SCALAR *const priv = &priv_key->priv_key->scalar;
-
- BN_CTX *ctx = BN_CTX_new();
- if (ctx == NULL) {
+ const EC_GROUP *const group = EC_KEY_get0_group(priv_key);
+ if (EC_GROUP_cmp(group, pub_key->group, NULL) != 0) {
+ OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
return -1;
}
- BN_CTX_start(ctx);
- int ret = -1;
- size_t buflen = 0;
- uint8_t *buf = NULL;
-
- const EC_GROUP *const group = EC_KEY_get0_group(priv_key);
- EC_POINT *tmp = EC_POINT_new(group);
- if (tmp == NULL) {
- OPENSSL_PUT_ERROR(ECDH, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!ec_point_mul_scalar(group, tmp, NULL, pub_key, priv, ctx)) {
+ EC_RAW_POINT shared_point;
+ uint8_t buf[EC_MAX_BYTES];
+ size_t buf_len;
+ if (!ec_point_mul_scalar(group, &shared_point, NULL, &pub_key->raw, priv) ||
+ !ec_point_get_affine_coordinate_bytes(group, buf, NULL, &buf_len,
+ sizeof(buf), &shared_point)) {
OPENSSL_PUT_ERROR(ECDH, ECDH_R_POINT_ARITHMETIC_FAILURE);
- goto err;
- }
-
- BIGNUM *x = BN_CTX_get(ctx);
- if (!x) {
- OPENSSL_PUT_ERROR(ECDH, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, NULL, ctx)) {
- OPENSSL_PUT_ERROR(ECDH, ECDH_R_POINT_ARITHMETIC_FAILURE);
- goto err;
- }
-
- buflen = (EC_GROUP_get_degree(group) + 7) / 8;
- buf = OPENSSL_malloc(buflen);
- if (buf == NULL) {
- OPENSSL_PUT_ERROR(ECDH, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!BN_bn2bin_padded(buf, buflen, x)) {
- OPENSSL_PUT_ERROR(ECDH, ERR_R_INTERNAL_ERROR);
- goto err;
+ return -1;
}
if (kdf != NULL) {
- if (kdf(buf, buflen, out, &outlen) == NULL) {
+ if (kdf(buf, buf_len, out, &out_len) == NULL) {
OPENSSL_PUT_ERROR(ECDH, ECDH_R_KDF_FAILED);
- goto err;
+ return -1;
}
} else {
// no KDF, just copy as much as we can
- if (buflen < outlen) {
- outlen = buflen;
+ if (buf_len < out_len) {
+ out_len = buf_len;
}
- OPENSSL_memcpy(out, buf, outlen);
+ OPENSSL_memcpy(out, buf, out_len);
}
- if (outlen > INT_MAX) {
+ if (out_len > INT_MAX) {
OPENSSL_PUT_ERROR(ECDH, ERR_R_OVERFLOW);
- goto err;
+ return -1;
}
- ret = (int)outlen;
-
-err:
- OPENSSL_free(buf);
- EC_POINT_free(tmp);
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- return ret;
+ return (int)out_len;
}
diff --git a/src/crypto/ecdsa_extra/ecdsa_asn1.c b/src/crypto/ecdsa_extra/ecdsa_asn1.c
index fbf4cca..e6212cc 100644
--- a/src/crypto/ecdsa_extra/ecdsa_asn1.c
+++ b/src/crypto/ecdsa_extra/ecdsa_asn1.c
@@ -74,15 +74,7 @@
}
int ret = 0;
- ECDSA_SIG *s = NULL;
-
- if (eckey->ecdsa_meth && eckey->ecdsa_meth->sign) {
- OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_NOT_IMPLEMENTED);
- *sig_len = 0;
- goto err;
- }
-
- s = ECDSA_do_sign(digest, digest_len, eckey);
+ ECDSA_SIG *s = ECDSA_do_sign(digest, digest_len, eckey);
if (s == NULL) {
*sig_len = 0;
goto err;
diff --git a/src/crypto/err/err_data_generate.go b/src/crypto/err/err_data_generate.go
index 893ebff..da965df 100644
--- a/src/crypto/err/err_data_generate.go
+++ b/src/crypto/err/err_data_generate.go
@@ -275,9 +275,9 @@
`)
for i, name := range libraryNames {
- fmt.Fprintf(out, "OPENSSL_COMPILE_ASSERT(ERR_LIB_%s == %d, library_values_changed_%d);\n", name, i+1, i+1)
+ fmt.Fprintf(out, "OPENSSL_STATIC_ASSERT(ERR_LIB_%s == %d, \"library value changed\");\n", name, i+1)
}
- fmt.Fprintf(out, "OPENSSL_COMPILE_ASSERT(ERR_NUM_LIBS == %d, library_values_changed_num);\n", len(libraryNames)+1)
+ fmt.Fprintf(out, "OPENSSL_STATIC_ASSERT(ERR_NUM_LIBS == %d, \"number of libraries changed\");\n", len(libraryNames)+1)
out.WriteString("\n")
e.reasons.WriteTo(out, "Reason")
diff --git a/src/crypto/evp/scrypt.c b/src/crypto/evp/scrypt.c
index 53a4554..2feb650 100644
--- a/src/crypto/evp/scrypt.c
+++ b/src/crypto/evp/scrypt.c
@@ -30,7 +30,7 @@
// A block_t is a Salsa20 block.
typedef struct { uint32_t words[16]; } block_t;
-OPENSSL_COMPILE_ASSERT(sizeof(block_t) == 64, block_t_has_padding);
+OPENSSL_STATIC_ASSERT(sizeof(block_t) == 64, "block_t has padding");
#define R(a, b) (((a) << (b)) | ((a) >> (32 - (b))))
@@ -173,7 +173,7 @@
// Allocate and divide up the scratch space. |max_mem| fits in a size_t, which
// is no bigger than uint64_t, so none of these operations may overflow.
- OPENSSL_COMPILE_ASSERT(UINT64_MAX >= ((size_t)-1), size_t_exceeds_u64);
+ OPENSSL_STATIC_ASSERT(UINT64_MAX >= ((size_t)-1), "size_t exceeds uint64_t");
size_t B_blocks = p * 2 * r;
size_t B_bytes = B_blocks * sizeof(block_t);
size_t T_blocks = 2 * r;
diff --git a/src/crypto/fipsmodule/aes/asm/aesv8-armx.pl b/src/crypto/fipsmodule/aes/asm/aesv8-armx.pl
index 2fc616e..13f86a0 100644
--- a/src/crypto/fipsmodule/aes/asm/aesv8-armx.pl
+++ b/src/crypto/fipsmodule/aes/asm/aesv8-armx.pl
@@ -77,6 +77,9 @@
$flavour=~/64/? map("q$_",(0..6)) : map("q$_",(0..3,8..10));
+# On AArch64, put the data .rodata and use adrp + add for compatibility with
+# execute-only memory. On AArch32, put it in .text and use adr.
+$code.= ".section .rodata\n" if ($flavour =~ /64/);
$code.=<<___;
.align 5
.Lrcon:
@@ -84,6 +87,8 @@
.long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d // rotate-n-splat
.long 0x1b,0x1b,0x1b,0x1b
+.text
+
.globl ${prefix}_set_encrypt_key
.type ${prefix}_set_encrypt_key,%function
.align 5
@@ -108,7 +113,15 @@
tst $bits,#0x3f
b.ne .Lenc_key_abort
+___
+$code.=<<___ if ($flavour =~ /64/);
+ adrp $ptr,:pg_hi21:.Lrcon
+ add $ptr,$ptr,:lo12:.Lrcon
+___
+$code.=<<___ if ($flavour !~ /64/);
adr $ptr,.Lrcon
+___
+$code.=<<___;
cmp $bits,#192
veor $zero,$zero,$zero
diff --git a/src/crypto/fipsmodule/bn/asm/x86_64-mont5.pl b/src/crypto/fipsmodule/bn/asm/x86_64-mont5.pl
index e3dcdef..806e6f5 100755
--- a/src/crypto/fipsmodule/bn/asm/x86_64-mont5.pl
+++ b/src/crypto/fipsmodule/bn/asm/x86_64-mont5.pl
@@ -1068,7 +1068,7 @@
# void bn_power5(
my $rptr="%rdi"; # BN_ULONG *rptr,
my $aptr="%rsi"; # const BN_ULONG *aptr,
-my $bptr="%rdx"; # const void *table,
+my $bptr="%rdx"; # const BN_ULONG *table,
my $nptr="%rcx"; # const BN_ULONG *nptr,
my $n0 ="%r8"; # const BN_ULONG *n0);
my $num ="%r9"; # int num, has to be divisible by 8
@@ -2745,7 +2745,7 @@
# void bn_power5(
my $rptr="%rdi"; # BN_ULONG *rptr,
my $aptr="%rsi"; # const BN_ULONG *aptr,
-my $bptr="%rdx"; # const void *table,
+my $bptr="%rdx"; # const BN_ULONG *table,
my $nptr="%rcx"; # const BN_ULONG *nptr,
my $n0 ="%r8"; # const BN_ULONG *n0);
my $num ="%r9"; # int num, has to be divisible by 8
diff --git a/src/crypto/fipsmodule/bn/bn.c b/src/crypto/fipsmodule/bn/bn.c
index c020d96..51b828a 100644
--- a/src/crypto/fipsmodule/bn/bn.c
+++ b/src/crypto/fipsmodule/bn/bn.c
@@ -406,8 +406,8 @@
void bn_select_words(BN_ULONG *r, BN_ULONG mask, const BN_ULONG *a,
const BN_ULONG *b, size_t num) {
for (size_t i = 0; i < num; i++) {
- OPENSSL_COMPILE_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
- crypto_word_t_too_small);
+ OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
+ "crypto_word_t is too small");
r[i] = constant_time_select_w(mask, a[i], b[i]);
}
}
diff --git a/src/crypto/fipsmodule/bn/bn_test.cc b/src/crypto/fipsmodule/bn/bn_test.cc
index 29b4456..258d01b 100644
--- a/src/crypto/fipsmodule/bn/bn_test.cc
+++ b/src/crypto/fipsmodule/bn/bn_test.cc
@@ -67,16 +67,6 @@
* Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems
* Laboratories. */
-// Per C99, various stdint.h and inttypes.h macros (the latter used by bn.h) are
-// unavailable in C++ unless some macros are defined. C++11 overruled this
-// decision, but older Android NDKs still require it.
-#if !defined(__STDC_CONSTANT_MACROS)
-#define __STDC_CONSTANT_MACROS
-#endif
-#if !defined(__STDC_FORMAT_MACROS)
-#define __STDC_FORMAT_MACROS
-#endif
-
#include <assert.h>
#include <errno.h>
#include <limits.h>
diff --git a/src/crypto/fipsmodule/bn/cmp.c b/src/crypto/fipsmodule/bn/cmp.c
index 692adb5..fe478b6 100644
--- a/src/crypto/fipsmodule/bn/cmp.c
+++ b/src/crypto/fipsmodule/bn/cmp.c
@@ -65,8 +65,8 @@
static int bn_cmp_words_consttime(const BN_ULONG *a, size_t a_len,
const BN_ULONG *b, size_t b_len) {
- OPENSSL_COMPILE_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
- crypto_word_t_too_small);
+ OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
+ "crypto_word_t is too small");
int ret = 0;
// Process the common words in little-endian order.
size_t min = a_len < b_len ? a_len : b_len;
diff --git a/src/crypto/fipsmodule/bn/exponentiation.c b/src/crypto/fipsmodule/bn/exponentiation.c
index 41b2057..1b9680f 100644
--- a/src/crypto/fipsmodule/bn/exponentiation.c
+++ b/src/crypto/fipsmodule/bn/exponentiation.c
@@ -125,12 +125,13 @@
#include "rsaz_exp.h"
-void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap, const void *table,
- const BN_ULONG *np, const BN_ULONG *n0, int num,
- int power);
-void bn_scatter5(const BN_ULONG *inp, size_t num, void *table, size_t power);
-void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power);
-void bn_power5(BN_ULONG *rp, const BN_ULONG *ap, const void *table,
+void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
+ const BN_ULONG *table, const BN_ULONG *np,
+ const BN_ULONG *n0, int num, int power);
+void bn_scatter5(const BN_ULONG *inp, size_t num, BN_ULONG *table,
+ size_t power);
+void bn_gather5(BN_ULONG *out, size_t num, BN_ULONG *table, size_t power);
+void bn_power5(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *table,
const BN_ULONG *np, const BN_ULONG *n0, int num, int power);
int bn_from_montgomery(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *not_used, const BN_ULONG *np,
@@ -849,69 +850,25 @@
bn_mod_exp_mont_small(r, a, num, p_minus_two, num, mont);
}
-
-// |BN_mod_exp_mont_consttime| stores the precomputed powers in a specific
-// layout so that accessing any of these table values shows the same access
-// pattern as far as cache lines are concerned. The following functions are
-// used to transfer a BIGNUM from/to that table.
-
-static void copy_to_prebuf(const BIGNUM *b, int top, unsigned char *buf,
- int idx, int window) {
- int i, j;
- const int width = 1 << window;
- BN_ULONG *table = (BN_ULONG *) buf;
-
- if (top > b->width) {
- top = b->width; // this works because 'buf' is explicitly zeroed
- }
-
- for (i = 0, j = idx; i < top; i++, j += width) {
- table[j] = b->d[i];
- }
+static void copy_to_prebuf(const BIGNUM *b, int top, BN_ULONG *table, int idx,
+ int window) {
+ int ret = bn_copy_words(table + idx * top, top, b);
+ assert(ret); // |b| is guaranteed to fit.
+ (void)ret;
}
-static int copy_from_prebuf(BIGNUM *b, int top, unsigned char *buf, int idx,
+static int copy_from_prebuf(BIGNUM *b, int top, const BN_ULONG *table, int idx,
int window) {
- int i, j;
- const int width = 1 << window;
- volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
-
if (!bn_wexpand(b, top)) {
return 0;
}
- if (window <= 3) {
- for (i = 0; i < top; i++, table += width) {
- BN_ULONG acc = 0;
-
- for (j = 0; j < width; j++) {
- acc |= table[j] & ((BN_ULONG)0 - (constant_time_eq_int(j, idx) & 1));
- }
-
- b->d[i] = acc;
- }
- } else {
- int xstride = 1 << (window - 2);
- BN_ULONG y0, y1, y2, y3;
-
- i = idx >> (window - 2); // equivalent of idx / xstride
- idx &= xstride - 1; // equivalent of idx % xstride
-
- y0 = (BN_ULONG)0 - (constant_time_eq_int(i, 0) & 1);
- y1 = (BN_ULONG)0 - (constant_time_eq_int(i, 1) & 1);
- y2 = (BN_ULONG)0 - (constant_time_eq_int(i, 2) & 1);
- y3 = (BN_ULONG)0 - (constant_time_eq_int(i, 3) & 1);
-
- for (i = 0; i < top; i++, table += width) {
- BN_ULONG acc = 0;
-
- for (j = 0; j < xstride; j++) {
- acc |= ((table[j + 0 * xstride] & y0) | (table[j + 1 * xstride] & y1) |
- (table[j + 2 * xstride] & y2) | (table[j + 3 * xstride] & y3)) &
- ((BN_ULONG)0 - (constant_time_eq_int(j, idx) & 1));
- }
-
- b->d[i] = acc;
+ OPENSSL_memset(b->d, 0, sizeof(BN_ULONG) * top);
+ const int width = 1 << window;
+ for (int i = 0; i < width; i++, table += top) {
+ BN_ULONG mask = constant_time_eq_int(i, idx);
+ for (int j = 0; j < top; j++) {
+ b->d[j] |= table[j] & mask;
}
}
@@ -954,9 +911,8 @@
(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - \
(((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
-// This variant of BN_mod_exp_mont() uses fixed windows and the special
-// precomputation memory layout to limit data-dependency to a minimum
-// to protect secret exponents (cf. the hyper-threading timing attacks
+// This variant of |BN_mod_exp_mont| uses fixed windows and fixed memory access
+// patterns to protect secret exponents (cf. the hyper-threading timing attacks
// pointed out by Colin Percival,
// http://www.daemonology.net/hyperthreading-considered-harmful/)
int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
@@ -968,7 +924,7 @@
int numPowers;
unsigned char *powerbufFree = NULL;
int powerbufLen = 0;
- unsigned char *powerbuf = NULL;
+ BN_ULONG *powerbuf = NULL;
BIGNUM tmp, am;
if (!BN_is_odd(m)) {
@@ -1055,7 +1011,7 @@
#if defined(OPENSSL_BN_ASM_MONT5)
if ((size_t)powerbufLen <= sizeof(storage)) {
- powerbuf = (unsigned char *)storage;
+ powerbuf = storage;
}
// |storage| is more than large enough to handle 1024-bit inputs.
assert(powerbuf != NULL || top * BN_BITS2 > 1024);
@@ -1066,12 +1022,12 @@
if (powerbufFree == NULL) {
goto err;
}
- powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
+ powerbuf = (BN_ULONG *)MOD_EXP_CTIME_ALIGN(powerbufFree);
}
OPENSSL_memset(powerbuf, 0, powerbufLen);
// lay down tmp and am right after powers table
- tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0]) * top * numPowers);
+ tmp.d = powerbuf + top * numPowers;
am.d = tmp.d + top;
tmp.width = am.width = 0;
tmp.dmax = am.dmax = top;
diff --git a/src/crypto/fipsmodule/bn/montgomery.c b/src/crypto/fipsmodule/bn/montgomery.c
index 851c0a0..006d2b2 100644
--- a/src/crypto/fipsmodule/bn/montgomery.c
+++ b/src/crypto/fipsmodule/bn/montgomery.c
@@ -167,11 +167,6 @@
return to;
}
-OPENSSL_COMPILE_ASSERT(BN_MONT_CTX_N0_LIMBS == 1 || BN_MONT_CTX_N0_LIMBS == 2,
- BN_MONT_CTX_N0_LIMBS_VALUE_INVALID);
-OPENSSL_COMPILE_ASSERT(sizeof(BN_ULONG) * BN_MONT_CTX_N0_LIMBS ==
- sizeof(uint64_t), BN_MONT_CTX_set_64_bit_mismatch);
-
static int bn_mont_ctx_set_N_and_n0(BN_MONT_CTX *mont, const BIGNUM *mod) {
if (BN_is_zero(mod)) {
OPENSSL_PUT_ERROR(BN, BN_R_DIV_BY_ZERO);
@@ -202,6 +197,11 @@
// others, we could use a shorter R value and use faster |BN_ULONG|-based
// math instead of |uint64_t|-based math, which would be double-precision.
// However, currently only the assembler files know which is which.
+ OPENSSL_STATIC_ASSERT(BN_MONT_CTX_N0_LIMBS == 1 || BN_MONT_CTX_N0_LIMBS == 2,
+ "BN_MONT_CTX_N0_LIMBS value is invalid");
+ OPENSSL_STATIC_ASSERT(
+ sizeof(BN_ULONG) * BN_MONT_CTX_N0_LIMBS == sizeof(uint64_t),
+ "uint64_t is insufficient precision for n0");
uint64_t n0 = bn_mont_n0(&mont->N);
mont->n0[0] = (BN_ULONG)n0;
#if BN_MONT_CTX_N0_LIMBS == 2
diff --git a/src/crypto/fipsmodule/bn/montgomery_inv.c b/src/crypto/fipsmodule/bn/montgomery_inv.c
index 94d99e8..c80873f 100644
--- a/src/crypto/fipsmodule/bn/montgomery_inv.c
+++ b/src/crypto/fipsmodule/bn/montgomery_inv.c
@@ -22,11 +22,11 @@
static uint64_t bn_neg_inv_mod_r_u64(uint64_t n);
-OPENSSL_COMPILE_ASSERT(BN_MONT_CTX_N0_LIMBS == 1 || BN_MONT_CTX_N0_LIMBS == 2,
- BN_MONT_CTX_N0_LIMBS_VALUE_INVALID_2);
-OPENSSL_COMPILE_ASSERT(sizeof(uint64_t) ==
- BN_MONT_CTX_N0_LIMBS * sizeof(BN_ULONG),
- BN_MONT_CTX_N0_LIMBS_DOES_NOT_MATCH_UINT64_T);
+OPENSSL_STATIC_ASSERT(BN_MONT_CTX_N0_LIMBS == 1 || BN_MONT_CTX_N0_LIMBS == 2,
+ "BN_MONT_CTX_N0_LIMBS value is invalid");
+OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) * BN_MONT_CTX_N0_LIMBS ==
+ sizeof(uint64_t),
+ "uint64_t is insufficient precision for n0");
// LG_LITTLE_R is log_2(r).
#define LG_LITTLE_R (BN_MONT_CTX_N0_LIMBS * BN_BITS2)
diff --git a/src/crypto/fipsmodule/bn/mul.c b/src/crypto/fipsmodule/bn/mul.c
index a1582a2..640d8cd 100644
--- a/src/crypto/fipsmodule/bn/mul.c
+++ b/src/crypto/fipsmodule/bn/mul.c
@@ -409,8 +409,8 @@
BN_ULONG c_neg = c - bn_sub_words(&t[n2 * 2], t, &t[n2], n2);
BN_ULONG c_pos = c + bn_add_words(&t[n2], t, &t[n2], n2);
bn_select_words(&t[n2], neg, &t[n2 * 2], &t[n2], n2);
- OPENSSL_COMPILE_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
- crypto_word_t_too_small);
+ OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
+ "crypto_word_t is too small");
c = constant_time_select_w(neg, c_neg, c_pos);
// We now have our three components. Add them together.
@@ -523,8 +523,8 @@
BN_ULONG c_neg = c - bn_sub_words(&t[n2 * 2], t, &t[n2], n2);
BN_ULONG c_pos = c + bn_add_words(&t[n2], t, &t[n2], n2);
bn_select_words(&t[n2], neg, &t[n2 * 2], &t[n2], n2);
- OPENSSL_COMPILE_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
- crypto_word_t_too_small);
+ OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
+ "crypto_word_t is too small");
c = constant_time_select_w(neg, c_neg, c_pos);
// We now have our three components. Add them together.
diff --git a/src/crypto/fipsmodule/bn/random.c b/src/crypto/fipsmodule/bn/random.c
index e41a0ef..f6812f1 100644
--- a/src/crypto/fipsmodule/bn/random.c
+++ b/src/crypto/fipsmodule/bn/random.c
@@ -195,8 +195,8 @@
}
// |a| < |b| iff a[1..len-1] are all zero and a[0] < b.
- OPENSSL_COMPILE_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
- crypto_word_t_too_small);
+ OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
+ "crypto_word_t is too small");
crypto_word_t mask = 0;
for (size_t i = 1; i < len; i++) {
mask |= a[i];
diff --git a/src/crypto/fipsmodule/bn/rsaz_exp.c b/src/crypto/fipsmodule/bn/rsaz_exp.c
index 3f355b6..64dfff8 100644
--- a/src/crypto/fipsmodule/bn/rsaz_exp.c
+++ b/src/crypto/fipsmodule/bn/rsaz_exp.c
@@ -45,11 +45,13 @@
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16],
- const BN_ULONG base_norm[16], const BN_ULONG exponent[16],
- const BN_ULONG m_norm[16], const BN_ULONG RR[16], BN_ULONG k0,
- BN_ULONG storage_words[MOD_EXP_CTIME_STORAGE_LEN]) {
- OPENSSL_COMPILE_ASSERT(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH % 64 == 0,
- MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH_is_large_enough);
+ const BN_ULONG base_norm[16],
+ const BN_ULONG exponent[16],
+ const BN_ULONG m_norm[16], const BN_ULONG RR[16],
+ BN_ULONG k0,
+ BN_ULONG storage_words[MOD_EXP_CTIME_STORAGE_LEN]) {
+ OPENSSL_STATIC_ASSERT(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH % 64 == 0,
+ "MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH is too small");
unsigned char *storage = (unsigned char *)storage_words;
assert((uintptr_t)storage % 64 == 0);
diff --git a/src/crypto/fipsmodule/bn/shift.c b/src/crypto/fipsmodule/bn/shift.c
index ccf7141..523da67 100644
--- a/src/crypto/fipsmodule/bn/shift.c
+++ b/src/crypto/fipsmodule/bn/shift.c
@@ -296,15 +296,15 @@
}
static int bn_count_low_zero_bits_word(BN_ULONG l) {
- OPENSSL_COMPILE_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
- crypto_word_t_too_small);
- OPENSSL_COMPILE_ASSERT(sizeof(int) <= sizeof(crypto_word_t),
- crypto_word_t_too_small_2);
- OPENSSL_COMPILE_ASSERT(BN_BITS2 == sizeof(BN_ULONG) * 8,
- bn_ulong_has_padding_bits);
+ OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
+ "crypto_word_t is too small");
+ OPENSSL_STATIC_ASSERT(sizeof(int) <= sizeof(crypto_word_t),
+ "crypto_word_t is too small");
+ OPENSSL_STATIC_ASSERT(BN_BITS2 == sizeof(BN_ULONG) * 8,
+ "BN_ULONG has padding bits");
// C has very bizarre rules for types smaller than an int.
- OPENSSL_COMPILE_ASSERT(sizeof(BN_ULONG) >= sizeof(int),
- bn_ulong_is_promoted_to_int);
+ OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) >= sizeof(int),
+ "BN_ULONG gets promoted to int");
crypto_word_t mask;
int bits = 0;
@@ -342,10 +342,10 @@
}
int BN_count_low_zero_bits(const BIGNUM *bn) {
- OPENSSL_COMPILE_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
- crypto_word_t_too_small);
- OPENSSL_COMPILE_ASSERT(sizeof(int) <= sizeof(crypto_word_t),
- crypto_word_t_too_small_2);
+ OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
+ "crypto_word_t is too small");
+ OPENSSL_STATIC_ASSERT(sizeof(int) <= sizeof(crypto_word_t),
+ "crypto_word_t is too small");
int ret = 0;
crypto_word_t saw_nonzero = 0;
diff --git a/src/crypto/fipsmodule/cipher/e_aes.c b/src/crypto/fipsmodule/cipher/e_aes.c
index a24515a..068465b 100644
--- a/src/crypto/fipsmodule/cipher/e_aes.c
+++ b/src/crypto/fipsmodule/cipher/e_aes.c
@@ -906,13 +906,13 @@
return 1;
}
-OPENSSL_COMPILE_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
- sizeof(struct aead_aes_gcm_ctx),
- AEAD_state_too_small);
+OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
+ sizeof(struct aead_aes_gcm_ctx),
+ "AEAD state is too small");
#if defined(__GNUC__) || defined(__clang__)
- OPENSSL_COMPILE_ASSERT(
- alignof(union evp_aead_ctx_st_state) >= alignof(struct aead_aes_gcm_ctx),
- AEAD_state_insufficient_alignment);
+OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
+ alignof(struct aead_aes_gcm_ctx),
+ "AEAD state has insufficient alignment");
#endif
static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
@@ -1079,13 +1079,13 @@
uint64_t min_next_nonce;
};
-OPENSSL_COMPILE_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
- sizeof(struct aead_aes_gcm_tls12_ctx),
- AEAD_state_too_small_tls12);
+OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
+ sizeof(struct aead_aes_gcm_tls12_ctx),
+ "AEAD state is too small");
#if defined(__GNUC__) || defined(__clang__)
-OPENSSL_COMPILE_ASSERT(alignof(union evp_aead_ctx_st_state) >=
- alignof(struct aead_aes_gcm_tls12_ctx),
- AEAD_state_insufficient_alignment_tls12);
+OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
+ alignof(struct aead_aes_gcm_tls12_ctx),
+ "AEAD state has insufficient alignment");
#endif
static int aead_aes_gcm_tls12_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
@@ -1173,13 +1173,13 @@
uint8_t first;
};
-OPENSSL_COMPILE_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
- sizeof(struct aead_aes_gcm_tls13_ctx),
- AEAD_state_too_small_tls13);
+OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
+ sizeof(struct aead_aes_gcm_tls13_ctx),
+ "AEAD state is too small");
#if defined(__GNUC__) || defined(__clang__)
-OPENSSL_COMPILE_ASSERT(alignof(union evp_aead_ctx_st_state) >=
- alignof(struct aead_aes_gcm_tls13_ctx),
- AEAD_state_insufficient_alignment_tls13);
+OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
+ alignof(struct aead_aes_gcm_tls13_ctx),
+ "AEAD state has insufficient alignment");
#endif
static int aead_aes_gcm_tls13_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
diff --git a/src/crypto/fipsmodule/ec/ec.c b/src/crypto/fipsmodule/ec/ec.c
index ba101fe..bd0662a 100644
--- a/src/crypto/fipsmodule/ec/ec.c
+++ b/src/crypto/fipsmodule/ec/ec.c
@@ -316,7 +316,7 @@
EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx) {
- if (BN_num_bytes(p) > EC_MAX_SCALAR_BYTES) {
+ if (BN_num_bytes(p) > EC_MAX_BYTES) {
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_FIELD);
return NULL;
}
@@ -344,14 +344,13 @@
generator->group != group) {
// |EC_GROUP_set_generator| may only be used with |EC_GROUP|s returned by
// |EC_GROUP_new_curve_GFp| and may only used once on each group.
- // Additionally, |generator| must been created from
- // |EC_GROUP_new_curve_GFp|, not a copy, so that
- // |generator->group->generator| is set correctly.
+ // |generator| must have been created from |EC_GROUP_new_curve_GFp|, not a
+ // copy, so that |generator->group->generator| is set correctly.
OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
- if (BN_num_bytes(order) > EC_MAX_SCALAR_BYTES) {
+ if (BN_num_bytes(order) > EC_MAX_BYTES) {
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_GROUP_ORDER);
return 0;
}
@@ -367,25 +366,23 @@
// Note any curve which did not satisfy this must have been invalid or use a
// tiny prime (less than 17). See the proof in |field_element_to_scalar| in
// the ECDSA implementation.
+ int ret = 0;
+ EC_POINT *copy = NULL;
BIGNUM *tmp = BN_new();
if (tmp == NULL ||
!BN_lshift1(tmp, order)) {
- BN_free(tmp);
- return 0;
+ goto err;
}
- int ok = BN_cmp(tmp, &group->field) > 0;
- BN_free(tmp);
- if (!ok) {
+ if (BN_cmp(tmp, &group->field) <= 0) {
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_GROUP_ORDER);
- return 0;
+ goto err;
}
- EC_POINT *copy = EC_POINT_new(group);
+ copy = EC_POINT_new(group);
if (copy == NULL ||
!EC_POINT_copy(copy, generator) ||
!BN_copy(&group->order, order)) {
- EC_POINT_free(copy);
- return 0;
+ goto err;
}
// Store the order in minimal form, so it can be used with |BN_ULONG| arrays.
bn_set_minimal_width(&group->order);
@@ -393,11 +390,26 @@
BN_MONT_CTX_free(group->order_mont);
group->order_mont = BN_MONT_CTX_new_for_modulus(&group->order, NULL);
if (group->order_mont == NULL) {
- return 0;
+ goto err;
+ }
+
+ group->field_greater_than_order = BN_cmp(&group->field, &group->order) > 0;
+ if (group->field_greater_than_order) {
+ if (!BN_sub(tmp, &group->field, &group->order) ||
+ !bn_copy_words(group->field_minus_order.words, group->field.width,
+ tmp)) {
+ goto err;
+ }
}
ec_group_set0_generator(group, copy);
- return 1;
+ copy = NULL;
+ ret = 1;
+
+err:
+ EC_POINT_free(copy);
+ BN_free(tmp);
+ return ret;
}
static EC_GROUP *ec_group_new_from_data(const struct built_in_curve *curve) {
@@ -449,6 +461,14 @@
goto err;
}
+ group->field_greater_than_order = BN_cmp(&group->field, &group->order) > 0;
+ if (group->field_greater_than_order) {
+ if (!BN_sub(p, &group->field, &group->order) ||
+ !bn_copy_words(group->field_minus_order.words, group->field.width, p)) {
+ goto err;
+ }
+ }
+
group->order_mont = BN_MONT_CTX_new_for_modulus(&group->order, ctx);
if (group->order_mont == NULL) {
OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB);
@@ -845,6 +865,12 @@
return 0;
}
+ if (EC_GROUP_cmp(group, r->group, NULL) != 0 ||
+ (p != NULL && EC_GROUP_cmp(group, p->group, NULL) != 0)) {
+ OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+
int ret = 0;
EC_SCALAR g_scalar_storage, p_scalar_storage;
EC_SCALAR *g_scalar_arg = NULL, *p_scalar_arg = NULL;
@@ -871,7 +897,8 @@
p_scalar_arg = &p_scalar_storage;
}
- ret = ec_point_mul_scalar(group, r, g_scalar_arg, p, p_scalar_arg, ctx);
+ ret = ec_point_mul_scalar(group, &r->raw, g_scalar_arg,
+ p == NULL ? NULL : &p->raw, p_scalar_arg);
err:
BN_CTX_free(new_ctx);
@@ -880,51 +907,47 @@
return ret;
}
-int ec_point_mul_scalar_public(const EC_GROUP *group, EC_POINT *r,
- const EC_SCALAR *g_scalar, const EC_POINT *p,
- const EC_SCALAR *p_scalar, BN_CTX *ctx) {
+int ec_point_mul_scalar_public(const EC_GROUP *group, EC_RAW_POINT *r,
+ const EC_SCALAR *g_scalar, const EC_RAW_POINT *p,
+ const EC_SCALAR *p_scalar) {
if ((g_scalar == NULL && p_scalar == NULL) ||
- (p == NULL) != (p_scalar == NULL)) {
+ (p == NULL) != (p_scalar == NULL)) {
OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- if (EC_GROUP_cmp(group, r->group, NULL) != 0 ||
- (p != NULL && EC_GROUP_cmp(group, p->group, NULL) != 0)) {
- OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
-
- group->meth->mul_public(group, &r->raw, g_scalar, &p->raw, p_scalar);
+ group->meth->mul_public(group, r, g_scalar, p, p_scalar);
return 1;
}
-int ec_point_mul_scalar(const EC_GROUP *group, EC_POINT *r,
- const EC_SCALAR *g_scalar, const EC_POINT *p,
- const EC_SCALAR *p_scalar, BN_CTX *ctx) {
+int ec_point_mul_scalar(const EC_GROUP *group, EC_RAW_POINT *r,
+ const EC_SCALAR *g_scalar, const EC_RAW_POINT *p,
+ const EC_SCALAR *p_scalar) {
if ((g_scalar == NULL && p_scalar == NULL) ||
- (p == NULL) != (p_scalar == NULL)) {
+ (p == NULL) != (p_scalar == NULL)) {
OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- if (EC_GROUP_cmp(group, r->group, NULL) != 0 ||
- (p != NULL && EC_GROUP_cmp(group, p->group, NULL) != 0)) {
- OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
-
- group->meth->mul(group, &r->raw, g_scalar, (p == NULL) ? NULL : &p->raw,
- p_scalar);
+ group->meth->mul(group, r, g_scalar, p, p_scalar);
return 1;
}
-int ec_cmp_x_coordinate(int *out_result, const EC_GROUP *group,
- const EC_POINT *p, const BIGNUM *r, BN_CTX *ctx) {
- return group->meth->cmp_x_coordinate(out_result, group, p, r, ctx);
+int ec_cmp_x_coordinate(const EC_GROUP *group, const EC_RAW_POINT *p,
+ const EC_SCALAR *r) {
+ return group->meth->cmp_x_coordinate(group, p, r);
}
-int ec_field_element_to_scalar(const EC_GROUP *group, BIGNUM *r) {
+int ec_get_x_coordinate_as_scalar(const EC_GROUP *group, EC_SCALAR *out,
+ const EC_RAW_POINT *p) {
+ EC_FELEM x;
+ // For simplicity, in case of width mismatches between |group->field| and
+ // |group->order|, zero any untouched words in |x|.
+ OPENSSL_memset(&x, 0, sizeof(x));
+ if (!group->meth->point_get_affine_coordinates(group, p, &x, NULL)) {
+ return 0;
+ }
+
// We must have p < 2×order, assuming p is not tiny (p >= 17). Thus rather we
// can reduce by performing at most one subtraction.
//
@@ -940,19 +963,44 @@
//
// Additionally, one can manually check this property for built-in curves. It
// is enforced for legacy custom curves in |EC_GROUP_set_generator|.
- //
- // TODO(davidben): Introduce |EC_FIELD_ELEMENT|, make this a function from
- // |EC_FIELD_ELEMENT| to |EC_SCALAR|, and cut out the |BIGNUM|. Does this need
- // to be constant-time for signing? |r| is the x-coordinate for kG, which is
- // public unless k was rerolled because |s| was zero.
- assert(!BN_is_negative(r));
- assert(BN_cmp(r, &group->field) < 0);
- if (BN_cmp(r, &group->order) >= 0 &&
- !BN_sub(r, r, &group->order)) {
+
+ // The above does not guarantee |group->field| is not one word larger than
+ // |group->order|, so read one extra carry word.
+ BN_ULONG carry =
+ group->order.width < EC_MAX_WORDS ? x.words[group->order.width] : 0;
+ bn_reduce_once(out->words, x.words, carry, group->order.d,
+ group->order.width);
+ return 1;
+}
+
+int ec_point_get_affine_coordinate_bytes(const EC_GROUP *group, uint8_t *out_x,
+ uint8_t *out_y, size_t *out_len,
+ size_t max_out,
+ const EC_RAW_POINT *p) {
+ size_t len = BN_num_bytes(&group->field);
+ assert(len <= EC_MAX_BYTES);
+ if (max_out < len) {
+ OPENSSL_PUT_ERROR(EC, EC_R_BUFFER_TOO_SMALL);
return 0;
}
- assert(!BN_is_negative(r));
- assert(BN_cmp(r, &group->order) < 0);
+
+ EC_FELEM x, y;
+ if (!group->meth->point_get_affine_coordinates(
+ group, p, out_x == NULL ? NULL : &x, out_y == NULL ? NULL : &y)) {
+ return 0;
+ }
+
+ if (out_x != NULL) {
+ for (size_t i = 0; i < len; i++) {
+ out_x[i] = x.bytes[len - i - 1];
+ }
+ }
+ if (out_y != NULL) {
+ for (size_t i = 0; i < len; i++) {
+ out_y[i] = y.bytes[len - i - 1];
+ }
+ }
+ *out_len = len;
return 1;
}
diff --git a/src/crypto/fipsmodule/ec/ec_key.c b/src/crypto/fipsmodule/ec/ec_key.c
index a6d4697..632dc9b 100644
--- a/src/crypto/fipsmodule/ec/ec_key.c
+++ b/src/crypto/fipsmodule/ec/ec_key.c
@@ -322,8 +322,8 @@
if (eckey->priv_key != NULL) {
point = EC_POINT_new(eckey->group);
if (point == NULL ||
- !ec_point_mul_scalar(eckey->group, point, &eckey->priv_key->scalar,
- NULL, NULL, ctx)) {
+ !ec_point_mul_scalar(eckey->group, &point->raw,
+ &eckey->priv_key->scalar, NULL, NULL)) {
OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
goto err;
}
@@ -413,7 +413,7 @@
// Generate the private key by testing candidates (FIPS 186-4 B.4.2).
!ec_random_nonzero_scalar(key->group, &priv_key->scalar,
kDefaultAdditionalData) ||
- !ec_point_mul_scalar(key->group, pub_key, &priv_key->scalar, NULL, NULL,
+ !ec_point_mul_scalar(key->group, &pub_key->raw, &priv_key->scalar, NULL,
NULL)) {
EC_POINT_free(pub_key);
ec_wrapped_scalar_free(priv_key);
diff --git a/src/crypto/fipsmodule/ec/ec_montgomery.c b/src/crypto/fipsmodule/ec/ec_montgomery.c
index 4961a7c..caa1966 100644
--- a/src/crypto/fipsmodule/ec/ec_montgomery.c
+++ b/src/crypto/fipsmodule/ec/ec_montgomery.c
@@ -417,6 +417,51 @@
}
}
+static int ec_GFp_mont_cmp_x_coordinate(const EC_GROUP *group,
+ const EC_RAW_POINT *p,
+ const EC_SCALAR *r) {
+ if (!group->field_greater_than_order ||
+ group->field.width != group->order.width) {
+ // Do not bother optimizing this case. p > order in all commonly-used
+ // curves.
+ return ec_GFp_simple_cmp_x_coordinate(group, p, r);
+ }
+
+ if (ec_GFp_simple_is_at_infinity(group, p)) {
+ return 0;
+ }
+
+ // We wish to compare X/Z^2 with r. This is equivalent to comparing X with
+ // r*Z^2. Note that X and Z are represented in Montgomery form, while r is
+ // not.
+ EC_FELEM r_Z2, Z2_mont, X;
+ ec_GFp_mont_felem_mul(group, &Z2_mont, &p->Z, &p->Z);
+ // r < order < p, so this is valid.
+ OPENSSL_memcpy(r_Z2.words, r->words, group->field.width * sizeof(BN_ULONG));
+ ec_GFp_mont_felem_mul(group, &r_Z2, &r_Z2, &Z2_mont);
+ ec_GFp_mont_felem_from_montgomery(group, &X, &p->X);
+
+ if (ec_felem_equal(group, &r_Z2, &X)) {
+ return 1;
+ }
+
+ // During signing the x coefficient is reduced modulo the group order.
+ // Therefore there is a small possibility, less than 1/2^128, that group_order
+ // < p.x < P. in that case we need not only to compare against |r| but also to
+ // compare against r+group_order.
+ if (bn_less_than_words(r->words, group->field_minus_order.words,
+ group->field.width)) {
+ // We can ignore the carry because: r + group_order < p < 2^256.
+ bn_add_words(r_Z2.words, r->words, group->order.d, group->field.width);
+ ec_GFp_mont_felem_mul(group, &r_Z2, &r_Z2, &Z2_mont);
+ if (ec_felem_equal(group, &r_Z2, &X)) {
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_mont_method) {
out->group_init = ec_GFp_mont_group_init;
out->group_finish = ec_GFp_mont_group_finish;
@@ -432,5 +477,5 @@
out->felem_to_bignum = ec_GFp_mont_felem_to_bignum;
out->scalar_inv_montgomery = ec_simple_scalar_inv_montgomery;
out->scalar_inv_montgomery_vartime = ec_GFp_simple_mont_inv_mod_ord_vartime;
- out->cmp_x_coordinate = ec_GFp_simple_cmp_x_coordinate;
+ out->cmp_x_coordinate = ec_GFp_mont_cmp_x_coordinate;
}
diff --git a/src/crypto/fipsmodule/ec/ec_test.cc b/src/crypto/fipsmodule/ec/ec_test.cc
index d2cd5f5..97c6d45 100644
--- a/src/crypto/fipsmodule/ec/ec_test.cc
+++ b/src/crypto/fipsmodule/ec/ec_test.cc
@@ -727,7 +727,7 @@
EC_SCALAR one;
ASSERT_TRUE(ec_bignum_to_scalar(group(), &one, BN_value_one()));
ASSERT_TRUE(
- ec_point_mul_scalar_public(group(), p.get(), &one, g, &one, nullptr));
+ ec_point_mul_scalar_public(group(), &p->raw, &one, &g->raw, &one));
EXPECT_EQ(0, EC_POINT_cmp(group(), p.get(), two_g.get(), nullptr));
}
@@ -754,6 +754,17 @@
EXPECT_EQ(0, EC_POINT_cmp(group(), ret.get(), g, nullptr));
}
+TEST_P(ECCurveTest, GPlusMinusG) {
+ const EC_POINT *g = EC_GROUP_get0_generator(group());
+ bssl::UniquePtr<EC_POINT> p(EC_POINT_dup(g, group()));
+ ASSERT_TRUE(p);
+ ASSERT_TRUE(EC_POINT_invert(group(), p.get(), nullptr));
+ bssl::UniquePtr<EC_POINT> sum(EC_POINT_new(group()));
+
+ ASSERT_TRUE(EC_POINT_add(group(), sum.get(), g, p.get(), nullptr));
+ EXPECT_TRUE(EC_POINT_is_at_infinity(group(), sum.get()));
+}
+
static std::vector<EC_builtin_curve> AllCurves() {
const size_t num_curves = EC_get_builtin_curves(nullptr, 0);
std::vector<EC_builtin_curve> curves(num_curves);
@@ -872,8 +883,8 @@
EC_SCALAR a_scalar, b_scalar;
ASSERT_TRUE(ec_bignum_to_scalar(group.get(), &a_scalar, a.get()));
ASSERT_TRUE(ec_bignum_to_scalar(group.get(), &b_scalar, b.get()));
- ASSERT_TRUE(ec_point_mul_scalar_public(group.get(), p.get(), &a_scalar, g,
- &b_scalar, ctx.get()));
+ ASSERT_TRUE(ec_point_mul_scalar_public(group.get(), &p->raw, &a_scalar, &g->raw,
+ &b_scalar));
check_point(p.get());
}
#endif
diff --git a/src/crypto/fipsmodule/ec/internal.h b/src/crypto/fipsmodule/ec/internal.h
index 4afaef9..05175a5 100644
--- a/src/crypto/fipsmodule/ec/internal.h
+++ b/src/crypto/fipsmodule/ec/internal.h
@@ -85,19 +85,19 @@
// Cap the size of all field elements and scalars, including custom curves, to
// 66 bytes, large enough to fit secp521r1 and brainpoolP512r1, which appear to
// be the largest fields anyone plausibly uses.
-#define EC_MAX_SCALAR_BYTES 66
-#define EC_MAX_SCALAR_WORDS ((66 + BN_BYTES - 1) / BN_BYTES)
+#define EC_MAX_BYTES 66
+#define EC_MAX_WORDS ((EC_MAX_BYTES + BN_BYTES - 1) / BN_BYTES)
-OPENSSL_COMPILE_ASSERT(EC_MAX_SCALAR_WORDS <= BN_SMALL_MAX_WORDS,
- bn_small_functions_applicable);
+OPENSSL_STATIC_ASSERT(EC_MAX_WORDS <= BN_SMALL_MAX_WORDS,
+ "bn_*_small functions not usable");
// An EC_SCALAR is an integer fully reduced modulo the order. Only the first
// |order->width| words are used. An |EC_SCALAR| is specific to an |EC_GROUP|
// and must not be mixed between groups.
typedef union {
// bytes is the representation of the scalar in little-endian order.
- uint8_t bytes[EC_MAX_SCALAR_BYTES];
- BN_ULONG words[EC_MAX_SCALAR_WORDS];
+ uint8_t bytes[EC_MAX_BYTES];
+ BN_ULONG words[EC_MAX_WORDS];
} EC_SCALAR;
// An EC_FELEM represents a field element. Only the first |field->width| words
@@ -106,8 +106,8 @@
// represented in Montgomery-form) may vary between |EC_METHOD|s.
typedef union {
// bytes is the representation of the field element in little-endian order.
- uint8_t bytes[EC_MAX_SCALAR_BYTES];
- BN_ULONG words[EC_MAX_SCALAR_WORDS];
+ uint8_t bytes[EC_MAX_BYTES];
+ BN_ULONG words[EC_MAX_WORDS];
} EC_FELEM;
// An EC_RAW_POINT represents an elliptic curve point. Unlike |EC_POINT|, it is
@@ -186,10 +186,10 @@
const EC_SCALAR *in);
// cmp_x_coordinate compares the x (affine) coordinate of |p|, mod the group
- // order, with |r|. On error it returns zero. Otherwise it sets |*out_result|
- // to one iff the values match.
- int (*cmp_x_coordinate)(int *out_result, const EC_GROUP *group,
- const EC_POINT *p, const BIGNUM *r, BN_CTX *ctx);
+ // order, with |r|. It returns one if the values match and zero if |p| is the
+ // point at infinity of the values do not match.
+ int (*cmp_x_coordinate)(const EC_GROUP *group, const EC_RAW_POINT *p,
+ const EC_SCALAR *r);
} /* EC_METHOD */;
const EC_METHOD *EC_GFp_mont_method(void);
@@ -213,7 +213,20 @@
EC_FELEM a, b; // Curve coefficients.
- int a_is_minus3; // enable optimized point arithmetics for special case
+ // a_is_minus3 is one if |a| is -3 mod |field| and zero otherwise. Point
+ // arithmetic is optimized for -3.
+ int a_is_minus3;
+
+ // field_greater_than_order is one if |field| is greate than |order| and zero
+ // otherwise.
+ int field_greater_than_order;
+
+ // field_minus_order, if |field_greater_than_order| is true, is |field| minus
+ // |order| represented as an |EC_FELEM|. Otherwise, it is zero.
+ //
+ // Note: unlike |EC_FELEM|s used as intermediate values internal to the
+ // |EC_METHOD|, this value is not encoded in Montgomery form.
+ EC_FELEM field_minus_order;
CRYPTO_refcount_t references;
@@ -226,6 +239,10 @@
// group is an owning reference to |group|, unless this is
// |group->generator|.
EC_GROUP *group;
+ // raw is the group-specific point data. Functions that take |EC_POINT|
+ // typically check consistency with |EC_GROUP| while functions that take
+ // |EC_RAW_POINT| do not. Thus accesses to this field should be externally
+ // checked for consistency.
EC_RAW_POINT raw;
} /* EC_POINT */;
@@ -273,6 +290,14 @@
int ec_random_nonzero_scalar(const EC_GROUP *group, EC_SCALAR *out,
const uint8_t additional_data[32]);
+// ec_scalar_equal_vartime returns one if |a| and |b| are equal and zero
+// otherwise. Both values are treated as public.
+int ec_scalar_equal_vartime(const EC_GROUP *group, const EC_SCALAR *a,
+ const EC_SCALAR *b);
+
+// ec_scalar_is_zero returns one if |a| is zero and zero otherwise.
+int ec_scalar_is_zero(const EC_GROUP *group, const EC_SCALAR *a);
+
// ec_scalar_add sets |r| to |a| + |b|.
void ec_scalar_add(const EC_GROUP *group, EC_SCALAR *r, const EC_SCALAR *a,
const EC_SCALAR *b);
@@ -304,22 +329,41 @@
// |p_scalar|. Unlike other functions which take |EC_SCALAR|, |g_scalar| and
// |p_scalar| need not be fully reduced. They need only contain as many bits as
// the order.
-int ec_point_mul_scalar(const EC_GROUP *group, EC_POINT *r,
- const EC_SCALAR *g_scalar, const EC_POINT *p,
- const EC_SCALAR *p_scalar, BN_CTX *ctx);
+int ec_point_mul_scalar(const EC_GROUP *group, EC_RAW_POINT *r,
+ const EC_SCALAR *g_scalar, const EC_RAW_POINT *p,
+ const EC_SCALAR *p_scalar);
// ec_point_mul_scalar_public performs the same computation as
// ec_point_mul_scalar. It further assumes that the inputs are public so
// there is no concern about leaking their values through timing.
-OPENSSL_EXPORT int ec_point_mul_scalar_public(
- const EC_GROUP *group, EC_POINT *r, const EC_SCALAR *g_scalar,
- const EC_POINT *p, const EC_SCALAR *p_scalar, BN_CTX *ctx);
+OPENSSL_EXPORT int ec_point_mul_scalar_public(const EC_GROUP *group,
+ EC_RAW_POINT *r,
+ const EC_SCALAR *g_scalar,
+ const EC_RAW_POINT *p,
+ const EC_SCALAR *p_scalar);
-// ec_cmp_x_coordinate compares the x (affine) coordinate of |p| with |r|. It
-// returns zero on error. Otherwise it sets |*out_result| to one iff the values
-// match.
-int ec_cmp_x_coordinate(int *out_result, const EC_GROUP *group,
- const EC_POINT *p, const BIGNUM *r, BN_CTX *ctx);
+// ec_cmp_x_coordinate compares the x (affine) coordinate of |p|, mod the group
+// order, with |r|. It returns one if the values match and zero if |p| is the
+// point at infinity of the values do not match.
+int ec_cmp_x_coordinate(const EC_GROUP *group, const EC_RAW_POINT *p,
+ const EC_SCALAR *r);
+
+// ec_get_x_coordinate_as_scalar sets |*out| to |p|'s x-coordinate, modulo
+// |group->order|. It returns one on success and zero if |p| is the point at
+// infinity.
+int ec_get_x_coordinate_as_scalar(const EC_GROUP *group, EC_SCALAR *out,
+ const EC_RAW_POINT *p);
+
+// ec_point_get_affine_coordinate_bytes writes |p|'s affine coordinates to
+// |out_x| and |out_y|, each of which must have at must |max_out| bytes. It sets
+// |*out_len| to the number of bytes written in each buffer. Coordinates are
+// written big-endian and zero-padded to the size of the field.
+//
+// Either of |out_x| or |out_y| may be NULL to omit that coordinate. This
+// function returns one on success and zero on failure.
+int ec_point_get_affine_coordinate_bytes(const EC_GROUP *group, uint8_t *out_x,
+ uint8_t *out_y, size_t *out_len,
+ size_t max_out, const EC_RAW_POINT *p);
// ec_field_element_to_scalar reduces |r| modulo |group->order|. |r| must
// previously have been reduced modulo |group->field|.
@@ -371,12 +415,8 @@
int ec_GFp_simple_mont_inv_mod_ord_vartime(const EC_GROUP *group, EC_SCALAR *r,
const EC_SCALAR *a);
-// ec_GFp_simple_cmp_x_coordinate compares the x (affine) coordinate of |p|, mod
-// the group order, with |r|. It returns zero on error. Otherwise it sets
-// |*out_result| to one iff the values match.
-int ec_GFp_simple_cmp_x_coordinate(int *out_result, const EC_GROUP *group,
- const EC_POINT *p, const BIGNUM *r,
- BN_CTX *ctx);
+int ec_GFp_simple_cmp_x_coordinate(const EC_GROUP *group, const EC_RAW_POINT *p,
+ const EC_SCALAR *r);
// method functions in montgomery.c
int ec_GFp_mont_group_init(EC_GROUP *);
diff --git a/src/crypto/fipsmodule/ec/oct.c b/src/crypto/fipsmodule/ec/oct.c
index 19e17a7..04b1f2c 100644
--- a/src/crypto/fipsmodule/ec/oct.c
+++ b/src/crypto/fipsmodule/ec/oct.c
@@ -74,22 +74,18 @@
static size_t ec_GFp_simple_point2oct(const EC_GROUP *group,
- const EC_POINT *point,
+ const EC_RAW_POINT *point,
point_conversion_form_t form,
- uint8_t *buf, size_t len, BN_CTX *ctx) {
- size_t ret = 0;
- BN_CTX *new_ctx = NULL;
- int used_ctx = 0;
-
- if ((form != POINT_CONVERSION_COMPRESSED) &&
- (form != POINT_CONVERSION_UNCOMPRESSED)) {
+ uint8_t *buf, size_t len) {
+ if (form != POINT_CONVERSION_COMPRESSED &&
+ form != POINT_CONVERSION_UNCOMPRESSED) {
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_FORM);
- goto err;
+ return 0;
}
- if (EC_POINT_is_at_infinity(group, point)) {
+ if (ec_GFp_simple_is_at_infinity(group, point)) {
OPENSSL_PUT_ERROR(EC, EC_R_POINT_AT_INFINITY);
- goto err;
+ return 0;
}
const size_t field_len = BN_num_bytes(&group->field);
@@ -103,64 +99,31 @@
if (buf != NULL) {
if (len < output_len) {
OPENSSL_PUT_ERROR(EC, EC_R_BUFFER_TOO_SMALL);
- goto err;
+ return 0;
}
- if (ctx == NULL) {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL) {
- goto err;
- }
+ uint8_t y_buf[EC_MAX_BYTES];
+ size_t field_len_out;
+ if (!ec_point_get_affine_coordinate_bytes(
+ group, buf + 1 /* x */,
+ form == POINT_CONVERSION_COMPRESSED ? y_buf : buf + 1 + field_len,
+ &field_len_out, field_len, point)) {
+ return 0;
}
- BN_CTX_start(ctx);
- used_ctx = 1;
- BIGNUM *x = BN_CTX_get(ctx);
- BIGNUM *y = BN_CTX_get(ctx);
- if (y == NULL) {
- goto err;
+ if (field_len_out != field_len) {
+ OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
+ return 0;
}
- if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) {
- goto err;
- }
-
- if ((form == POINT_CONVERSION_COMPRESSED) &&
- BN_is_odd(y)) {
- buf[0] = form + 1;
+ if (form == POINT_CONVERSION_COMPRESSED) {
+ buf[0] = form + (y_buf[field_len - 1] & 1);
} else {
buf[0] = form;
}
- size_t i = 1;
-
- if (!BN_bn2bin_padded(buf + i, field_len, x)) {
- OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- i += field_len;
-
- if (form == POINT_CONVERSION_UNCOMPRESSED) {
- if (!BN_bn2bin_padded(buf + i, field_len, y)) {
- OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- i += field_len;
- }
-
- if (i != output_len) {
- OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
- goto err;
- }
}
- ret = output_len;
-
-err:
- if (used_ctx) {
- BN_CTX_end(ctx);
- }
- BN_CTX_free(new_ctx);
- return ret;
+ return output_len;
}
static int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
@@ -263,7 +226,7 @@
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
- return ec_GFp_simple_point2oct(group, point, form, buf, len, ctx);
+ return ec_GFp_simple_point2oct(group, &point->raw, form, buf, len);
}
int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
diff --git a/src/crypto/fipsmodule/ec/p224-64.c b/src/crypto/fipsmodule/ec/p224-64.c
index 49d5328..dd3098f 100644
--- a/src/crypto/fipsmodule/ec/p224-64.c
+++ b/src/crypto/fipsmodule/ec/p224-64.c
@@ -207,8 +207,56 @@
p224_bin28_to_felem(out, in->bytes);
}
+// Requires 0 <= in < 2*p (always call p224_felem_reduce first)
static void p224_felem_to_generic(EC_FELEM *out, const p224_felem in) {
- p224_felem_to_bin28(out->bytes, in);
+ // Reduce to unique minimal representation.
+ static const int64_t two56 = ((p224_limb)1) << 56;
+ // 0 <= in < 2*p, p = 2^224 - 2^96 + 1
+ // if in > p , reduce in = in - 2^224 + 2^96 - 1
+ int64_t tmp[4], a;
+ tmp[0] = in[0];
+ tmp[1] = in[1];
+ tmp[2] = in[2];
+ tmp[3] = in[3];
+ // Case 1: a = 1 iff in >= 2^224
+ a = (in[3] >> 56);
+ tmp[0] -= a;
+ tmp[1] += a << 40;
+ tmp[3] &= 0x00ffffffffffffff;
+ // Case 2: a = 0 iff p <= in < 2^224, i.e., the high 128 bits are all 1 and
+ // the lower part is non-zero
+ a = ((in[3] & in[2] & (in[1] | 0x000000ffffffffff)) + 1) |
+ (((int64_t)(in[0] + (in[1] & 0x000000ffffffffff)) - 1) >> 63);
+ a &= 0x00ffffffffffffff;
+ // turn a into an all-one mask (if a = 0) or an all-zero mask
+ a = (a - 1) >> 63;
+ // subtract 2^224 - 2^96 + 1 if a is all-one
+ tmp[3] &= a ^ 0xffffffffffffffff;
+ tmp[2] &= a ^ 0xffffffffffffffff;
+ tmp[1] &= (a ^ 0xffffffffffffffff) | 0x000000ffffffffff;
+ tmp[0] -= 1 & a;
+
+ // eliminate negative coefficients: if tmp[0] is negative, tmp[1] must
+ // be non-zero, so we only need one step
+ a = tmp[0] >> 63;
+ tmp[0] += two56 & a;
+ tmp[1] -= 1 & a;
+
+ // carry 1 -> 2 -> 3
+ tmp[2] += tmp[1] >> 56;
+ tmp[1] &= 0x00ffffffffffffff;
+
+ tmp[3] += tmp[2] >> 56;
+ tmp[2] &= 0x00ffffffffffffff;
+
+ // Now 0 <= tmp < p
+ p224_felem tmp2;
+ tmp2[0] = tmp[0];
+ tmp2[1] = tmp[1];
+ tmp2[2] = tmp[2];
+ tmp2[3] = tmp[3];
+
+ p224_felem_to_bin28(out->bytes, tmp2);
// 224 is not a multiple of 64, so zero the remaining bytes.
OPENSSL_memset(out->bytes + 28, 0, 32 - 28);
}
@@ -424,55 +472,6 @@
out[3] = output[3];
}
-// Reduce to unique minimal representation.
-// Requires 0 <= in < 2*p (always call p224_felem_reduce first)
-static void p224_felem_contract(p224_felem out, const p224_felem in) {
- static const int64_t two56 = ((p224_limb)1) << 56;
- // 0 <= in < 2*p, p = 2^224 - 2^96 + 1
- // if in > p , reduce in = in - 2^224 + 2^96 - 1
- int64_t tmp[4], a;
- tmp[0] = in[0];
- tmp[1] = in[1];
- tmp[2] = in[2];
- tmp[3] = in[3];
- // Case 1: a = 1 iff in >= 2^224
- a = (in[3] >> 56);
- tmp[0] -= a;
- tmp[1] += a << 40;
- tmp[3] &= 0x00ffffffffffffff;
- // Case 2: a = 0 iff p <= in < 2^224, i.e., the high 128 bits are all 1 and
- // the lower part is non-zero
- a = ((in[3] & in[2] & (in[1] | 0x000000ffffffffff)) + 1) |
- (((int64_t)(in[0] + (in[1] & 0x000000ffffffffff)) - 1) >> 63);
- a &= 0x00ffffffffffffff;
- // turn a into an all-one mask (if a = 0) or an all-zero mask
- a = (a - 1) >> 63;
- // subtract 2^224 - 2^96 + 1 if a is all-one
- tmp[3] &= a ^ 0xffffffffffffffff;
- tmp[2] &= a ^ 0xffffffffffffffff;
- tmp[1] &= (a ^ 0xffffffffffffffff) | 0x000000ffffffffff;
- tmp[0] -= 1 & a;
-
- // eliminate negative coefficients: if tmp[0] is negative, tmp[1] must
- // be non-zero, so we only need one step
- a = tmp[0] >> 63;
- tmp[0] += two56 & a;
- tmp[1] -= 1 & a;
-
- // carry 1 -> 2 -> 3
- tmp[2] += tmp[1] >> 56;
- tmp[1] &= 0x00ffffffffffffff;
-
- tmp[3] += tmp[2] >> 56;
- tmp[2] &= 0x00ffffffffffffff;
-
- // Now 0 <= out < p
- out[0] = tmp[0];
- out[1] = tmp[1];
- out[2] = tmp[2];
- out[3] = tmp[3];
-}
-
// Get negative value: out = -in
// Requires in[i] < 2^63,
// ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16
@@ -982,8 +981,7 @@
p224_felem x_in, x_out;
p224_generic_to_felem(x_in, &point->X);
p224_felem_mul(tmp, x_in, z1);
- p224_felem_reduce(x_in, tmp);
- p224_felem_contract(x_out, x_in);
+ p224_felem_reduce(x_out, tmp);
p224_felem_to_generic(x, x_out);
}
@@ -993,8 +991,7 @@
p224_felem_mul(tmp, z1, z2);
p224_felem_reduce(z1, tmp);
p224_felem_mul(tmp, y_in, z1);
- p224_felem_reduce(y_in, tmp);
- p224_felem_contract(y_out, y_in);
+ p224_felem_reduce(y_out, tmp);
p224_felem_to_generic(y, y_out);
}
@@ -1011,6 +1008,7 @@
p224_generic_to_felem(y2, &b->Y);
p224_generic_to_felem(z2, &b->Z);
p224_point_add(x1, y1, z1, x1, y1, z1, 0 /* both Jacobian */, x2, y2, z2);
+ // The outputs are already reduced, but still need to be contracted.
p224_felem_to_generic(&r->X, x1);
p224_felem_to_generic(&r->Y, y1);
p224_felem_to_generic(&r->Z, z1);
@@ -1023,6 +1021,7 @@
p224_generic_to_felem(y, &a->Y);
p224_generic_to_felem(z, &a->Z);
p224_point_double(x, y, z, x, y, z);
+ // The outputs are already reduced, but still need to be contracted.
p224_felem_to_generic(&r->X, x);
p224_felem_to_generic(&r->Y, y);
p224_felem_to_generic(&r->Z, z);
@@ -1033,7 +1032,7 @@
const EC_RAW_POINT *p,
const EC_SCALAR *p_scalar) {
p224_felem p_pre_comp[17][3];
- p224_felem x_in, y_in, z_in, x_out, y_out, z_out;
+ p224_felem x_out, y_out, z_out;
if (p != NULL && p_scalar != NULL) {
// We treat NULL scalars as 0, and NULL points as points at infinity, i.e.,
@@ -1068,12 +1067,9 @@
(const p224_felem(*)[3])p_pre_comp);
// reduce the output to its unique minimal representation
- p224_felem_contract(x_in, x_out);
- p224_felem_to_generic(&r->X, x_in);
- p224_felem_contract(y_in, y_out);
- p224_felem_to_generic(&r->Y, y_in);
- p224_felem_contract(z_in, z_out);
- p224_felem_to_generic(&r->Z, z_in);
+ p224_felem_to_generic(&r->X, x_out);
+ p224_felem_to_generic(&r->Y, y_out);
+ p224_felem_to_generic(&r->Z, z_out);
}
static void ec_GFp_nistp224_felem_mul(const EC_GROUP *group, EC_FELEM *r,
@@ -1084,7 +1080,6 @@
p224_generic_to_felem(felem2, b);
p224_felem_mul(wide, felem1, felem2);
p224_felem_reduce(felem1, wide);
- p224_felem_contract(felem1, felem1);
p224_felem_to_generic(r, felem1);
}
@@ -1095,7 +1090,6 @@
p224_widefelem wide;
p224_felem_square(wide, felem);
p224_felem_reduce(felem, wide);
- p224_felem_contract(felem, felem);
p224_felem_to_generic(r, felem);
}
diff --git a/src/crypto/fipsmodule/ec/p256-x86_64.c b/src/crypto/fipsmodule/ec/p256-x86_64.c
index e7f4909..b342214 100644
--- a/src/crypto/fipsmodule/ec/p256-x86_64.c
+++ b/src/crypto/fipsmodule/ec/p256-x86_64.c
@@ -23,6 +23,7 @@
#include <string.h>
#include <openssl/bn.h>
+#include <openssl/cpu.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
@@ -44,12 +45,6 @@
TOBN(0xffffffff, 0xffffffff), TOBN(0x00000000, 0xfffffffe),
};
-// P256_ORDER is the order of the P-256 group, not in Montgomery form.
-static const BN_ULONG P256_ORDER[P256_LIMBS] = {
- TOBN(0xf3b9cac2, 0xfc632551), TOBN(0xbce6faad, 0xa7179e84),
- TOBN(0xffffffff, 0xffffffff), TOBN(0xffffffff, 0x00000000),
-};
-
// Precomputed tables for the default generator
#include "p256-x86_64-table.h"
@@ -591,7 +586,8 @@
return ec_GFp_simple_mont_inv_mod_ord_vartime(group, out, in);
}
- if (!beeu_mod_inverse_vartime(out->words, in->words, P256_ORDER)) {
+ assert(group->order.width == P256_LIMBS);
+ if (!beeu_mod_inverse_vartime(out->words, in->words, group->order.d)) {
return 0;
}
@@ -600,31 +596,25 @@
return 1;
}
-static int ecp_nistz256_cmp_x_coordinate(int *out_result, const EC_GROUP *group,
- const EC_POINT *p, const BIGNUM *r,
- BN_CTX *ctx) {
- *out_result = 0;
-
- if (ec_GFp_simple_is_at_infinity(group, &p->raw)) {
- OPENSSL_PUT_ERROR(EC, EC_R_POINT_AT_INFINITY);
+static int ecp_nistz256_cmp_x_coordinate(const EC_GROUP *group,
+ const EC_RAW_POINT *p,
+ const EC_SCALAR *r) {
+ if (ec_GFp_simple_is_at_infinity(group, p)) {
return 0;
}
- BN_ULONG r_words[P256_LIMBS];
- if (!bn_copy_words(r_words, P256_LIMBS, r)) {
- return 0;
- }
+ assert(group->order.width == P256_LIMBS);
+ assert(group->field.width == P256_LIMBS);
// We wish to compare X/Z^2 with r. This is equivalent to comparing X with
// r*Z^2. Note that X and Z are represented in Montgomery form, while r is
// not.
BN_ULONG r_Z2[P256_LIMBS], Z2_mont[P256_LIMBS], X[P256_LIMBS];
- ecp_nistz256_mul_mont(Z2_mont, p->raw.Z.words, p->raw.Z.words);
- ecp_nistz256_mul_mont(r_Z2, r_words, Z2_mont);
- ecp_nistz256_from_mont(X, p->raw.X.words);
+ ecp_nistz256_mul_mont(Z2_mont, p->Z.words, p->Z.words);
+ ecp_nistz256_mul_mont(r_Z2, r->words, Z2_mont);
+ ecp_nistz256_from_mont(X, p->X.words);
if (OPENSSL_memcmp(r_Z2, X, sizeof(r_Z2)) == 0) {
- *out_result = 1;
return 1;
}
@@ -632,25 +622,17 @@
// Therefore there is a small possibility, less than 1/2^128, that group_order
// < p.x < P. in that case we need not only to compare against |r| but also to
// compare against r+group_order.
-
- // P_MINUS_ORDER is the difference between the field order (p) and the group
- // order (N). This value is not in the Montgomery domain.
- static const BN_ULONG P_MINUS_ORDER[P256_LIMBS] = {
- TOBN(0x0c46353d, 0x039cdaae), TOBN(0x43190553, 0x58e8617b),
- TOBN(0x00000000, 0x00000000), TOBN(0x00000000, 0x00000000)};
-
- if (bn_less_than_words(r_words, P_MINUS_ORDER, P256_LIMBS)) {
- // We can add in-place, ignoring the carry, because: r + group_order < p <
- // 2^256
- bn_add_words(r_words, r_words, P256_ORDER, P256_LIMBS);
- ecp_nistz256_mul_mont(r_Z2, r_words, Z2_mont);
+ if (bn_less_than_words(r->words, group->field_minus_order.words,
+ P256_LIMBS)) {
+ // We can ignore the carry because: r + group_order < p < 2^256.
+ bn_add_words(r_Z2, r->words, group->order.d, P256_LIMBS);
+ ecp_nistz256_mul_mont(r_Z2, r_Z2, Z2_mont);
if (OPENSSL_memcmp(r_Z2, X, sizeof(r_Z2)) == 0) {
- *out_result = 1;
return 1;
}
}
- return 1;
+ return 0;
}
DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistz256_method) {
diff --git a/src/crypto/fipsmodule/ec/p256-x86_64_test.cc b/src/crypto/fipsmodule/ec/p256-x86_64_test.cc
index ab93dfb..7d6d616 100644
--- a/src/crypto/fipsmodule/ec/p256-x86_64_test.cc
+++ b/src/crypto/fipsmodule/ec/p256-x86_64_test.cc
@@ -12,10 +12,6 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#if !defined(__STDC_FORMAT_MACROS)
-#define __STDC_FORMAT_MACROS
-#endif
-
#include <openssl/base.h>
#include <stdio.h>
diff --git a/src/crypto/fipsmodule/ec/scalar.c b/src/crypto/fipsmodule/ec/scalar.c
index 88678a9..82f2a50 100644
--- a/src/crypto/fipsmodule/ec/scalar.c
+++ b/src/crypto/fipsmodule/ec/scalar.c
@@ -18,6 +18,7 @@
#include "internal.h"
#include "../bn/internal.h"
+#include "../../internal.h"
int ec_bignum_to_scalar(const EC_GROUP *group, EC_SCALAR *out,
@@ -30,6 +31,20 @@
return 1;
}
+int ec_scalar_equal_vartime(const EC_GROUP *group, const EC_SCALAR *a,
+ const EC_SCALAR *b) {
+ return OPENSSL_memcmp(a->words, b->words,
+ group->order.width * sizeof(BN_ULONG)) == 0;
+}
+
+int ec_scalar_is_zero(const EC_GROUP *group, const EC_SCALAR *a) {
+ BN_ULONG mask = 0;
+ for (int i = 0; i < group->order.width; i++) {
+ mask |= a->words[i];
+ }
+ return mask == 0;
+}
+
int ec_random_nonzero_scalar(const EC_GROUP *group, EC_SCALAR *out,
const uint8_t additional_data[32]) {
return bn_rand_range_words(out->words, 1, group->order.d, group->order.width,
@@ -39,7 +54,7 @@
void ec_scalar_add(const EC_GROUP *group, EC_SCALAR *r, const EC_SCALAR *a,
const EC_SCALAR *b) {
const BIGNUM *order = &group->order;
- BN_ULONG tmp[EC_MAX_SCALAR_WORDS];
+ BN_ULONG tmp[EC_MAX_WORDS];
bn_mod_add_words(r->words, a->words, b->words, order->d, tmp, order->width);
OPENSSL_cleanse(tmp, sizeof(tmp));
}
diff --git a/src/crypto/fipsmodule/ec/simple.c b/src/crypto/fipsmodule/ec/simple.c
index 8b862ff..c418c4e 100644
--- a/src/crypto/fipsmodule/ec/simple.c
+++ b/src/crypto/fipsmodule/ec/simple.c
@@ -366,36 +366,15 @@
return 1;
}
-// Compares the x (affine) coordinate of the point p with x.
-// Return 1 on success 0 otherwise
-int ec_GFp_simple_cmp_x_coordinate(int *out_result, const EC_GROUP *group,
- const EC_POINT *p, const BIGNUM *r,
- BN_CTX *ctx) {
- *out_result = 0;
- int ret = 0;
- BN_CTX_start(ctx);
-
- BIGNUM *X = BN_CTX_get(ctx);
- if (X == NULL) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
- goto out;
+int ec_GFp_simple_cmp_x_coordinate(const EC_GROUP *group, const EC_RAW_POINT *p,
+ const EC_SCALAR *r) {
+ if (ec_GFp_simple_is_at_infinity(group, p)) {
+ // |ec_get_x_coordinate_as_scalar| will check this internally, but this way
+ // we do not push to the error queue.
+ return 0;
}
- if (!EC_POINT_get_affine_coordinates_GFp(group, p, X, NULL, ctx)) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
- goto out;
- }
-
- if (!ec_field_element_to_scalar(group, X)) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
- goto out;
- }
-
- // The signature is correct iff |X| is equal to |r|.
- *out_result = (BN_ucmp(X, r) == 0);
- ret = 1;
-
-out:
- BN_CTX_end(ctx);
- return ret;
+ EC_SCALAR x;
+ return ec_get_x_coordinate_as_scalar(group, &x, p) &&
+ ec_scalar_equal_vartime(group, &x, r);
}
diff --git a/src/crypto/fipsmodule/ec/wnaf.c b/src/crypto/fipsmodule/ec/wnaf.c
index c0c2809..fd1b480 100644
--- a/src/crypto/fipsmodule/ec/wnaf.c
+++ b/src/crypto/fipsmodule/ec/wnaf.c
@@ -180,14 +180,14 @@
size_t bits = BN_num_bits(&group->order);
size_t wNAF_len = bits + 1;
- int8_t g_wNAF[EC_MAX_SCALAR_BYTES * 8 + 1];
+ int8_t g_wNAF[EC_MAX_BYTES * 8 + 1];
EC_RAW_POINT g_precomp[EC_WNAF_TABLE_SIZE];
assert(wNAF_len <= OPENSSL_ARRAY_SIZE(g_wNAF));
const EC_RAW_POINT *g = &group->generator->raw;
ec_compute_wNAF(group, g_wNAF, g_scalar, bits, EC_WNAF_WINDOW_BITS);
compute_precomp(group, g_precomp, g, EC_WNAF_TABLE_SIZE);
- int8_t p_wNAF[EC_MAX_SCALAR_BYTES * 8 + 1];
+ int8_t p_wNAF[EC_MAX_BYTES * 8 + 1];
EC_RAW_POINT p_precomp[EC_WNAF_TABLE_SIZE];
assert(wNAF_len <= OPENSSL_ARRAY_SIZE(p_wNAF));
ec_compute_wNAF(group, p_wNAF, p_scalar, bits, EC_WNAF_WINDOW_BITS);
diff --git a/src/crypto/fipsmodule/ecdh/ecdh.c b/src/crypto/fipsmodule/ecdh/ecdh.c
index cd9d7ea..b9dc237 100644
--- a/src/crypto/fipsmodule/ecdh/ecdh.c
+++ b/src/crypto/fipsmodule/ecdh/ecdh.c
@@ -66,10 +66,8 @@
#include <openssl/ecdh.h>
-#include <limits.h>
#include <string.h>
-#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/ec_key.h>
#include <openssl/err.h>
@@ -86,50 +84,20 @@
return 0;
}
const EC_SCALAR *const priv = &priv_key->priv_key->scalar;
-
- BN_CTX *ctx = BN_CTX_new();
- if (ctx == NULL) {
+ const EC_GROUP *const group = EC_KEY_get0_group(priv_key);
+ if (EC_GROUP_cmp(group, pub_key->group, NULL) != 0) {
+ OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
- BN_CTX_start(ctx);
- int ret = 0;
- size_t buflen = 0;
- uint8_t *buf = NULL;
-
- const EC_GROUP *const group = EC_KEY_get0_group(priv_key);
- EC_POINT *shared_point = EC_POINT_new(group);
- if (shared_point == NULL) {
- OPENSSL_PUT_ERROR(ECDH, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!ec_point_mul_scalar(group, shared_point, NULL, pub_key, priv, ctx)) {
+ EC_RAW_POINT shared_point;
+ uint8_t buf[EC_MAX_BYTES];
+ size_t buflen;
+ if (!ec_point_mul_scalar(group, &shared_point, NULL, &pub_key->raw, priv) ||
+ !ec_point_get_affine_coordinate_bytes(group, buf, NULL, &buflen,
+ sizeof(buf), &shared_point)) {
OPENSSL_PUT_ERROR(ECDH, ECDH_R_POINT_ARITHMETIC_FAILURE);
- goto err;
- }
-
- BIGNUM *x = BN_CTX_get(ctx);
- if (!x) {
- OPENSSL_PUT_ERROR(ECDH, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!EC_POINT_get_affine_coordinates_GFp(group, shared_point, x, NULL, ctx)) {
- OPENSSL_PUT_ERROR(ECDH, ECDH_R_POINT_ARITHMETIC_FAILURE);
- goto err;
- }
-
- buflen = (EC_GROUP_get_degree(group) + 7) / 8;
- buf = OPENSSL_malloc(buflen);
- if (buf == NULL) {
- OPENSSL_PUT_ERROR(ECDH, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!BN_bn2bin_padded(buf, buflen, x)) {
- OPENSSL_PUT_ERROR(ECDH, ERR_R_INTERNAL_ERROR);
- goto err;
+ return 0;
}
switch (out_len) {
@@ -147,15 +115,8 @@
break;
default:
OPENSSL_PUT_ERROR(ECDH, ECDH_R_UNKNOWN_DIGEST_LENGTH);
- goto err;
+ return 0;
}
- ret = 1;
-
-err:
- OPENSSL_free(buf);
- EC_POINT_free(shared_point);
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- return ret;
+ return 1;
}
diff --git a/src/crypto/fipsmodule/ecdsa/ecdsa.c b/src/crypto/fipsmodule/ecdsa/ecdsa.c
index 80371c3..010ee02 100644
--- a/src/crypto/fipsmodule/ecdsa/ecdsa.c
+++ b/src/crypto/fipsmodule/ecdsa/ecdsa.c
@@ -93,7 +93,7 @@
//
// Montgomery multiplication accepts the looser bounds, so this isn't strictly
// necessary, but it is a cleaner abstraction and has no performance impact.
- BN_ULONG tmp[EC_MAX_SCALAR_WORDS];
+ BN_ULONG tmp[EC_MAX_WORDS];
bn_reduce_once_in_place(out->words, 0 /* no carry */, order->d, tmp,
order->width);
}
@@ -152,21 +152,13 @@
return 0;
}
- BN_CTX *ctx = BN_CTX_new();
- if (!ctx) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- int ret = 0;
- EC_POINT *point = NULL;
-
EC_SCALAR r, s, u1, u2, s_inv_mont, m;
if (BN_is_zero(sig->r) ||
!ec_bignum_to_scalar(group, &r, sig->r) ||
BN_is_zero(sig->s) ||
!ec_bignum_to_scalar(group, &s, sig->s)) {
OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE);
- goto err;
+ return 0;
}
// s_inv_mont = s^-1 in the Montgomery domain. This is
@@ -181,62 +173,35 @@
ec_scalar_mul_montgomery(group, &u1, &m, &s_inv_mont);
ec_scalar_mul_montgomery(group, &u2, &r, &s_inv_mont);
- point = EC_POINT_new(group);
- if (point == NULL) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (!ec_point_mul_scalar_public(group, point, &u1, pub_key, &u2, ctx)) {
+ EC_RAW_POINT point;
+ if (!ec_point_mul_scalar_public(group, &point, &u1, &pub_key->raw, &u2)) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
- goto err;
+ return 0;
}
- int match;
- if (!ec_cmp_x_coordinate(&match, group, point, sig->r, ctx)) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
- goto err;
- }
-
- if (!match) {
+ if (!ec_cmp_x_coordinate(group, &point, &r)) {
OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE);
- goto err;
+ return 0;
}
- ret = 1;
-
-err:
- BN_CTX_free(ctx);
- EC_POINT_free(point);
- return ret;
+ return 1;
}
-static int ecdsa_sign_setup(const EC_KEY *eckey, BN_CTX *ctx,
- EC_SCALAR *out_kinv_mont, BIGNUM **rp,
- const uint8_t *digest, size_t digest_len,
- const EC_SCALAR *priv_key) {
- EC_POINT *tmp_point = NULL;
- int ret = 0;
- EC_SCALAR k;
- BIGNUM *r = BN_new(); // this value is later returned in *rp
- if (r == NULL) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- const EC_GROUP *group = EC_KEY_get0_group(eckey);
- const BIGNUM *order = EC_GROUP_get0_order(group);
- tmp_point = EC_POINT_new(group);
- if (tmp_point == NULL) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
- goto err;
- }
-
+static int ecdsa_sign_setup(const EC_KEY *eckey, EC_SCALAR *out_kinv_mont,
+ EC_SCALAR *out_r, const uint8_t *digest,
+ size_t digest_len, const EC_SCALAR *priv_key) {
// Check that the size of the group order is FIPS compliant (FIPS 186-4
// B.5.2).
+ const EC_GROUP *group = EC_KEY_get0_group(eckey);
+ const BIGNUM *order = EC_GROUP_get0_order(group);
if (BN_num_bits(order) < 160) {
OPENSSL_PUT_ERROR(ECDSA, EC_R_INVALID_GROUP_ORDER);
- goto err;
+ return 0;
}
+ int ret = 0;
+ EC_SCALAR k;
+ EC_RAW_POINT tmp_point;
do {
// Include the private key and message digest in the k generation.
if (eckey->fixed_k != NULL) {
@@ -246,8 +211,8 @@
} else {
// Pass a SHA512 hash of the private key and digest as additional data
// into the RBG. This is a hardening measure against entropy failure.
- OPENSSL_COMPILE_ASSERT(SHA512_DIGEST_LENGTH >= 32,
- additional_data_is_too_large_for_sha512);
+ OPENSSL_STATIC_ASSERT(SHA512_DIGEST_LENGTH >= 32,
+ "additional_data is too large for SHA-512");
SHA512_CTX sha;
uint8_t additional_data[SHA512_DIGEST_LENGTH];
SHA512_Init(&sha);
@@ -267,26 +232,16 @@
ec_scalar_from_montgomery(group, out_kinv_mont, out_kinv_mont);
// Compute r, the x-coordinate of generator * k.
- if (!ec_point_mul_scalar(group, tmp_point, &k, NULL, NULL, ctx) ||
- !EC_POINT_get_affine_coordinates_GFp(group, tmp_point, r, NULL,
- ctx)) {
+ if (!ec_point_mul_scalar(group, &tmp_point, &k, NULL, NULL) ||
+ !ec_get_x_coordinate_as_scalar(group, out_r, &tmp_point)) {
goto err;
}
+ } while (ec_scalar_is_zero(group, out_r));
- if (!ec_field_element_to_scalar(group, r)) {
- goto err;
- }
- } while (BN_is_zero(r));
-
- BN_clear_free(*rp);
- *rp = r;
- r = NULL;
ret = 1;
err:
OPENSSL_cleanse(&k, sizeof(k));
- BN_clear_free(r);
- EC_POINT_free(tmp_point);
return ret;
}
@@ -307,26 +262,23 @@
int ok = 0;
ECDSA_SIG *ret = ECDSA_SIG_new();
- BN_CTX *ctx = BN_CTX_new();
EC_SCALAR kinv_mont, r_mont, s, m, tmp;
- if (ret == NULL || ctx == NULL) {
+ if (ret == NULL) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
return NULL;
}
digest_to_scalar(group, &m, digest, digest_len);
for (;;) {
- if (!ecdsa_sign_setup(eckey, ctx, &kinv_mont, &ret->r, digest, digest_len,
- priv_key)) {
+ if (!ecdsa_sign_setup(eckey, &kinv_mont, &r_mont, digest, digest_len,
+ priv_key) ||
+ !bn_set_words(ret->r, r_mont.words, order->width)) {
goto err;
}
// Compute priv_key * r (mod order). Note if only one parameter is in the
- // Montgomery domain, |scalar_mod_mul_montgomery| will compute the answer in
- // the normal domain.
- if (!ec_bignum_to_scalar(group, &r_mont, ret->r)) {
- goto err;
- }
+ // Montgomery domain, |ec_scalar_mod_mul_montgomery| will compute the answer
+ // in the normal domain.
ec_scalar_to_montgomery(group, &r_mont, &r_mont);
ec_scalar_mul_montgomery(group, &s, priv_key, &r_mont);
@@ -352,7 +304,6 @@
ECDSA_SIG_free(ret);
ret = NULL;
}
- BN_CTX_free(ctx);
OPENSSL_cleanse(&kinv_mont, sizeof(kinv_mont));
OPENSSL_cleanse(&r_mont, sizeof(r_mont));
OPENSSL_cleanse(&s, sizeof(s));
diff --git a/src/crypto/fipsmodule/modes/cfb.c b/src/crypto/fipsmodule/modes/cfb.c
index d3a38d6..0a81f3b 100644
--- a/src/crypto/fipsmodule/modes/cfb.c
+++ b/src/crypto/fipsmodule/modes/cfb.c
@@ -54,7 +54,8 @@
#include "internal.h"
-OPENSSL_COMPILE_ASSERT((16 % sizeof(size_t)) == 0, bad_size_t_size_cfb);
+OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0,
+ "block cannot be divided into size_t");
void CRYPTO_cfb128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
const AES_KEY *key, uint8_t ivec[16], unsigned *num,
diff --git a/src/crypto/fipsmodule/modes/ctr.c b/src/crypto/fipsmodule/modes/ctr.c
index 5093408..b806b9a 100644
--- a/src/crypto/fipsmodule/modes/ctr.c
+++ b/src/crypto/fipsmodule/modes/ctr.c
@@ -69,7 +69,8 @@
} while (n);
}
-OPENSSL_COMPILE_ASSERT((16 % sizeof(size_t)) == 0, bad_size_t_size_ctr);
+OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0,
+ "block cannot be divided into size_t");
// The input encrypted as though 128bit counter mode is being used. The extra
// state information to record how much of the 128bit block we have used is
diff --git a/src/crypto/fipsmodule/modes/gcm_test.cc b/src/crypto/fipsmodule/modes/gcm_test.cc
index 30308f8..a6b7fc0 100644
--- a/src/crypto/fipsmodule/modes/gcm_test.cc
+++ b/src/crypto/fipsmodule/modes/gcm_test.cc
@@ -46,13 +46,6 @@
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ==================================================================== */
-// Per C99, various stdint.h and inttypes.h macros (the latter used by
-// internal.h) are unavailable in C++ unless some macros are defined. C++11
-// overruled this decision, but older Android NDKs still require it.
-#if !defined(__STDC_CONSTANT_MACROS)
-#define __STDC_CONSTANT_MACROS
-#endif
-
#include <stdio.h>
#include <string.h>
diff --git a/src/crypto/fipsmodule/modes/ofb.c b/src/crypto/fipsmodule/modes/ofb.c
index b1b4d87..4c70ce6 100644
--- a/src/crypto/fipsmodule/modes/ofb.c
+++ b/src/crypto/fipsmodule/modes/ofb.c
@@ -54,7 +54,8 @@
#include "internal.h"
-OPENSSL_COMPILE_ASSERT((16 % sizeof(size_t)) == 0, bad_size_t_size_ofb);
+OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0,
+ "block cannot be divided into size_t");
void CRYPTO_ofb128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
const AES_KEY *key, uint8_t ivec[16], unsigned *num,
diff --git a/src/crypto/fipsmodule/rand/ctrdrbg.c b/src/crypto/fipsmodule/rand/ctrdrbg.c
index f2fe8b3..b2fda1d 100644
--- a/src/crypto/fipsmodule/rand/ctrdrbg.c
+++ b/src/crypto/fipsmodule/rand/ctrdrbg.c
@@ -64,8 +64,8 @@
return 1;
}
-OPENSSL_COMPILE_ASSERT(CTR_DRBG_ENTROPY_LEN % AES_BLOCK_SIZE == 0,
- not_a_multiple_of_block_size);
+OPENSSL_STATIC_ASSERT(CTR_DRBG_ENTROPY_LEN % AES_BLOCK_SIZE == 0,
+ "not a multiple of AES block size");
// ctr_inc adds |n| to the last four bytes of |drbg->counter|, treated as a
// big-endian number.
diff --git a/src/crypto/fipsmodule/rsa/rsa_impl.c b/src/crypto/fipsmodule/rsa/rsa_impl.c
index e8072ec..895408d 100644
--- a/src/crypto/fipsmodule/rsa/rsa_impl.c
+++ b/src/crypto/fipsmodule/rsa/rsa_impl.c
@@ -1066,7 +1066,7 @@
//
// This function returns one on success and zero on failure. It has a failure
// probability of about 2^-20.
-static int rsa_generate_key_impl(RSA *rsa, int bits, BIGNUM *e_value,
+static int rsa_generate_key_impl(RSA *rsa, int bits, const BIGNUM *e_value,
BN_GENCB *cb) {
// See FIPS 186-4 appendix B.3. This function implements a generalized version
// of the FIPS algorithm. |RSA_generate_key_fips| performs additional checks
@@ -1247,7 +1247,8 @@
*in = NULL;
}
-int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) {
+int RSA_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e_value,
+ BN_GENCB *cb) {
// |rsa_generate_key_impl|'s 2^-20 failure probability is too high at scale,
// so we run the FIPS algorithm four times, bringing it down to 2^-80. We
// should just adjust the retry limit, but FIPS 186-4 prescribes that value
diff --git a/src/crypto/fipsmodule/sha/asm/sha1-armv8.pl b/src/crypto/fipsmodule/sha/asm/sha1-armv8.pl
index 80567d9..7c8880f 100644
--- a/src/crypto/fipsmodule/sha/asm/sha1-armv8.pl
+++ b/src/crypto/fipsmodule/sha/asm/sha1-armv8.pl
@@ -180,13 +180,8 @@
.type sha1_block_data_order,%function
.align 6
sha1_block_data_order:
-#ifdef __ILP32__
- ldrsw x16,.LOPENSSL_armcap_P
-#else
- ldr x16,.LOPENSSL_armcap_P
-#endif
- adr x17,.LOPENSSL_armcap_P
- add x16,x16,x17
+ adrp x16,:pg_hi21:OPENSSL_armcap_P
+ add x16,x16,:lo12:OPENSSL_armcap_P
ldr w16,[x16]
tst w16,#ARMV8_SHA1
b.ne .Lv8_entry
@@ -255,7 +250,8 @@
stp x29,x30,[sp,#-16]!
add x29,sp,#0
- adr x4,.Lconst
+ adrp x4,:pg_hi21:.Lconst
+ add x4,x4,:lo12:.Lconst
eor $E,$E,$E
ld1.32 {$ABCD},[$ctx],#16
ld1.32 {$E}[0],[$ctx]
@@ -315,18 +311,13 @@
ldr x29,[sp],#16
ret
.size sha1_block_armv8,.-sha1_block_armv8
+.section .rodata
.align 6
.Lconst:
.long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 //K_00_19
.long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 //K_20_39
.long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc //K_40_59
.long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 //K_60_79
-.LOPENSSL_armcap_P:
-#ifdef __ILP32__
-.long OPENSSL_armcap_P-.
-#else
-.quad OPENSSL_armcap_P-.
-#endif
.asciz "SHA1 block transform for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
.align 2
.comm OPENSSL_armcap_P,4,4
diff --git a/src/crypto/fipsmodule/sha/asm/sha512-armv8.pl b/src/crypto/fipsmodule/sha/asm/sha512-armv8.pl
index 22c47d7..3f69071 100644
--- a/src/crypto/fipsmodule/sha/asm/sha512-armv8.pl
+++ b/src/crypto/fipsmodule/sha/asm/sha512-armv8.pl
@@ -185,13 +185,8 @@
___
$code.=<<___ if ($SZ==4);
#ifndef __KERNEL__
-# ifdef __ILP32__
- ldrsw x16,.LOPENSSL_armcap_P
-# else
- ldr x16,.LOPENSSL_armcap_P
-# endif
- adr x17,.LOPENSSL_armcap_P
- add x16,x16,x17
+ adrp x16,:pg_hi21:OPENSSL_armcap_P
+ add x16,x16,:lo12:OPENSSL_armcap_P
ldr w16,[x16]
tst w16,#ARMV8_SHA256
b.ne .Lv8_entry
@@ -213,7 +208,8 @@
ldp $E,$F,[$ctx,#4*$SZ]
add $num,$inp,$num,lsl#`log(16*$SZ)/log(2)` // end of input
ldp $G,$H,[$ctx,#6*$SZ]
- adr $Ktbl,.LK$BITS
+ adrp $Ktbl,:pg_hi21:.LK$BITS
+ add $Ktbl,$Ktbl,:lo12:.LK$BITS
stp $ctx,$num,[x29,#96]
.Loop:
@@ -262,6 +258,7 @@
ret
.size $func,.-$func
+.section .rodata
.align 6
.type .LK$BITS,%object
.LK$BITS:
@@ -330,15 +327,6 @@
___
$code.=<<___;
.size .LK$BITS,.-.LK$BITS
-#ifndef __KERNEL__
-.align 3
-.LOPENSSL_armcap_P:
-# ifdef __ILP32__
- .long OPENSSL_armcap_P-.
-# else
- .quad OPENSSL_armcap_P-.
-# endif
-#endif
.asciz "SHA$BITS block transform for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
.align 2
___
@@ -352,6 +340,7 @@
my ($ABCD_SAVE,$EFGH_SAVE)=("v18.16b","v19.16b");
$code.=<<___;
+.text
#ifndef __KERNEL__
.type sha256_block_armv8,%function
.align 6
@@ -361,7 +350,8 @@
add x29,sp,#0
ld1.32 {$ABCD,$EFGH},[$ctx]
- adr $Ktbl,.LK256
+ adrp $Ktbl,:pg_hi21:.LK256
+ add $Ktbl,$Ktbl,:lo12:.LK256
.Loop_hw:
ld1 {@MSG[0]-@MSG[3]},[$inp],#64
diff --git a/src/crypto/internal.h b/src/crypto/internal.h
index a251b95..b98b556 100644
--- a/src/crypto/internal.h
+++ b/src/crypto/internal.h
@@ -150,6 +150,14 @@
void OPENSSL_cpuid_setup(void);
#endif
+#if (defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) && \
+ !defined(OPENSSL_STATIC_ARMCAP)
+// OPENSSL_get_armcap_pointer_for_test returns a pointer to |OPENSSL_armcap_P|
+// for unit tests. Any modifications to the value must be made after
+// |CRYPTO_library_init| but before any other function call in BoringSSL.
+OPENSSL_EXPORT uint32_t *OPENSSL_get_armcap_pointer_for_test(void);
+#endif
+
#if (!defined(_MSC_VER) || defined(__clang__)) && defined(OPENSSL_64_BIT)
#define BORINGSSL_HAS_UINT128
diff --git a/src/crypto/obj/obj.c b/src/crypto/obj/obj.c
index 235f7d6..9f92785 100644
--- a/src/crypto/obj/obj.c
+++ b/src/crypto/obj/obj.c
@@ -54,10 +54,6 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
-#if !defined(__STDC_FORMAT_MACROS)
-#define __STDC_FORMAT_MACROS
-#endif
-
#include <openssl/obj.h>
#include <inttypes.h>
diff --git a/src/crypto/obj/obj_dat.h b/src/crypto/obj/obj_dat.h
index dceaf03..0f5a3fa 100644
--- a/src/crypto/obj/obj_dat.h
+++ b/src/crypto/obj/obj_dat.h
@@ -61,1759 +61,7060 @@
static const uint8_t kObjectData[] = {
/* NID_rsadsi */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
/* NID_pkcs */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
/* NID_md2 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x02,
+ 0x02,
/* NID_md5 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x02,
+ 0x05,
/* NID_rc4 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x04,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x03,
+ 0x04,
/* NID_rsaEncryption */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x01,
+ 0x01,
/* NID_md2WithRSAEncryption */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x01,
+ 0x02,
/* NID_md5WithRSAEncryption */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x04,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x01,
+ 0x04,
/* NID_pbeWithMD2AndDES_CBC */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x05,
+ 0x01,
/* NID_pbeWithMD5AndDES_CBC */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x03,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x05,
+ 0x03,
/* NID_X500 */
0x55,
/* NID_X509 */
- 0x55, 0x04,
+ 0x55,
+ 0x04,
/* NID_commonName */
- 0x55, 0x04, 0x03,
+ 0x55,
+ 0x04,
+ 0x03,
/* NID_countryName */
- 0x55, 0x04, 0x06,
+ 0x55,
+ 0x04,
+ 0x06,
/* NID_localityName */
- 0x55, 0x04, 0x07,
+ 0x55,
+ 0x04,
+ 0x07,
/* NID_stateOrProvinceName */
- 0x55, 0x04, 0x08,
+ 0x55,
+ 0x04,
+ 0x08,
/* NID_organizationName */
- 0x55, 0x04, 0x0a,
+ 0x55,
+ 0x04,
+ 0x0a,
/* NID_organizationalUnitName */
- 0x55, 0x04, 0x0b,
+ 0x55,
+ 0x04,
+ 0x0b,
/* NID_rsa */
- 0x55, 0x08, 0x01, 0x01,
+ 0x55,
+ 0x08,
+ 0x01,
+ 0x01,
/* NID_pkcs7 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x07,
/* NID_pkcs7_data */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x07,
+ 0x01,
/* NID_pkcs7_signed */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x07,
+ 0x02,
/* NID_pkcs7_enveloped */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x03,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x07,
+ 0x03,
/* NID_pkcs7_signedAndEnveloped */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x04,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x07,
+ 0x04,
/* NID_pkcs7_digest */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x05,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x07,
+ 0x05,
/* NID_pkcs7_encrypted */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x06,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x07,
+ 0x06,
/* NID_pkcs3 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x03,
/* NID_dhKeyAgreement */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x03,
+ 0x01,
/* NID_des_ecb */
- 0x2b, 0x0e, 0x03, 0x02, 0x06,
+ 0x2b,
+ 0x0e,
+ 0x03,
+ 0x02,
+ 0x06,
/* NID_des_cfb64 */
- 0x2b, 0x0e, 0x03, 0x02, 0x09,
+ 0x2b,
+ 0x0e,
+ 0x03,
+ 0x02,
+ 0x09,
/* NID_des_cbc */
- 0x2b, 0x0e, 0x03, 0x02, 0x07,
+ 0x2b,
+ 0x0e,
+ 0x03,
+ 0x02,
+ 0x07,
/* NID_des_ede_ecb */
- 0x2b, 0x0e, 0x03, 0x02, 0x11,
+ 0x2b,
+ 0x0e,
+ 0x03,
+ 0x02,
+ 0x11,
/* NID_idea_cbc */
- 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x3c, 0x07, 0x01, 0x01, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x04,
+ 0x01,
+ 0x81,
+ 0x3c,
+ 0x07,
+ 0x01,
+ 0x01,
+ 0x02,
/* NID_rc2_cbc */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x03,
+ 0x02,
/* NID_sha */
- 0x2b, 0x0e, 0x03, 0x02, 0x12,
+ 0x2b,
+ 0x0e,
+ 0x03,
+ 0x02,
+ 0x12,
/* NID_shaWithRSAEncryption */
- 0x2b, 0x0e, 0x03, 0x02, 0x0f,
+ 0x2b,
+ 0x0e,
+ 0x03,
+ 0x02,
+ 0x0f,
/* NID_des_ede3_cbc */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x07,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x03,
+ 0x07,
/* NID_des_ofb64 */
- 0x2b, 0x0e, 0x03, 0x02, 0x08,
+ 0x2b,
+ 0x0e,
+ 0x03,
+ 0x02,
+ 0x08,
/* NID_pkcs9 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
/* NID_pkcs9_emailAddress */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x01,
/* NID_pkcs9_unstructuredName */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x02,
/* NID_pkcs9_contentType */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x03,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x03,
/* NID_pkcs9_messageDigest */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x04,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x04,
/* NID_pkcs9_signingTime */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x05,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x05,
/* NID_pkcs9_countersignature */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x06,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x06,
/* NID_pkcs9_challengePassword */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x07,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x07,
/* NID_pkcs9_unstructuredAddress */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x08,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x08,
/* NID_pkcs9_extCertAttributes */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x09,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x09,
/* NID_netscape */
- 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x86,
+ 0xf8,
+ 0x42,
/* NID_netscape_cert_extension */
- 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x86,
+ 0xf8,
+ 0x42,
+ 0x01,
/* NID_netscape_data_type */
- 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x02,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x86,
+ 0xf8,
+ 0x42,
+ 0x02,
/* NID_sha1 */
- 0x2b, 0x0e, 0x03, 0x02, 0x1a,
+ 0x2b,
+ 0x0e,
+ 0x03,
+ 0x02,
+ 0x1a,
/* NID_sha1WithRSAEncryption */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x01,
+ 0x05,
/* NID_dsaWithSHA */
- 0x2b, 0x0e, 0x03, 0x02, 0x0d,
+ 0x2b,
+ 0x0e,
+ 0x03,
+ 0x02,
+ 0x0d,
/* NID_dsa_2 */
- 0x2b, 0x0e, 0x03, 0x02, 0x0c,
+ 0x2b,
+ 0x0e,
+ 0x03,
+ 0x02,
+ 0x0c,
/* NID_pbeWithSHA1AndRC2_CBC */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0b,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x05,
+ 0x0b,
/* NID_id_pbkdf2 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0c,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x05,
+ 0x0c,
/* NID_dsaWithSHA1_2 */
- 0x2b, 0x0e, 0x03, 0x02, 0x1b,
+ 0x2b,
+ 0x0e,
+ 0x03,
+ 0x02,
+ 0x1b,
/* NID_netscape_cert_type */
- 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x01,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x86,
+ 0xf8,
+ 0x42,
+ 0x01,
+ 0x01,
/* NID_netscape_base_url */
- 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x02,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x86,
+ 0xf8,
+ 0x42,
+ 0x01,
+ 0x02,
/* NID_netscape_revocation_url */
- 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x03,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x86,
+ 0xf8,
+ 0x42,
+ 0x01,
+ 0x03,
/* NID_netscape_ca_revocation_url */
- 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x04,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x86,
+ 0xf8,
+ 0x42,
+ 0x01,
+ 0x04,
/* NID_netscape_renewal_url */
- 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x07,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x86,
+ 0xf8,
+ 0x42,
+ 0x01,
+ 0x07,
/* NID_netscape_ca_policy_url */
- 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x08,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x86,
+ 0xf8,
+ 0x42,
+ 0x01,
+ 0x08,
/* NID_netscape_ssl_server_name */
- 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x0c,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x86,
+ 0xf8,
+ 0x42,
+ 0x01,
+ 0x0c,
/* NID_netscape_comment */
- 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x0d,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x86,
+ 0xf8,
+ 0x42,
+ 0x01,
+ 0x0d,
/* NID_netscape_cert_sequence */
- 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x02, 0x05,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x86,
+ 0xf8,
+ 0x42,
+ 0x02,
+ 0x05,
/* NID_id_ce */
- 0x55, 0x1d,
+ 0x55,
+ 0x1d,
/* NID_subject_key_identifier */
- 0x55, 0x1d, 0x0e,
+ 0x55,
+ 0x1d,
+ 0x0e,
/* NID_key_usage */
- 0x55, 0x1d, 0x0f,
+ 0x55,
+ 0x1d,
+ 0x0f,
/* NID_private_key_usage_period */
- 0x55, 0x1d, 0x10,
+ 0x55,
+ 0x1d,
+ 0x10,
/* NID_subject_alt_name */
- 0x55, 0x1d, 0x11,
+ 0x55,
+ 0x1d,
+ 0x11,
/* NID_issuer_alt_name */
- 0x55, 0x1d, 0x12,
+ 0x55,
+ 0x1d,
+ 0x12,
/* NID_basic_constraints */
- 0x55, 0x1d, 0x13,
+ 0x55,
+ 0x1d,
+ 0x13,
/* NID_crl_number */
- 0x55, 0x1d, 0x14,
+ 0x55,
+ 0x1d,
+ 0x14,
/* NID_certificate_policies */
- 0x55, 0x1d, 0x20,
+ 0x55,
+ 0x1d,
+ 0x20,
/* NID_authority_key_identifier */
- 0x55, 0x1d, 0x23,
+ 0x55,
+ 0x1d,
+ 0x23,
/* NID_bf_cbc */
- 0x2b, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x04,
+ 0x01,
+ 0x97,
+ 0x55,
+ 0x01,
+ 0x02,
/* NID_mdc2 */
- 0x55, 0x08, 0x03, 0x65,
+ 0x55,
+ 0x08,
+ 0x03,
+ 0x65,
/* NID_mdc2WithRSA */
- 0x55, 0x08, 0x03, 0x64,
+ 0x55,
+ 0x08,
+ 0x03,
+ 0x64,
/* NID_givenName */
- 0x55, 0x04, 0x2a,
+ 0x55,
+ 0x04,
+ 0x2a,
/* NID_surname */
- 0x55, 0x04, 0x04,
+ 0x55,
+ 0x04,
+ 0x04,
/* NID_initials */
- 0x55, 0x04, 0x2b,
+ 0x55,
+ 0x04,
+ 0x2b,
/* NID_crl_distribution_points */
- 0x55, 0x1d, 0x1f,
+ 0x55,
+ 0x1d,
+ 0x1f,
/* NID_md5WithRSA */
- 0x2b, 0x0e, 0x03, 0x02, 0x03,
+ 0x2b,
+ 0x0e,
+ 0x03,
+ 0x02,
+ 0x03,
/* NID_serialNumber */
- 0x55, 0x04, 0x05,
+ 0x55,
+ 0x04,
+ 0x05,
/* NID_title */
- 0x55, 0x04, 0x0c,
+ 0x55,
+ 0x04,
+ 0x0c,
/* NID_description */
- 0x55, 0x04, 0x0d,
+ 0x55,
+ 0x04,
+ 0x0d,
/* NID_cast5_cbc */
- 0x2a, 0x86, 0x48, 0x86, 0xf6, 0x7d, 0x07, 0x42, 0x0a,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf6,
+ 0x7d,
+ 0x07,
+ 0x42,
+ 0x0a,
/* NID_pbeWithMD5AndCast5_CBC */
- 0x2a, 0x86, 0x48, 0x86, 0xf6, 0x7d, 0x07, 0x42, 0x0c,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf6,
+ 0x7d,
+ 0x07,
+ 0x42,
+ 0x0c,
/* NID_dsaWithSHA1 */
- 0x2a, 0x86, 0x48, 0xce, 0x38, 0x04, 0x03,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x38,
+ 0x04,
+ 0x03,
/* NID_sha1WithRSA */
- 0x2b, 0x0e, 0x03, 0x02, 0x1d,
+ 0x2b,
+ 0x0e,
+ 0x03,
+ 0x02,
+ 0x1d,
/* NID_dsa */
- 0x2a, 0x86, 0x48, 0xce, 0x38, 0x04, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x38,
+ 0x04,
+ 0x01,
/* NID_ripemd160 */
- 0x2b, 0x24, 0x03, 0x02, 0x01,
+ 0x2b,
+ 0x24,
+ 0x03,
+ 0x02,
+ 0x01,
/* NID_ripemd160WithRSA */
- 0x2b, 0x24, 0x03, 0x03, 0x01, 0x02,
+ 0x2b,
+ 0x24,
+ 0x03,
+ 0x03,
+ 0x01,
+ 0x02,
/* NID_rc5_cbc */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x08,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x03,
+ 0x08,
/* NID_zlib_compression */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x03, 0x08,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x03,
+ 0x08,
/* NID_ext_key_usage */
- 0x55, 0x1d, 0x25,
+ 0x55,
+ 0x1d,
+ 0x25,
/* NID_id_pkix */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
/* NID_id_kp */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x03,
/* NID_server_auth */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x03,
+ 0x01,
/* NID_client_auth */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x03,
+ 0x02,
/* NID_code_sign */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x03,
+ 0x03,
/* NID_email_protect */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x03,
+ 0x04,
/* NID_time_stamp */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x03,
+ 0x08,
/* NID_ms_code_ind */
- 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x15,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x04,
+ 0x01,
+ 0x82,
+ 0x37,
+ 0x02,
+ 0x01,
+ 0x15,
/* NID_ms_code_com */
- 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x16,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x04,
+ 0x01,
+ 0x82,
+ 0x37,
+ 0x02,
+ 0x01,
+ 0x16,
/* NID_ms_ctl_sign */
- 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0a, 0x03, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x04,
+ 0x01,
+ 0x82,
+ 0x37,
+ 0x0a,
+ 0x03,
+ 0x01,
/* NID_ms_sgc */
- 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0a, 0x03, 0x03,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x04,
+ 0x01,
+ 0x82,
+ 0x37,
+ 0x0a,
+ 0x03,
+ 0x03,
/* NID_ms_efs */
- 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0a, 0x03, 0x04,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x04,
+ 0x01,
+ 0x82,
+ 0x37,
+ 0x0a,
+ 0x03,
+ 0x04,
/* NID_ns_sgc */
- 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x04, 0x01,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x86,
+ 0xf8,
+ 0x42,
+ 0x04,
+ 0x01,
/* NID_delta_crl */
- 0x55, 0x1d, 0x1b,
+ 0x55,
+ 0x1d,
+ 0x1b,
/* NID_crl_reason */
- 0x55, 0x1d, 0x15,
+ 0x55,
+ 0x1d,
+ 0x15,
/* NID_invalidity_date */
- 0x55, 0x1d, 0x18,
+ 0x55,
+ 0x1d,
+ 0x18,
/* NID_sxnet */
- 0x2b, 0x65, 0x01, 0x04, 0x01,
+ 0x2b,
+ 0x65,
+ 0x01,
+ 0x04,
+ 0x01,
/* NID_pbe_WithSHA1And128BitRC4 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x0c,
+ 0x01,
+ 0x01,
/* NID_pbe_WithSHA1And40BitRC4 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x0c,
+ 0x01,
+ 0x02,
/* NID_pbe_WithSHA1And3_Key_TripleDES_CBC */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x03,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x0c,
+ 0x01,
+ 0x03,
/* NID_pbe_WithSHA1And2_Key_TripleDES_CBC */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x04,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x0c,
+ 0x01,
+ 0x04,
/* NID_pbe_WithSHA1And128BitRC2_CBC */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x05,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x0c,
+ 0x01,
+ 0x05,
/* NID_pbe_WithSHA1And40BitRC2_CBC */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x06,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x0c,
+ 0x01,
+ 0x06,
/* NID_keyBag */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x0c,
+ 0x0a,
+ 0x01,
+ 0x01,
/* NID_pkcs8ShroudedKeyBag */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x0c,
+ 0x0a,
+ 0x01,
+ 0x02,
/* NID_certBag */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x03,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x0c,
+ 0x0a,
+ 0x01,
+ 0x03,
/* NID_crlBag */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x04,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x0c,
+ 0x0a,
+ 0x01,
+ 0x04,
/* NID_secretBag */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x05,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x0c,
+ 0x0a,
+ 0x01,
+ 0x05,
/* NID_safeContentsBag */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x06,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x0c,
+ 0x0a,
+ 0x01,
+ 0x06,
/* NID_friendlyName */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x14,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x14,
/* NID_localKeyID */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x15,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x15,
/* NID_x509Certificate */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x16, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x16,
+ 0x01,
/* NID_sdsiCertificate */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x16, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x16,
+ 0x02,
/* NID_x509Crl */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x17, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x17,
+ 0x01,
/* NID_pbes2 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0d,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x05,
+ 0x0d,
/* NID_pbmac1 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0e,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x05,
+ 0x0e,
/* NID_hmacWithSHA1 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x07,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x02,
+ 0x07,
/* NID_id_qt_cps */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x02,
+ 0x01,
/* NID_id_qt_unotice */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x02,
+ 0x02,
/* NID_SMIMECapabilities */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x0f,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x0f,
/* NID_pbeWithMD2AndRC2_CBC */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x04,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x05,
+ 0x04,
/* NID_pbeWithMD5AndRC2_CBC */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x06,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x05,
+ 0x06,
/* NID_pbeWithSHA1AndDES_CBC */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0a,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x05,
+ 0x0a,
/* NID_ms_ext_req */
- 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x0e,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x04,
+ 0x01,
+ 0x82,
+ 0x37,
+ 0x02,
+ 0x01,
+ 0x0e,
/* NID_ext_req */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x0e,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x0e,
/* NID_name */
- 0x55, 0x04, 0x29,
+ 0x55,
+ 0x04,
+ 0x29,
/* NID_dnQualifier */
- 0x55, 0x04, 0x2e,
+ 0x55,
+ 0x04,
+ 0x2e,
/* NID_id_pe */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x01,
/* NID_id_ad */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x30,
/* NID_info_access */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x01,
+ 0x01,
/* NID_ad_OCSP */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x30,
+ 0x01,
/* NID_ad_ca_issuers */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x30,
+ 0x02,
/* NID_OCSP_sign */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x03,
+ 0x09,
/* NID_member_body */
0x2a,
/* NID_ISO_US */
- 0x2a, 0x86, 0x48,
+ 0x2a,
+ 0x86,
+ 0x48,
/* NID_X9_57 */
- 0x2a, 0x86, 0x48, 0xce, 0x38,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x38,
/* NID_X9cm */
- 0x2a, 0x86, 0x48, 0xce, 0x38, 0x04,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x38,
+ 0x04,
/* NID_pkcs1 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x01,
/* NID_pkcs5 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x05,
/* NID_SMIME */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
/* NID_id_smime_mod */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x00,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x00,
/* NID_id_smime_ct */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x01,
/* NID_id_smime_aa */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
/* NID_id_smime_alg */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x03,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x03,
/* NID_id_smime_cd */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x04,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x04,
/* NID_id_smime_spq */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x05,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x05,
/* NID_id_smime_cti */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x06,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x06,
/* NID_id_smime_mod_cms */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x00, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x00,
+ 0x01,
/* NID_id_smime_mod_ess */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x00, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x00,
+ 0x02,
/* NID_id_smime_mod_oid */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x00, 0x03,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x00,
+ 0x03,
/* NID_id_smime_mod_msg_v3 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x00, 0x04,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x00,
+ 0x04,
/* NID_id_smime_mod_ets_eSignature_88 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x00, 0x05,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x00,
+ 0x05,
/* NID_id_smime_mod_ets_eSignature_97 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x00, 0x06,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x00,
+ 0x06,
/* NID_id_smime_mod_ets_eSigPolicy_88 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x00, 0x07,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x00,
+ 0x07,
/* NID_id_smime_mod_ets_eSigPolicy_97 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x00, 0x08,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x00,
+ 0x08,
/* NID_id_smime_ct_receipt */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x01,
+ 0x01,
/* NID_id_smime_ct_authData */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x01,
+ 0x02,
/* NID_id_smime_ct_publishCert */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x03,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x01,
+ 0x03,
/* NID_id_smime_ct_TSTInfo */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x04,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x01,
+ 0x04,
/* NID_id_smime_ct_TDTInfo */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x05,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x01,
+ 0x05,
/* NID_id_smime_ct_contentInfo */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x06,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x01,
+ 0x06,
/* NID_id_smime_ct_DVCSRequestData */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x07,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x01,
+ 0x07,
/* NID_id_smime_ct_DVCSResponseData */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x08,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x01,
+ 0x08,
/* NID_id_smime_aa_receiptRequest */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x01,
/* NID_id_smime_aa_securityLabel */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x02,
/* NID_id_smime_aa_mlExpandHistory */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x03,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x03,
/* NID_id_smime_aa_contentHint */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x04,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x04,
/* NID_id_smime_aa_msgSigDigest */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x05,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x05,
/* NID_id_smime_aa_encapContentType */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x06,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x06,
/* NID_id_smime_aa_contentIdentifier */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x07,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x07,
/* NID_id_smime_aa_macValue */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x08,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x08,
/* NID_id_smime_aa_equivalentLabels */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x09,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x09,
/* NID_id_smime_aa_contentReference */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x0a,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x0a,
/* NID_id_smime_aa_encrypKeyPref */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x0b,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x0b,
/* NID_id_smime_aa_signingCertificate */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x0c,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x0c,
/* NID_id_smime_aa_smimeEncryptCerts */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x0d,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x0d,
/* NID_id_smime_aa_timeStampToken */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x0e,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x0e,
/* NID_id_smime_aa_ets_sigPolicyId */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x0f,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x0f,
/* NID_id_smime_aa_ets_commitmentType */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x10,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x10,
/* NID_id_smime_aa_ets_signerLocation */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x11,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x11,
/* NID_id_smime_aa_ets_signerAttr */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x12,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x12,
/* NID_id_smime_aa_ets_otherSigCert */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x13,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x13,
/* NID_id_smime_aa_ets_contentTimestamp */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x14,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x14,
/* NID_id_smime_aa_ets_CertificateRefs */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x15,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x15,
/* NID_id_smime_aa_ets_RevocationRefs */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x16,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x16,
/* NID_id_smime_aa_ets_certValues */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x17,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x17,
/* NID_id_smime_aa_ets_revocationValues */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x18,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x18,
/* NID_id_smime_aa_ets_escTimeStamp */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x19,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x19,
/* NID_id_smime_aa_ets_certCRLTimestamp */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x1a,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x1a,
/* NID_id_smime_aa_ets_archiveTimeStamp */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x1b,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x1b,
/* NID_id_smime_aa_signatureType */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x1c,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x1c,
/* NID_id_smime_aa_dvcs_dvc */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x1d,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x02,
+ 0x1d,
/* NID_id_smime_alg_ESDHwith3DES */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x03, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x03,
+ 0x01,
/* NID_id_smime_alg_ESDHwithRC2 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x03, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x03,
+ 0x02,
/* NID_id_smime_alg_3DESwrap */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x03, 0x03,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x03,
+ 0x03,
/* NID_id_smime_alg_RC2wrap */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x03, 0x04,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x03,
+ 0x04,
/* NID_id_smime_alg_ESDH */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x03, 0x05,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x03,
+ 0x05,
/* NID_id_smime_alg_CMS3DESwrap */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x03, 0x06,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x03,
+ 0x06,
/* NID_id_smime_alg_CMSRC2wrap */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x03, 0x07,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x03,
+ 0x07,
/* NID_id_smime_cd_ldap */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x04, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x04,
+ 0x01,
/* NID_id_smime_spq_ets_sqt_uri */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x05, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x05,
+ 0x01,
/* NID_id_smime_spq_ets_sqt_unotice */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x05, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x05,
+ 0x02,
/* NID_id_smime_cti_ets_proofOfOrigin */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x06, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x06,
+ 0x01,
/* NID_id_smime_cti_ets_proofOfReceipt */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x06, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x06,
+ 0x02,
/* NID_id_smime_cti_ets_proofOfDelivery */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x06, 0x03,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x06,
+ 0x03,
/* NID_id_smime_cti_ets_proofOfSender */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x06, 0x04,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x06,
+ 0x04,
/* NID_id_smime_cti_ets_proofOfApproval */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x06, 0x05,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x06,
+ 0x05,
/* NID_id_smime_cti_ets_proofOfCreation */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x06, 0x06,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x06,
+ 0x06,
/* NID_md4 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x04,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x02,
+ 0x04,
/* NID_id_pkix_mod */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x00,
/* NID_id_qt */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x02,
/* NID_id_it */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x04,
/* NID_id_pkip */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x05,
/* NID_id_alg */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x06,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x06,
/* NID_id_cmc */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x07,
/* NID_id_on */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x08,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x08,
/* NID_id_pda */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x09,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x09,
/* NID_id_aca */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x0a,
/* NID_id_qcs */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0b,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x0b,
/* NID_id_cct */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0c,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x0c,
/* NID_id_pkix1_explicit_88 */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x00,
+ 0x01,
/* NID_id_pkix1_implicit_88 */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x00,
+ 0x02,
/* NID_id_pkix1_explicit_93 */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x03,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x00,
+ 0x03,
/* NID_id_pkix1_implicit_93 */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x04,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x00,
+ 0x04,
/* NID_id_mod_crmf */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x05,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x00,
+ 0x05,
/* NID_id_mod_cmc */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x06,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x00,
+ 0x06,
/* NID_id_mod_kea_profile_88 */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x07,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x00,
+ 0x07,
/* NID_id_mod_kea_profile_93 */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x08,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x00,
+ 0x08,
/* NID_id_mod_cmp */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x09,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x00,
+ 0x09,
/* NID_id_mod_qualified_cert_88 */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x0a,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x00,
+ 0x0a,
/* NID_id_mod_qualified_cert_93 */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x0b,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x00,
+ 0x0b,
/* NID_id_mod_attribute_cert */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x0c,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x00,
+ 0x0c,
/* NID_id_mod_timestamp_protocol */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x0d,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x00,
+ 0x0d,
/* NID_id_mod_ocsp */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x0e,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x00,
+ 0x0e,
/* NID_id_mod_dvcs */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x0f,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x00,
+ 0x0f,
/* NID_id_mod_cmp2000 */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x10,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x00,
+ 0x10,
/* NID_biometricInfo */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x01,
+ 0x02,
/* NID_qcStatements */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x03,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x01,
+ 0x03,
/* NID_ac_auditEntity */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x04,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x01,
+ 0x04,
/* NID_ac_targeting */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x05,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x01,
+ 0x05,
/* NID_aaControls */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x06,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x01,
+ 0x06,
/* NID_sbgp_ipAddrBlock */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x07,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x01,
+ 0x07,
/* NID_sbgp_autonomousSysNum */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x08,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x01,
+ 0x08,
/* NID_sbgp_routerIdentifier */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x09,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x01,
+ 0x09,
/* NID_textNotice */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x03,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x02,
+ 0x03,
/* NID_ipsecEndSystem */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x05,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x03,
+ 0x05,
/* NID_ipsecTunnel */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x06,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x03,
+ 0x06,
/* NID_ipsecUser */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x07,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x03,
+ 0x07,
/* NID_dvcs */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x0a,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x03,
+ 0x0a,
/* NID_id_it_caProtEncCert */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x04,
+ 0x01,
/* NID_id_it_signKeyPairTypes */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x04,
+ 0x02,
/* NID_id_it_encKeyPairTypes */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x03,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x04,
+ 0x03,
/* NID_id_it_preferredSymmAlg */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x04,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x04,
+ 0x04,
/* NID_id_it_caKeyUpdateInfo */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x05,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x04,
+ 0x05,
/* NID_id_it_currentCRL */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x06,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x04,
+ 0x06,
/* NID_id_it_unsupportedOIDs */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x07,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x04,
+ 0x07,
/* NID_id_it_subscriptionRequest */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x08,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x04,
+ 0x08,
/* NID_id_it_subscriptionResponse */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x09,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x04,
+ 0x09,
/* NID_id_it_keyPairParamReq */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x0a,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x04,
+ 0x0a,
/* NID_id_it_keyPairParamRep */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x0b,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x04,
+ 0x0b,
/* NID_id_it_revPassphrase */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x0c,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x04,
+ 0x0c,
/* NID_id_it_implicitConfirm */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x0d,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x04,
+ 0x0d,
/* NID_id_it_confirmWaitTime */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x0e,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x04,
+ 0x0e,
/* NID_id_it_origPKIMessage */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x0f,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x04,
+ 0x0f,
/* NID_id_regCtrl */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x05,
+ 0x01,
/* NID_id_regInfo */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x05,
+ 0x02,
/* NID_id_regCtrl_regToken */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05, 0x01, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x05,
+ 0x01,
+ 0x01,
/* NID_id_regCtrl_authenticator */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05, 0x01, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x05,
+ 0x01,
+ 0x02,
/* NID_id_regCtrl_pkiPublicationInfo */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05, 0x01, 0x03,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x05,
+ 0x01,
+ 0x03,
/* NID_id_regCtrl_pkiArchiveOptions */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05, 0x01, 0x04,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x05,
+ 0x01,
+ 0x04,
/* NID_id_regCtrl_oldCertID */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05, 0x01, 0x05,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x05,
+ 0x01,
+ 0x05,
/* NID_id_regCtrl_protocolEncrKey */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05, 0x01, 0x06,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x05,
+ 0x01,
+ 0x06,
/* NID_id_regInfo_utf8Pairs */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05, 0x02, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x05,
+ 0x02,
+ 0x01,
/* NID_id_regInfo_certReq */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05, 0x02, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x05,
+ 0x02,
+ 0x02,
/* NID_id_alg_des40 */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x06, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x06,
+ 0x01,
/* NID_id_alg_noSignature */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x06, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x06,
+ 0x02,
/* NID_id_alg_dh_sig_hmac_sha1 */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x06, 0x03,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x06,
+ 0x03,
/* NID_id_alg_dh_pop */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x06, 0x04,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x06,
+ 0x04,
/* NID_id_cmc_statusInfo */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x07,
+ 0x01,
/* NID_id_cmc_identification */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x07,
+ 0x02,
/* NID_id_cmc_identityProof */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x03,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x07,
+ 0x03,
/* NID_id_cmc_dataReturn */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x04,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x07,
+ 0x04,
/* NID_id_cmc_transactionId */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x05,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x07,
+ 0x05,
/* NID_id_cmc_senderNonce */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x06,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x07,
+ 0x06,
/* NID_id_cmc_recipientNonce */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x07,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x07,
+ 0x07,
/* NID_id_cmc_addExtensions */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x08,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x07,
+ 0x08,
/* NID_id_cmc_encryptedPOP */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x09,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x07,
+ 0x09,
/* NID_id_cmc_decryptedPOP */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x0a,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x07,
+ 0x0a,
/* NID_id_cmc_lraPOPWitness */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x0b,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x07,
+ 0x0b,
/* NID_id_cmc_getCert */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x0f,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x07,
+ 0x0f,
/* NID_id_cmc_getCRL */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x10,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x07,
+ 0x10,
/* NID_id_cmc_revokeRequest */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x11,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x07,
+ 0x11,
/* NID_id_cmc_regInfo */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x12,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x07,
+ 0x12,
/* NID_id_cmc_responseInfo */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x13,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x07,
+ 0x13,
/* NID_id_cmc_queryPending */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x15,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x07,
+ 0x15,
/* NID_id_cmc_popLinkRandom */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x16,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x07,
+ 0x16,
/* NID_id_cmc_popLinkWitness */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x17,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x07,
+ 0x17,
/* NID_id_cmc_confirmCertAcceptance */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x18,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x07,
+ 0x18,
/* NID_id_on_personalData */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x08, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x08,
+ 0x01,
/* NID_id_pda_dateOfBirth */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x09, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x09,
+ 0x01,
/* NID_id_pda_placeOfBirth */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x09, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x09,
+ 0x02,
/* NID_id_pda_gender */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x09, 0x03,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x09,
+ 0x03,
/* NID_id_pda_countryOfCitizenship */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x09, 0x04,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x09,
+ 0x04,
/* NID_id_pda_countryOfResidence */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x09, 0x05,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x09,
+ 0x05,
/* NID_id_aca_authenticationInfo */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x0a,
+ 0x01,
/* NID_id_aca_accessIdentity */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x0a,
+ 0x02,
/* NID_id_aca_chargingIdentity */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a, 0x03,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x0a,
+ 0x03,
/* NID_id_aca_group */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a, 0x04,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x0a,
+ 0x04,
/* NID_id_aca_role */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a, 0x05,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x0a,
+ 0x05,
/* NID_id_qcs_pkixQCSyntax_v1 */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0b, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x0b,
+ 0x01,
/* NID_id_cct_crs */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0c, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x0c,
+ 0x01,
/* NID_id_cct_PKIData */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0c, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x0c,
+ 0x02,
/* NID_id_cct_PKIResponse */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0c, 0x03,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x0c,
+ 0x03,
/* NID_ad_timeStamping */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x03,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x30,
+ 0x03,
/* NID_ad_dvcs */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x04,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x30,
+ 0x04,
/* NID_id_pkix_OCSP_basic */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x30,
+ 0x01,
+ 0x01,
/* NID_id_pkix_OCSP_Nonce */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x30,
+ 0x01,
+ 0x02,
/* NID_id_pkix_OCSP_CrlID */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x03,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x30,
+ 0x01,
+ 0x03,
/* NID_id_pkix_OCSP_acceptableResponses */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x04,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x30,
+ 0x01,
+ 0x04,
/* NID_id_pkix_OCSP_noCheck */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x05,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x30,
+ 0x01,
+ 0x05,
/* NID_id_pkix_OCSP_archiveCutoff */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x06,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x30,
+ 0x01,
+ 0x06,
/* NID_id_pkix_OCSP_serviceLocator */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x07,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x30,
+ 0x01,
+ 0x07,
/* NID_id_pkix_OCSP_extendedStatus */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x08,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x30,
+ 0x01,
+ 0x08,
/* NID_id_pkix_OCSP_valid */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x09,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x30,
+ 0x01,
+ 0x09,
/* NID_id_pkix_OCSP_path */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x0a,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x30,
+ 0x01,
+ 0x0a,
/* NID_id_pkix_OCSP_trustRoot */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x0b,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x30,
+ 0x01,
+ 0x0b,
/* NID_algorithm */
- 0x2b, 0x0e, 0x03, 0x02,
+ 0x2b,
+ 0x0e,
+ 0x03,
+ 0x02,
/* NID_rsaSignature */
- 0x2b, 0x0e, 0x03, 0x02, 0x0b,
+ 0x2b,
+ 0x0e,
+ 0x03,
+ 0x02,
+ 0x0b,
/* NID_X500algorithms */
- 0x55, 0x08,
+ 0x55,
+ 0x08,
/* NID_org */
0x2b,
/* NID_dod */
- 0x2b, 0x06,
+ 0x2b,
+ 0x06,
/* NID_iana */
- 0x2b, 0x06, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
/* NID_Directory */
- 0x2b, 0x06, 0x01, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x01,
/* NID_Management */
- 0x2b, 0x06, 0x01, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x02,
/* NID_Experimental */
- 0x2b, 0x06, 0x01, 0x03,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x03,
/* NID_Private */
- 0x2b, 0x06, 0x01, 0x04,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x04,
/* NID_Security */
- 0x2b, 0x06, 0x01, 0x05,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
/* NID_SNMPv2 */
- 0x2b, 0x06, 0x01, 0x06,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x06,
/* NID_Mail */
- 0x2b, 0x06, 0x01, 0x07,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x07,
/* NID_Enterprises */
- 0x2b, 0x06, 0x01, 0x04, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x04,
+ 0x01,
/* NID_dcObject */
- 0x2b, 0x06, 0x01, 0x04, 0x01, 0x8b, 0x3a, 0x82, 0x58,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x04,
+ 0x01,
+ 0x8b,
+ 0x3a,
+ 0x82,
+ 0x58,
/* NID_domainComponent */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x19,
/* NID_Domain */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x0d,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x04,
+ 0x0d,
/* NID_selected_attribute_types */
- 0x55, 0x01, 0x05,
+ 0x55,
+ 0x01,
+ 0x05,
/* NID_clearance */
- 0x55, 0x01, 0x05, 0x37,
+ 0x55,
+ 0x01,
+ 0x05,
+ 0x37,
/* NID_md4WithRSAEncryption */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x03,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x01,
+ 0x03,
/* NID_ac_proxying */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x0a,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x01,
+ 0x0a,
/* NID_sinfo_access */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x0b,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x01,
+ 0x0b,
/* NID_id_aca_encAttrs */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a, 0x06,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x0a,
+ 0x06,
/* NID_role */
- 0x55, 0x04, 0x48,
+ 0x55,
+ 0x04,
+ 0x48,
/* NID_policy_constraints */
- 0x55, 0x1d, 0x24,
+ 0x55,
+ 0x1d,
+ 0x24,
/* NID_target_information */
- 0x55, 0x1d, 0x37,
+ 0x55,
+ 0x1d,
+ 0x37,
/* NID_no_rev_avail */
- 0x55, 0x1d, 0x38,
+ 0x55,
+ 0x1d,
+ 0x38,
/* NID_ansi_X9_62 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
/* NID_X9_62_prime_field */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x01,
+ 0x01,
/* NID_X9_62_characteristic_two_field */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x01,
+ 0x02,
/* NID_X9_62_id_ecPublicKey */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x02,
+ 0x01,
/* NID_X9_62_prime192v1 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x01,
+ 0x01,
/* NID_X9_62_prime192v2 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x01,
+ 0x02,
/* NID_X9_62_prime192v3 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x03,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x01,
+ 0x03,
/* NID_X9_62_prime239v1 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x04,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x01,
+ 0x04,
/* NID_X9_62_prime239v2 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x05,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x01,
+ 0x05,
/* NID_X9_62_prime239v3 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x06,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x01,
+ 0x06,
/* NID_X9_62_prime256v1 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x01,
+ 0x07,
/* NID_ecdsa_with_SHA1 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x04,
+ 0x01,
/* NID_ms_csp_name */
- 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x11, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x04,
+ 0x01,
+ 0x82,
+ 0x37,
+ 0x11,
+ 0x01,
/* NID_aes_128_ecb */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x01,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x01,
/* NID_aes_128_cbc */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x02,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x02,
/* NID_aes_128_ofb128 */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x03,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x03,
/* NID_aes_128_cfb128 */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x04,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x04,
/* NID_aes_192_ecb */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x15,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x15,
/* NID_aes_192_cbc */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x16,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x16,
/* NID_aes_192_ofb128 */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x17,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x17,
/* NID_aes_192_cfb128 */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x18,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x18,
/* NID_aes_256_ecb */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x29,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x29,
/* NID_aes_256_cbc */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2a,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x2a,
/* NID_aes_256_ofb128 */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2b,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x2b,
/* NID_aes_256_cfb128 */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2c,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x2c,
/* NID_hold_instruction_code */
- 0x55, 0x1d, 0x17,
+ 0x55,
+ 0x1d,
+ 0x17,
/* NID_hold_instruction_none */
- 0x2a, 0x86, 0x48, 0xce, 0x38, 0x02, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x38,
+ 0x02,
+ 0x01,
/* NID_hold_instruction_call_issuer */
- 0x2a, 0x86, 0x48, 0xce, 0x38, 0x02, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x38,
+ 0x02,
+ 0x02,
/* NID_hold_instruction_reject */
- 0x2a, 0x86, 0x48, 0xce, 0x38, 0x02, 0x03,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x38,
+ 0x02,
+ 0x03,
/* NID_data */
0x09,
/* NID_pss */
- 0x09, 0x92, 0x26,
+ 0x09,
+ 0x92,
+ 0x26,
/* NID_ucl */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
/* NID_pilot */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
/* NID_pilotAttributeType */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
/* NID_pilotAttributeSyntax */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x03,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x03,
/* NID_pilotObjectClass */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x04,
/* NID_pilotGroups */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x0a,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x0a,
/* NID_iA5StringSyntax */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x03, 0x04,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x03,
+ 0x04,
/* NID_caseIgnoreIA5StringSyntax */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x03, 0x05,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x03,
+ 0x05,
/* NID_pilotObject */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x03,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x04,
+ 0x03,
/* NID_pilotPerson */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x04,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x04,
+ 0x04,
/* NID_account */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x05,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x04,
+ 0x05,
/* NID_document */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x06,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x04,
+ 0x06,
/* NID_room */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x07,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x04,
+ 0x07,
/* NID_documentSeries */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x09,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x04,
+ 0x09,
/* NID_rFC822localPart */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x0e,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x04,
+ 0x0e,
/* NID_dNSDomain */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x0f,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x04,
+ 0x0f,
/* NID_domainRelatedObject */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x11,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x04,
+ 0x11,
/* NID_friendlyCountry */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x12,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x04,
+ 0x12,
/* NID_simpleSecurityObject */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x13,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x04,
+ 0x13,
/* NID_pilotOrganization */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x14,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x04,
+ 0x14,
/* NID_pilotDSA */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x15,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x04,
+ 0x15,
/* NID_qualityLabelledData */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x16,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x04,
+ 0x16,
/* NID_userId */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x01,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x01,
/* NID_textEncodedORAddress */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x02,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x02,
/* NID_rfc822Mailbox */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x03,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x03,
/* NID_info */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x04,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x04,
/* NID_favouriteDrink */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x05,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x05,
/* NID_roomNumber */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x06,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x06,
/* NID_photo */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x07,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x07,
/* NID_userClass */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x08,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x08,
/* NID_host */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x09,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x09,
/* NID_manager */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x0a,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x0a,
/* NID_documentIdentifier */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x0b,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x0b,
/* NID_documentTitle */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x0c,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x0c,
/* NID_documentVersion */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x0d,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x0d,
/* NID_documentAuthor */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x0e,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x0e,
/* NID_documentLocation */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x0f,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x0f,
/* NID_homeTelephoneNumber */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x14,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x14,
/* NID_secretary */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x15,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x15,
/* NID_otherMailbox */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x16,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x16,
/* NID_lastModifiedTime */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x17,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x17,
/* NID_lastModifiedBy */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x18,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x18,
/* NID_aRecord */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x1a,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x1a,
/* NID_pilotAttributeType27 */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x1b,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x1b,
/* NID_mXRecord */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x1c,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x1c,
/* NID_nSRecord */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x1d,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x1d,
/* NID_sOARecord */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x1e,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x1e,
/* NID_cNAMERecord */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x1f,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x1f,
/* NID_associatedDomain */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x25,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x25,
/* NID_associatedName */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x26,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x26,
/* NID_homePostalAddress */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x27,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x27,
/* NID_personalTitle */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x28,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x28,
/* NID_mobileTelephoneNumber */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x29,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x29,
/* NID_pagerTelephoneNumber */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x2a,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x2a,
/* NID_friendlyCountryName */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x2b,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x2b,
/* NID_organizationalStatus */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x2d,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x2d,
/* NID_janetMailbox */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x2e,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x2e,
/* NID_mailPreferenceOption */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x2f,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x2f,
/* NID_buildingName */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x30,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x30,
/* NID_dSAQuality */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x31,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x31,
/* NID_singleLevelQuality */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x32,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x32,
/* NID_subtreeMinimumQuality */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x33,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x33,
/* NID_subtreeMaximumQuality */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x34,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x34,
/* NID_personalSignature */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x35,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x35,
/* NID_dITRedirect */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x36,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x36,
/* NID_audio */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x37,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x37,
/* NID_documentPublisher */
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x38,
+ 0x09,
+ 0x92,
+ 0x26,
+ 0x89,
+ 0x93,
+ 0xf2,
+ 0x2c,
+ 0x64,
+ 0x01,
+ 0x38,
/* NID_x500UniqueIdentifier */
- 0x55, 0x04, 0x2d,
+ 0x55,
+ 0x04,
+ 0x2d,
/* NID_mime_mhs */
- 0x2b, 0x06, 0x01, 0x07, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x07,
+ 0x01,
/* NID_mime_mhs_headings */
- 0x2b, 0x06, 0x01, 0x07, 0x01, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x07,
+ 0x01,
+ 0x01,
/* NID_mime_mhs_bodies */
- 0x2b, 0x06, 0x01, 0x07, 0x01, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x07,
+ 0x01,
+ 0x02,
/* NID_id_hex_partial_message */
- 0x2b, 0x06, 0x01, 0x07, 0x01, 0x01, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x07,
+ 0x01,
+ 0x01,
+ 0x01,
/* NID_id_hex_multipart_message */
- 0x2b, 0x06, 0x01, 0x07, 0x01, 0x01, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x07,
+ 0x01,
+ 0x01,
+ 0x02,
/* NID_generationQualifier */
- 0x55, 0x04, 0x2c,
+ 0x55,
+ 0x04,
+ 0x2c,
/* NID_pseudonym */
- 0x55, 0x04, 0x41,
+ 0x55,
+ 0x04,
+ 0x41,
/* NID_id_set */
- 0x67, 0x2a,
+ 0x67,
+ 0x2a,
/* NID_set_ctype */
- 0x67, 0x2a, 0x00,
+ 0x67,
+ 0x2a,
+ 0x00,
/* NID_set_msgExt */
- 0x67, 0x2a, 0x01,
+ 0x67,
+ 0x2a,
+ 0x01,
/* NID_set_attr */
- 0x67, 0x2a, 0x03,
+ 0x67,
+ 0x2a,
+ 0x03,
/* NID_set_policy */
- 0x67, 0x2a, 0x05,
+ 0x67,
+ 0x2a,
+ 0x05,
/* NID_set_certExt */
- 0x67, 0x2a, 0x07,
+ 0x67,
+ 0x2a,
+ 0x07,
/* NID_set_brand */
- 0x67, 0x2a, 0x08,
+ 0x67,
+ 0x2a,
+ 0x08,
/* NID_setct_PANData */
- 0x67, 0x2a, 0x00, 0x00,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x00,
/* NID_setct_PANToken */
- 0x67, 0x2a, 0x00, 0x01,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x01,
/* NID_setct_PANOnly */
- 0x67, 0x2a, 0x00, 0x02,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x02,
/* NID_setct_OIData */
- 0x67, 0x2a, 0x00, 0x03,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x03,
/* NID_setct_PI */
- 0x67, 0x2a, 0x00, 0x04,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x04,
/* NID_setct_PIData */
- 0x67, 0x2a, 0x00, 0x05,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x05,
/* NID_setct_PIDataUnsigned */
- 0x67, 0x2a, 0x00, 0x06,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x06,
/* NID_setct_HODInput */
- 0x67, 0x2a, 0x00, 0x07,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x07,
/* NID_setct_AuthResBaggage */
- 0x67, 0x2a, 0x00, 0x08,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x08,
/* NID_setct_AuthRevReqBaggage */
- 0x67, 0x2a, 0x00, 0x09,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x09,
/* NID_setct_AuthRevResBaggage */
- 0x67, 0x2a, 0x00, 0x0a,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x0a,
/* NID_setct_CapTokenSeq */
- 0x67, 0x2a, 0x00, 0x0b,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x0b,
/* NID_setct_PInitResData */
- 0x67, 0x2a, 0x00, 0x0c,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x0c,
/* NID_setct_PI_TBS */
- 0x67, 0x2a, 0x00, 0x0d,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x0d,
/* NID_setct_PResData */
- 0x67, 0x2a, 0x00, 0x0e,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x0e,
/* NID_setct_AuthReqTBS */
- 0x67, 0x2a, 0x00, 0x10,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x10,
/* NID_setct_AuthResTBS */
- 0x67, 0x2a, 0x00, 0x11,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x11,
/* NID_setct_AuthResTBSX */
- 0x67, 0x2a, 0x00, 0x12,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x12,
/* NID_setct_AuthTokenTBS */
- 0x67, 0x2a, 0x00, 0x13,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x13,
/* NID_setct_CapTokenData */
- 0x67, 0x2a, 0x00, 0x14,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x14,
/* NID_setct_CapTokenTBS */
- 0x67, 0x2a, 0x00, 0x15,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x15,
/* NID_setct_AcqCardCodeMsg */
- 0x67, 0x2a, 0x00, 0x16,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x16,
/* NID_setct_AuthRevReqTBS */
- 0x67, 0x2a, 0x00, 0x17,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x17,
/* NID_setct_AuthRevResData */
- 0x67, 0x2a, 0x00, 0x18,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x18,
/* NID_setct_AuthRevResTBS */
- 0x67, 0x2a, 0x00, 0x19,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x19,
/* NID_setct_CapReqTBS */
- 0x67, 0x2a, 0x00, 0x1a,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x1a,
/* NID_setct_CapReqTBSX */
- 0x67, 0x2a, 0x00, 0x1b,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x1b,
/* NID_setct_CapResData */
- 0x67, 0x2a, 0x00, 0x1c,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x1c,
/* NID_setct_CapRevReqTBS */
- 0x67, 0x2a, 0x00, 0x1d,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x1d,
/* NID_setct_CapRevReqTBSX */
- 0x67, 0x2a, 0x00, 0x1e,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x1e,
/* NID_setct_CapRevResData */
- 0x67, 0x2a, 0x00, 0x1f,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x1f,
/* NID_setct_CredReqTBS */
- 0x67, 0x2a, 0x00, 0x20,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x20,
/* NID_setct_CredReqTBSX */
- 0x67, 0x2a, 0x00, 0x21,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x21,
/* NID_setct_CredResData */
- 0x67, 0x2a, 0x00, 0x22,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x22,
/* NID_setct_CredRevReqTBS */
- 0x67, 0x2a, 0x00, 0x23,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x23,
/* NID_setct_CredRevReqTBSX */
- 0x67, 0x2a, 0x00, 0x24,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x24,
/* NID_setct_CredRevResData */
- 0x67, 0x2a, 0x00, 0x25,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x25,
/* NID_setct_PCertReqData */
- 0x67, 0x2a, 0x00, 0x26,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x26,
/* NID_setct_PCertResTBS */
- 0x67, 0x2a, 0x00, 0x27,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x27,
/* NID_setct_BatchAdminReqData */
- 0x67, 0x2a, 0x00, 0x28,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x28,
/* NID_setct_BatchAdminResData */
- 0x67, 0x2a, 0x00, 0x29,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x29,
/* NID_setct_CardCInitResTBS */
- 0x67, 0x2a, 0x00, 0x2a,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x2a,
/* NID_setct_MeAqCInitResTBS */
- 0x67, 0x2a, 0x00, 0x2b,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x2b,
/* NID_setct_RegFormResTBS */
- 0x67, 0x2a, 0x00, 0x2c,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x2c,
/* NID_setct_CertReqData */
- 0x67, 0x2a, 0x00, 0x2d,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x2d,
/* NID_setct_CertReqTBS */
- 0x67, 0x2a, 0x00, 0x2e,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x2e,
/* NID_setct_CertResData */
- 0x67, 0x2a, 0x00, 0x2f,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x2f,
/* NID_setct_CertInqReqTBS */
- 0x67, 0x2a, 0x00, 0x30,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x30,
/* NID_setct_ErrorTBS */
- 0x67, 0x2a, 0x00, 0x31,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x31,
/* NID_setct_PIDualSignedTBE */
- 0x67, 0x2a, 0x00, 0x32,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x32,
/* NID_setct_PIUnsignedTBE */
- 0x67, 0x2a, 0x00, 0x33,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x33,
/* NID_setct_AuthReqTBE */
- 0x67, 0x2a, 0x00, 0x34,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x34,
/* NID_setct_AuthResTBE */
- 0x67, 0x2a, 0x00, 0x35,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x35,
/* NID_setct_AuthResTBEX */
- 0x67, 0x2a, 0x00, 0x36,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x36,
/* NID_setct_AuthTokenTBE */
- 0x67, 0x2a, 0x00, 0x37,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x37,
/* NID_setct_CapTokenTBE */
- 0x67, 0x2a, 0x00, 0x38,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x38,
/* NID_setct_CapTokenTBEX */
- 0x67, 0x2a, 0x00, 0x39,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x39,
/* NID_setct_AcqCardCodeMsgTBE */
- 0x67, 0x2a, 0x00, 0x3a,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x3a,
/* NID_setct_AuthRevReqTBE */
- 0x67, 0x2a, 0x00, 0x3b,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x3b,
/* NID_setct_AuthRevResTBE */
- 0x67, 0x2a, 0x00, 0x3c,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x3c,
/* NID_setct_AuthRevResTBEB */
- 0x67, 0x2a, 0x00, 0x3d,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x3d,
/* NID_setct_CapReqTBE */
- 0x67, 0x2a, 0x00, 0x3e,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x3e,
/* NID_setct_CapReqTBEX */
- 0x67, 0x2a, 0x00, 0x3f,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x3f,
/* NID_setct_CapResTBE */
- 0x67, 0x2a, 0x00, 0x40,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x40,
/* NID_setct_CapRevReqTBE */
- 0x67, 0x2a, 0x00, 0x41,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x41,
/* NID_setct_CapRevReqTBEX */
- 0x67, 0x2a, 0x00, 0x42,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x42,
/* NID_setct_CapRevResTBE */
- 0x67, 0x2a, 0x00, 0x43,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x43,
/* NID_setct_CredReqTBE */
- 0x67, 0x2a, 0x00, 0x44,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x44,
/* NID_setct_CredReqTBEX */
- 0x67, 0x2a, 0x00, 0x45,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x45,
/* NID_setct_CredResTBE */
- 0x67, 0x2a, 0x00, 0x46,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x46,
/* NID_setct_CredRevReqTBE */
- 0x67, 0x2a, 0x00, 0x47,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x47,
/* NID_setct_CredRevReqTBEX */
- 0x67, 0x2a, 0x00, 0x48,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x48,
/* NID_setct_CredRevResTBE */
- 0x67, 0x2a, 0x00, 0x49,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x49,
/* NID_setct_BatchAdminReqTBE */
- 0x67, 0x2a, 0x00, 0x4a,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x4a,
/* NID_setct_BatchAdminResTBE */
- 0x67, 0x2a, 0x00, 0x4b,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x4b,
/* NID_setct_RegFormReqTBE */
- 0x67, 0x2a, 0x00, 0x4c,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x4c,
/* NID_setct_CertReqTBE */
- 0x67, 0x2a, 0x00, 0x4d,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x4d,
/* NID_setct_CertReqTBEX */
- 0x67, 0x2a, 0x00, 0x4e,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x4e,
/* NID_setct_CertResTBE */
- 0x67, 0x2a, 0x00, 0x4f,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x4f,
/* NID_setct_CRLNotificationTBS */
- 0x67, 0x2a, 0x00, 0x50,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x50,
/* NID_setct_CRLNotificationResTBS */
- 0x67, 0x2a, 0x00, 0x51,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x51,
/* NID_setct_BCIDistributionTBS */
- 0x67, 0x2a, 0x00, 0x52,
+ 0x67,
+ 0x2a,
+ 0x00,
+ 0x52,
/* NID_setext_genCrypt */
- 0x67, 0x2a, 0x01, 0x01,
+ 0x67,
+ 0x2a,
+ 0x01,
+ 0x01,
/* NID_setext_miAuth */
- 0x67, 0x2a, 0x01, 0x03,
+ 0x67,
+ 0x2a,
+ 0x01,
+ 0x03,
/* NID_setext_pinSecure */
- 0x67, 0x2a, 0x01, 0x04,
+ 0x67,
+ 0x2a,
+ 0x01,
+ 0x04,
/* NID_setext_pinAny */
- 0x67, 0x2a, 0x01, 0x05,
+ 0x67,
+ 0x2a,
+ 0x01,
+ 0x05,
/* NID_setext_track2 */
- 0x67, 0x2a, 0x01, 0x07,
+ 0x67,
+ 0x2a,
+ 0x01,
+ 0x07,
/* NID_setext_cv */
- 0x67, 0x2a, 0x01, 0x08,
+ 0x67,
+ 0x2a,
+ 0x01,
+ 0x08,
/* NID_set_policy_root */
- 0x67, 0x2a, 0x05, 0x00,
+ 0x67,
+ 0x2a,
+ 0x05,
+ 0x00,
/* NID_setCext_hashedRoot */
- 0x67, 0x2a, 0x07, 0x00,
+ 0x67,
+ 0x2a,
+ 0x07,
+ 0x00,
/* NID_setCext_certType */
- 0x67, 0x2a, 0x07, 0x01,
+ 0x67,
+ 0x2a,
+ 0x07,
+ 0x01,
/* NID_setCext_merchData */
- 0x67, 0x2a, 0x07, 0x02,
+ 0x67,
+ 0x2a,
+ 0x07,
+ 0x02,
/* NID_setCext_cCertRequired */
- 0x67, 0x2a, 0x07, 0x03,
+ 0x67,
+ 0x2a,
+ 0x07,
+ 0x03,
/* NID_setCext_tunneling */
- 0x67, 0x2a, 0x07, 0x04,
+ 0x67,
+ 0x2a,
+ 0x07,
+ 0x04,
/* NID_setCext_setExt */
- 0x67, 0x2a, 0x07, 0x05,
+ 0x67,
+ 0x2a,
+ 0x07,
+ 0x05,
/* NID_setCext_setQualf */
- 0x67, 0x2a, 0x07, 0x06,
+ 0x67,
+ 0x2a,
+ 0x07,
+ 0x06,
/* NID_setCext_PGWYcapabilities */
- 0x67, 0x2a, 0x07, 0x07,
+ 0x67,
+ 0x2a,
+ 0x07,
+ 0x07,
/* NID_setCext_TokenIdentifier */
- 0x67, 0x2a, 0x07, 0x08,
+ 0x67,
+ 0x2a,
+ 0x07,
+ 0x08,
/* NID_setCext_Track2Data */
- 0x67, 0x2a, 0x07, 0x09,
+ 0x67,
+ 0x2a,
+ 0x07,
+ 0x09,
/* NID_setCext_TokenType */
- 0x67, 0x2a, 0x07, 0x0a,
+ 0x67,
+ 0x2a,
+ 0x07,
+ 0x0a,
/* NID_setCext_IssuerCapabilities */
- 0x67, 0x2a, 0x07, 0x0b,
+ 0x67,
+ 0x2a,
+ 0x07,
+ 0x0b,
/* NID_setAttr_Cert */
- 0x67, 0x2a, 0x03, 0x00,
+ 0x67,
+ 0x2a,
+ 0x03,
+ 0x00,
/* NID_setAttr_PGWYcap */
- 0x67, 0x2a, 0x03, 0x01,
+ 0x67,
+ 0x2a,
+ 0x03,
+ 0x01,
/* NID_setAttr_TokenType */
- 0x67, 0x2a, 0x03, 0x02,
+ 0x67,
+ 0x2a,
+ 0x03,
+ 0x02,
/* NID_setAttr_IssCap */
- 0x67, 0x2a, 0x03, 0x03,
+ 0x67,
+ 0x2a,
+ 0x03,
+ 0x03,
/* NID_set_rootKeyThumb */
- 0x67, 0x2a, 0x03, 0x00, 0x00,
+ 0x67,
+ 0x2a,
+ 0x03,
+ 0x00,
+ 0x00,
/* NID_set_addPolicy */
- 0x67, 0x2a, 0x03, 0x00, 0x01,
+ 0x67,
+ 0x2a,
+ 0x03,
+ 0x00,
+ 0x01,
/* NID_setAttr_Token_EMV */
- 0x67, 0x2a, 0x03, 0x02, 0x01,
+ 0x67,
+ 0x2a,
+ 0x03,
+ 0x02,
+ 0x01,
/* NID_setAttr_Token_B0Prime */
- 0x67, 0x2a, 0x03, 0x02, 0x02,
+ 0x67,
+ 0x2a,
+ 0x03,
+ 0x02,
+ 0x02,
/* NID_setAttr_IssCap_CVM */
- 0x67, 0x2a, 0x03, 0x03, 0x03,
+ 0x67,
+ 0x2a,
+ 0x03,
+ 0x03,
+ 0x03,
/* NID_setAttr_IssCap_T2 */
- 0x67, 0x2a, 0x03, 0x03, 0x04,
+ 0x67,
+ 0x2a,
+ 0x03,
+ 0x03,
+ 0x04,
/* NID_setAttr_IssCap_Sig */
- 0x67, 0x2a, 0x03, 0x03, 0x05,
+ 0x67,
+ 0x2a,
+ 0x03,
+ 0x03,
+ 0x05,
/* NID_setAttr_GenCryptgrm */
- 0x67, 0x2a, 0x03, 0x03, 0x03, 0x01,
+ 0x67,
+ 0x2a,
+ 0x03,
+ 0x03,
+ 0x03,
+ 0x01,
/* NID_setAttr_T2Enc */
- 0x67, 0x2a, 0x03, 0x03, 0x04, 0x01,
+ 0x67,
+ 0x2a,
+ 0x03,
+ 0x03,
+ 0x04,
+ 0x01,
/* NID_setAttr_T2cleartxt */
- 0x67, 0x2a, 0x03, 0x03, 0x04, 0x02,
+ 0x67,
+ 0x2a,
+ 0x03,
+ 0x03,
+ 0x04,
+ 0x02,
/* NID_setAttr_TokICCsig */
- 0x67, 0x2a, 0x03, 0x03, 0x05, 0x01,
+ 0x67,
+ 0x2a,
+ 0x03,
+ 0x03,
+ 0x05,
+ 0x01,
/* NID_setAttr_SecDevSig */
- 0x67, 0x2a, 0x03, 0x03, 0x05, 0x02,
+ 0x67,
+ 0x2a,
+ 0x03,
+ 0x03,
+ 0x05,
+ 0x02,
/* NID_set_brand_IATA_ATA */
- 0x67, 0x2a, 0x08, 0x01,
+ 0x67,
+ 0x2a,
+ 0x08,
+ 0x01,
/* NID_set_brand_Diners */
- 0x67, 0x2a, 0x08, 0x1e,
+ 0x67,
+ 0x2a,
+ 0x08,
+ 0x1e,
/* NID_set_brand_AmericanExpress */
- 0x67, 0x2a, 0x08, 0x22,
+ 0x67,
+ 0x2a,
+ 0x08,
+ 0x22,
/* NID_set_brand_JCB */
- 0x67, 0x2a, 0x08, 0x23,
+ 0x67,
+ 0x2a,
+ 0x08,
+ 0x23,
/* NID_set_brand_Visa */
- 0x67, 0x2a, 0x08, 0x04,
+ 0x67,
+ 0x2a,
+ 0x08,
+ 0x04,
/* NID_set_brand_MasterCard */
- 0x67, 0x2a, 0x08, 0x05,
+ 0x67,
+ 0x2a,
+ 0x08,
+ 0x05,
/* NID_set_brand_Novus */
- 0x67, 0x2a, 0x08, 0xae, 0x7b,
+ 0x67,
+ 0x2a,
+ 0x08,
+ 0xae,
+ 0x7b,
/* NID_des_cdmf */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x0a,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x03,
+ 0x0a,
/* NID_rsaOAEPEncryptionSET */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x06,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x01,
+ 0x06,
/* NID_international_organizations */
0x67,
/* NID_ms_smartcard_login */
- 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x04,
+ 0x01,
+ 0x82,
+ 0x37,
+ 0x14,
+ 0x02,
+ 0x02,
/* NID_ms_upn */
- 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x03,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x04,
+ 0x01,
+ 0x82,
+ 0x37,
+ 0x14,
+ 0x02,
+ 0x03,
/* NID_streetAddress */
- 0x55, 0x04, 0x09,
+ 0x55,
+ 0x04,
+ 0x09,
/* NID_postalCode */
- 0x55, 0x04, 0x11,
+ 0x55,
+ 0x04,
+ 0x11,
/* NID_id_ppl */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x15,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x15,
/* NID_proxyCertInfo */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x0e,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x01,
+ 0x0e,
/* NID_id_ppl_anyLanguage */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x15, 0x00,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x15,
+ 0x00,
/* NID_id_ppl_inheritAll */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x15, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x15,
+ 0x01,
/* NID_name_constraints */
- 0x55, 0x1d, 0x1e,
+ 0x55,
+ 0x1d,
+ 0x1e,
/* NID_Independent */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x15, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x15,
+ 0x02,
/* NID_sha256WithRSAEncryption */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x01,
+ 0x0b,
/* NID_sha384WithRSAEncryption */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0c,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x01,
+ 0x0c,
/* NID_sha512WithRSAEncryption */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x01,
+ 0x0d,
/* NID_sha224WithRSAEncryption */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0e,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x01,
+ 0x0e,
/* NID_sha256 */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x02,
+ 0x01,
/* NID_sha384 */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x02,
+ 0x02,
/* NID_sha512 */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x02,
+ 0x03,
/* NID_sha224 */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x02,
+ 0x04,
/* NID_identified_organization */
0x2b,
/* NID_certicom_arc */
- 0x2b, 0x81, 0x04,
+ 0x2b,
+ 0x81,
+ 0x04,
/* NID_wap */
- 0x67, 0x2b,
+ 0x67,
+ 0x2b,
/* NID_wap_wsg */
- 0x67, 0x2b, 0x01,
+ 0x67,
+ 0x2b,
+ 0x01,
/* NID_X9_62_id_characteristic_two_basis */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x02, 0x03,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x01,
+ 0x02,
+ 0x03,
/* NID_X9_62_onBasis */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x02, 0x03, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x01,
+ 0x02,
+ 0x03,
+ 0x01,
/* NID_X9_62_tpBasis */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x02, 0x03, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x01,
+ 0x02,
+ 0x03,
+ 0x02,
/* NID_X9_62_ppBasis */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x02, 0x03, 0x03,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x01,
+ 0x02,
+ 0x03,
+ 0x03,
/* NID_X9_62_c2pnb163v1 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x00,
+ 0x01,
/* NID_X9_62_c2pnb163v2 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x00,
+ 0x02,
/* NID_X9_62_c2pnb163v3 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x03,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x00,
+ 0x03,
/* NID_X9_62_c2pnb176v1 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x04,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x00,
+ 0x04,
/* NID_X9_62_c2tnb191v1 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x05,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x00,
+ 0x05,
/* NID_X9_62_c2tnb191v2 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x06,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x00,
+ 0x06,
/* NID_X9_62_c2tnb191v3 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x07,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x00,
+ 0x07,
/* NID_X9_62_c2onb191v4 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x08,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x00,
+ 0x08,
/* NID_X9_62_c2onb191v5 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x09,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x00,
+ 0x09,
/* NID_X9_62_c2pnb208w1 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x0a,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x00,
+ 0x0a,
/* NID_X9_62_c2tnb239v1 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x0b,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x00,
+ 0x0b,
/* NID_X9_62_c2tnb239v2 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x0c,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x00,
+ 0x0c,
/* NID_X9_62_c2tnb239v3 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x0d,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x00,
+ 0x0d,
/* NID_X9_62_c2onb239v4 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x0e,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x00,
+ 0x0e,
/* NID_X9_62_c2onb239v5 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x0f,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x00,
+ 0x0f,
/* NID_X9_62_c2pnb272w1 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x10,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x00,
+ 0x10,
/* NID_X9_62_c2pnb304w1 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x11,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x00,
+ 0x11,
/* NID_X9_62_c2tnb359v1 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x12,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x00,
+ 0x12,
/* NID_X9_62_c2pnb368w1 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x13,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x00,
+ 0x13,
/* NID_X9_62_c2tnb431r1 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x14,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x03,
+ 0x00,
+ 0x14,
/* NID_secp112r1 */
- 0x2b, 0x81, 0x04, 0x00, 0x06,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x06,
/* NID_secp112r2 */
- 0x2b, 0x81, 0x04, 0x00, 0x07,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x07,
/* NID_secp128r1 */
- 0x2b, 0x81, 0x04, 0x00, 0x1c,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x1c,
/* NID_secp128r2 */
- 0x2b, 0x81, 0x04, 0x00, 0x1d,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x1d,
/* NID_secp160k1 */
- 0x2b, 0x81, 0x04, 0x00, 0x09,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x09,
/* NID_secp160r1 */
- 0x2b, 0x81, 0x04, 0x00, 0x08,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x08,
/* NID_secp160r2 */
- 0x2b, 0x81, 0x04, 0x00, 0x1e,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x1e,
/* NID_secp192k1 */
- 0x2b, 0x81, 0x04, 0x00, 0x1f,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x1f,
/* NID_secp224k1 */
- 0x2b, 0x81, 0x04, 0x00, 0x20,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x20,
/* NID_secp224r1 */
- 0x2b, 0x81, 0x04, 0x00, 0x21,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x21,
/* NID_secp256k1 */
- 0x2b, 0x81, 0x04, 0x00, 0x0a,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x0a,
/* NID_secp384r1 */
- 0x2b, 0x81, 0x04, 0x00, 0x22,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x22,
/* NID_secp521r1 */
- 0x2b, 0x81, 0x04, 0x00, 0x23,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x23,
/* NID_sect113r1 */
- 0x2b, 0x81, 0x04, 0x00, 0x04,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x04,
/* NID_sect113r2 */
- 0x2b, 0x81, 0x04, 0x00, 0x05,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x05,
/* NID_sect131r1 */
- 0x2b, 0x81, 0x04, 0x00, 0x16,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x16,
/* NID_sect131r2 */
- 0x2b, 0x81, 0x04, 0x00, 0x17,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x17,
/* NID_sect163k1 */
- 0x2b, 0x81, 0x04, 0x00, 0x01,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x01,
/* NID_sect163r1 */
- 0x2b, 0x81, 0x04, 0x00, 0x02,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x02,
/* NID_sect163r2 */
- 0x2b, 0x81, 0x04, 0x00, 0x0f,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x0f,
/* NID_sect193r1 */
- 0x2b, 0x81, 0x04, 0x00, 0x18,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x18,
/* NID_sect193r2 */
- 0x2b, 0x81, 0x04, 0x00, 0x19,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x19,
/* NID_sect233k1 */
- 0x2b, 0x81, 0x04, 0x00, 0x1a,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x1a,
/* NID_sect233r1 */
- 0x2b, 0x81, 0x04, 0x00, 0x1b,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x1b,
/* NID_sect239k1 */
- 0x2b, 0x81, 0x04, 0x00, 0x03,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x03,
/* NID_sect283k1 */
- 0x2b, 0x81, 0x04, 0x00, 0x10,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x10,
/* NID_sect283r1 */
- 0x2b, 0x81, 0x04, 0x00, 0x11,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x11,
/* NID_sect409k1 */
- 0x2b, 0x81, 0x04, 0x00, 0x24,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x24,
/* NID_sect409r1 */
- 0x2b, 0x81, 0x04, 0x00, 0x25,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x25,
/* NID_sect571k1 */
- 0x2b, 0x81, 0x04, 0x00, 0x26,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x26,
/* NID_sect571r1 */
- 0x2b, 0x81, 0x04, 0x00, 0x27,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x27,
/* NID_wap_wsg_idm_ecid_wtls1 */
- 0x67, 0x2b, 0x01, 0x04, 0x01,
+ 0x67,
+ 0x2b,
+ 0x01,
+ 0x04,
+ 0x01,
/* NID_wap_wsg_idm_ecid_wtls3 */
- 0x67, 0x2b, 0x01, 0x04, 0x03,
+ 0x67,
+ 0x2b,
+ 0x01,
+ 0x04,
+ 0x03,
/* NID_wap_wsg_idm_ecid_wtls4 */
- 0x67, 0x2b, 0x01, 0x04, 0x04,
+ 0x67,
+ 0x2b,
+ 0x01,
+ 0x04,
+ 0x04,
/* NID_wap_wsg_idm_ecid_wtls5 */
- 0x67, 0x2b, 0x01, 0x04, 0x05,
+ 0x67,
+ 0x2b,
+ 0x01,
+ 0x04,
+ 0x05,
/* NID_wap_wsg_idm_ecid_wtls6 */
- 0x67, 0x2b, 0x01, 0x04, 0x06,
+ 0x67,
+ 0x2b,
+ 0x01,
+ 0x04,
+ 0x06,
/* NID_wap_wsg_idm_ecid_wtls7 */
- 0x67, 0x2b, 0x01, 0x04, 0x07,
+ 0x67,
+ 0x2b,
+ 0x01,
+ 0x04,
+ 0x07,
/* NID_wap_wsg_idm_ecid_wtls8 */
- 0x67, 0x2b, 0x01, 0x04, 0x08,
+ 0x67,
+ 0x2b,
+ 0x01,
+ 0x04,
+ 0x08,
/* NID_wap_wsg_idm_ecid_wtls9 */
- 0x67, 0x2b, 0x01, 0x04, 0x09,
+ 0x67,
+ 0x2b,
+ 0x01,
+ 0x04,
+ 0x09,
/* NID_wap_wsg_idm_ecid_wtls10 */
- 0x67, 0x2b, 0x01, 0x04, 0x0a,
+ 0x67,
+ 0x2b,
+ 0x01,
+ 0x04,
+ 0x0a,
/* NID_wap_wsg_idm_ecid_wtls11 */
- 0x67, 0x2b, 0x01, 0x04, 0x0b,
+ 0x67,
+ 0x2b,
+ 0x01,
+ 0x04,
+ 0x0b,
/* NID_wap_wsg_idm_ecid_wtls12 */
- 0x67, 0x2b, 0x01, 0x04, 0x0c,
+ 0x67,
+ 0x2b,
+ 0x01,
+ 0x04,
+ 0x0c,
/* NID_any_policy */
- 0x55, 0x1d, 0x20, 0x00,
+ 0x55,
+ 0x1d,
+ 0x20,
+ 0x00,
/* NID_policy_mappings */
- 0x55, 0x1d, 0x21,
+ 0x55,
+ 0x1d,
+ 0x21,
/* NID_inhibit_any_policy */
- 0x55, 0x1d, 0x36,
+ 0x55,
+ 0x1d,
+ 0x36,
/* NID_camellia_128_cbc */
- 0x2a, 0x83, 0x08, 0x8c, 0x9a, 0x4b, 0x3d, 0x01, 0x01, 0x01, 0x02,
+ 0x2a,
+ 0x83,
+ 0x08,
+ 0x8c,
+ 0x9a,
+ 0x4b,
+ 0x3d,
+ 0x01,
+ 0x01,
+ 0x01,
+ 0x02,
/* NID_camellia_192_cbc */
- 0x2a, 0x83, 0x08, 0x8c, 0x9a, 0x4b, 0x3d, 0x01, 0x01, 0x01, 0x03,
+ 0x2a,
+ 0x83,
+ 0x08,
+ 0x8c,
+ 0x9a,
+ 0x4b,
+ 0x3d,
+ 0x01,
+ 0x01,
+ 0x01,
+ 0x03,
/* NID_camellia_256_cbc */
- 0x2a, 0x83, 0x08, 0x8c, 0x9a, 0x4b, 0x3d, 0x01, 0x01, 0x01, 0x04,
+ 0x2a,
+ 0x83,
+ 0x08,
+ 0x8c,
+ 0x9a,
+ 0x4b,
+ 0x3d,
+ 0x01,
+ 0x01,
+ 0x01,
+ 0x04,
/* NID_camellia_128_ecb */
- 0x03, 0xa2, 0x31, 0x05, 0x03, 0x01, 0x09, 0x01,
+ 0x03,
+ 0xa2,
+ 0x31,
+ 0x05,
+ 0x03,
+ 0x01,
+ 0x09,
+ 0x01,
/* NID_camellia_192_ecb */
- 0x03, 0xa2, 0x31, 0x05, 0x03, 0x01, 0x09, 0x15,
+ 0x03,
+ 0xa2,
+ 0x31,
+ 0x05,
+ 0x03,
+ 0x01,
+ 0x09,
+ 0x15,
/* NID_camellia_256_ecb */
- 0x03, 0xa2, 0x31, 0x05, 0x03, 0x01, 0x09, 0x29,
+ 0x03,
+ 0xa2,
+ 0x31,
+ 0x05,
+ 0x03,
+ 0x01,
+ 0x09,
+ 0x29,
/* NID_camellia_128_cfb128 */
- 0x03, 0xa2, 0x31, 0x05, 0x03, 0x01, 0x09, 0x04,
+ 0x03,
+ 0xa2,
+ 0x31,
+ 0x05,
+ 0x03,
+ 0x01,
+ 0x09,
+ 0x04,
/* NID_camellia_192_cfb128 */
- 0x03, 0xa2, 0x31, 0x05, 0x03, 0x01, 0x09, 0x18,
+ 0x03,
+ 0xa2,
+ 0x31,
+ 0x05,
+ 0x03,
+ 0x01,
+ 0x09,
+ 0x18,
/* NID_camellia_256_cfb128 */
- 0x03, 0xa2, 0x31, 0x05, 0x03, 0x01, 0x09, 0x2c,
+ 0x03,
+ 0xa2,
+ 0x31,
+ 0x05,
+ 0x03,
+ 0x01,
+ 0x09,
+ 0x2c,
/* NID_camellia_128_ofb128 */
- 0x03, 0xa2, 0x31, 0x05, 0x03, 0x01, 0x09, 0x03,
+ 0x03,
+ 0xa2,
+ 0x31,
+ 0x05,
+ 0x03,
+ 0x01,
+ 0x09,
+ 0x03,
/* NID_camellia_192_ofb128 */
- 0x03, 0xa2, 0x31, 0x05, 0x03, 0x01, 0x09, 0x17,
+ 0x03,
+ 0xa2,
+ 0x31,
+ 0x05,
+ 0x03,
+ 0x01,
+ 0x09,
+ 0x17,
/* NID_camellia_256_ofb128 */
- 0x03, 0xa2, 0x31, 0x05, 0x03, 0x01, 0x09, 0x2b,
+ 0x03,
+ 0xa2,
+ 0x31,
+ 0x05,
+ 0x03,
+ 0x01,
+ 0x09,
+ 0x2b,
/* NID_subject_directory_attributes */
- 0x55, 0x1d, 0x09,
+ 0x55,
+ 0x1d,
+ 0x09,
/* NID_issuing_distribution_point */
- 0x55, 0x1d, 0x1c,
+ 0x55,
+ 0x1d,
+ 0x1c,
/* NID_certificate_issuer */
- 0x55, 0x1d, 0x1d,
+ 0x55,
+ 0x1d,
+ 0x1d,
/* NID_kisa */
- 0x2a, 0x83, 0x1a, 0x8c, 0x9a, 0x44,
+ 0x2a,
+ 0x83,
+ 0x1a,
+ 0x8c,
+ 0x9a,
+ 0x44,
/* NID_seed_ecb */
- 0x2a, 0x83, 0x1a, 0x8c, 0x9a, 0x44, 0x01, 0x03,
+ 0x2a,
+ 0x83,
+ 0x1a,
+ 0x8c,
+ 0x9a,
+ 0x44,
+ 0x01,
+ 0x03,
/* NID_seed_cbc */
- 0x2a, 0x83, 0x1a, 0x8c, 0x9a, 0x44, 0x01, 0x04,
+ 0x2a,
+ 0x83,
+ 0x1a,
+ 0x8c,
+ 0x9a,
+ 0x44,
+ 0x01,
+ 0x04,
/* NID_seed_ofb128 */
- 0x2a, 0x83, 0x1a, 0x8c, 0x9a, 0x44, 0x01, 0x06,
+ 0x2a,
+ 0x83,
+ 0x1a,
+ 0x8c,
+ 0x9a,
+ 0x44,
+ 0x01,
+ 0x06,
/* NID_seed_cfb128 */
- 0x2a, 0x83, 0x1a, 0x8c, 0x9a, 0x44, 0x01, 0x05,
+ 0x2a,
+ 0x83,
+ 0x1a,
+ 0x8c,
+ 0x9a,
+ 0x44,
+ 0x01,
+ 0x05,
/* NID_hmac_md5 */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x08, 0x01, 0x01,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x08,
+ 0x01,
+ 0x01,
/* NID_hmac_sha1 */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x08, 0x01, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x08,
+ 0x01,
+ 0x02,
/* NID_id_PasswordBasedMAC */
- 0x2a, 0x86, 0x48, 0x86, 0xf6, 0x7d, 0x07, 0x42, 0x0d,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf6,
+ 0x7d,
+ 0x07,
+ 0x42,
+ 0x0d,
/* NID_id_DHBasedMac */
- 0x2a, 0x86, 0x48, 0x86, 0xf6, 0x7d, 0x07, 0x42, 0x1e,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf6,
+ 0x7d,
+ 0x07,
+ 0x42,
+ 0x1e,
/* NID_id_it_suppLangTags */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x10,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x04,
+ 0x10,
/* NID_caRepository */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x05,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x30,
+ 0x05,
/* NID_id_smime_ct_compressedData */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x09,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x01,
+ 0x09,
/* NID_id_ct_asciiTextWithCRLF */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x1b,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x01,
+ 0x1b,
/* NID_id_aes128_wrap */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x05,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x05,
/* NID_id_aes192_wrap */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x19,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x19,
/* NID_id_aes256_wrap */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2d,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x2d,
/* NID_ecdsa_with_Recommended */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x04,
+ 0x02,
/* NID_ecdsa_with_Specified */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x04,
+ 0x03,
/* NID_ecdsa_with_SHA224 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x04,
+ 0x03,
+ 0x01,
/* NID_ecdsa_with_SHA256 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x04,
+ 0x03,
+ 0x02,
/* NID_ecdsa_with_SHA384 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x04,
+ 0x03,
+ 0x03,
/* NID_ecdsa_with_SHA512 */
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3d,
+ 0x04,
+ 0x03,
+ 0x04,
/* NID_hmacWithMD5 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x06,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x02,
+ 0x06,
/* NID_hmacWithSHA224 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x08,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x02,
+ 0x08,
/* NID_hmacWithSHA256 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x09,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x02,
+ 0x09,
/* NID_hmacWithSHA384 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x0a,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x02,
+ 0x0a,
/* NID_hmacWithSHA512 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x0b,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x02,
+ 0x0b,
/* NID_dsa_with_SHA224 */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x01,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x03,
+ 0x01,
/* NID_dsa_with_SHA256 */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x02,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x03,
+ 0x02,
/* NID_whirlpool */
- 0x28, 0xcf, 0x06, 0x03, 0x00, 0x37,
+ 0x28,
+ 0xcf,
+ 0x06,
+ 0x03,
+ 0x00,
+ 0x37,
/* NID_cryptopro */
- 0x2a, 0x85, 0x03, 0x02, 0x02,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
/* NID_cryptocom */
- 0x2a, 0x85, 0x03, 0x02, 0x09,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x09,
/* NID_id_GostR3411_94_with_GostR3410_2001 */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x03,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x03,
/* NID_id_GostR3411_94_with_GostR3410_94 */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x04,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x04,
/* NID_id_GostR3411_94 */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x09,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x09,
/* NID_id_HMACGostR3411_94 */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x0a,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x0a,
/* NID_id_GostR3410_2001 */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x13,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x13,
/* NID_id_GostR3410_94 */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x14,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x14,
/* NID_id_Gost28147_89 */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x15,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x15,
/* NID_id_Gost28147_89_MAC */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x16,
/* NID_id_GostR3411_94_prf */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x17,
/* NID_id_GostR3410_2001DH */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x62,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x62,
/* NID_id_GostR3410_94DH */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x63,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x63,
/* NID_id_Gost28147_89_CryptoPro_KeyMeshing */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x0e, 0x01,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x0e,
+ 0x01,
/* NID_id_Gost28147_89_None_KeyMeshing */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x0e, 0x00,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x0e,
+ 0x00,
/* NID_id_GostR3411_94_TestParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1e, 0x00,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x1e,
+ 0x00,
/* NID_id_GostR3411_94_CryptoProParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1e, 0x01,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x1e,
+ 0x01,
/* NID_id_Gost28147_89_TestParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1f, 0x00,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x1f,
+ 0x00,
/* NID_id_Gost28147_89_CryptoPro_A_ParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1f, 0x01,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x1f,
+ 0x01,
/* NID_id_Gost28147_89_CryptoPro_B_ParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1f, 0x02,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x1f,
+ 0x02,
/* NID_id_Gost28147_89_CryptoPro_C_ParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1f, 0x03,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x1f,
+ 0x03,
/* NID_id_Gost28147_89_CryptoPro_D_ParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1f, 0x04,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x1f,
+ 0x04,
/* NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1f, 0x05,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x1f,
+ 0x05,
/* NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1f, 0x06,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x1f,
+ 0x06,
/* NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1f, 0x07,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x1f,
+ 0x07,
/* NID_id_GostR3410_94_TestParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x20, 0x00,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x20,
+ 0x00,
/* NID_id_GostR3410_94_CryptoPro_A_ParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x20, 0x02,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x20,
+ 0x02,
/* NID_id_GostR3410_94_CryptoPro_B_ParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x20, 0x03,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x20,
+ 0x03,
/* NID_id_GostR3410_94_CryptoPro_C_ParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x20, 0x04,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x20,
+ 0x04,
/* NID_id_GostR3410_94_CryptoPro_D_ParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x20, 0x05,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x20,
+ 0x05,
/* NID_id_GostR3410_94_CryptoPro_XchA_ParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x21, 0x01,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x21,
+ 0x01,
/* NID_id_GostR3410_94_CryptoPro_XchB_ParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x21, 0x02,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x21,
+ 0x02,
/* NID_id_GostR3410_94_CryptoPro_XchC_ParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x21, 0x03,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x21,
+ 0x03,
/* NID_id_GostR3410_2001_TestParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x23, 0x00,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x23,
+ 0x00,
/* NID_id_GostR3410_2001_CryptoPro_A_ParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x23, 0x01,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x23,
+ 0x01,
/* NID_id_GostR3410_2001_CryptoPro_B_ParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x23, 0x02,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x23,
+ 0x02,
/* NID_id_GostR3410_2001_CryptoPro_C_ParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x23, 0x03,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x23,
+ 0x03,
/* NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x24, 0x00,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x24,
+ 0x00,
/* NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x24, 0x01,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x24,
+ 0x01,
/* NID_id_GostR3410_94_a */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x14, 0x01,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x14,
+ 0x01,
/* NID_id_GostR3410_94_aBis */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x14, 0x02,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x14,
+ 0x02,
/* NID_id_GostR3410_94_b */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x14, 0x03,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x14,
+ 0x03,
/* NID_id_GostR3410_94_bBis */
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x14, 0x04,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x02,
+ 0x14,
+ 0x04,
/* NID_id_Gost28147_89_cc */
- 0x2a, 0x85, 0x03, 0x02, 0x09, 0x01, 0x06, 0x01,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x09,
+ 0x01,
+ 0x06,
+ 0x01,
/* NID_id_GostR3410_94_cc */
- 0x2a, 0x85, 0x03, 0x02, 0x09, 0x01, 0x05, 0x03,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x09,
+ 0x01,
+ 0x05,
+ 0x03,
/* NID_id_GostR3410_2001_cc */
- 0x2a, 0x85, 0x03, 0x02, 0x09, 0x01, 0x05, 0x04,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x09,
+ 0x01,
+ 0x05,
+ 0x04,
/* NID_id_GostR3411_94_with_GostR3410_94_cc */
- 0x2a, 0x85, 0x03, 0x02, 0x09, 0x01, 0x03, 0x03,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x09,
+ 0x01,
+ 0x03,
+ 0x03,
/* NID_id_GostR3411_94_with_GostR3410_2001_cc */
- 0x2a, 0x85, 0x03, 0x02, 0x09, 0x01, 0x03, 0x04,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x09,
+ 0x01,
+ 0x03,
+ 0x04,
/* NID_id_GostR3410_2001_ParamSet_cc */
- 0x2a, 0x85, 0x03, 0x02, 0x09, 0x01, 0x08, 0x01,
+ 0x2a,
+ 0x85,
+ 0x03,
+ 0x02,
+ 0x09,
+ 0x01,
+ 0x08,
+ 0x01,
/* NID_LocalKeySet */
- 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x11, 0x02,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x04,
+ 0x01,
+ 0x82,
+ 0x37,
+ 0x11,
+ 0x02,
/* NID_freshest_crl */
- 0x55, 0x1d, 0x2e,
+ 0x55,
+ 0x1d,
+ 0x2e,
/* NID_id_on_permanentIdentifier */
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x08, 0x03,
+ 0x2b,
+ 0x06,
+ 0x01,
+ 0x05,
+ 0x05,
+ 0x07,
+ 0x08,
+ 0x03,
/* NID_searchGuide */
- 0x55, 0x04, 0x0e,
+ 0x55,
+ 0x04,
+ 0x0e,
/* NID_businessCategory */
- 0x55, 0x04, 0x0f,
+ 0x55,
+ 0x04,
+ 0x0f,
/* NID_postalAddress */
- 0x55, 0x04, 0x10,
+ 0x55,
+ 0x04,
+ 0x10,
/* NID_postOfficeBox */
- 0x55, 0x04, 0x12,
+ 0x55,
+ 0x04,
+ 0x12,
/* NID_physicalDeliveryOfficeName */
- 0x55, 0x04, 0x13,
+ 0x55,
+ 0x04,
+ 0x13,
/* NID_telephoneNumber */
- 0x55, 0x04, 0x14,
+ 0x55,
+ 0x04,
+ 0x14,
/* NID_telexNumber */
- 0x55, 0x04, 0x15,
+ 0x55,
+ 0x04,
+ 0x15,
/* NID_teletexTerminalIdentifier */
- 0x55, 0x04, 0x16,
+ 0x55,
+ 0x04,
+ 0x16,
/* NID_facsimileTelephoneNumber */
- 0x55, 0x04, 0x17,
+ 0x55,
+ 0x04,
+ 0x17,
/* NID_x121Address */
- 0x55, 0x04, 0x18,
+ 0x55,
+ 0x04,
+ 0x18,
/* NID_internationaliSDNNumber */
- 0x55, 0x04, 0x19,
+ 0x55,
+ 0x04,
+ 0x19,
/* NID_registeredAddress */
- 0x55, 0x04, 0x1a,
+ 0x55,
+ 0x04,
+ 0x1a,
/* NID_destinationIndicator */
- 0x55, 0x04, 0x1b,
+ 0x55,
+ 0x04,
+ 0x1b,
/* NID_preferredDeliveryMethod */
- 0x55, 0x04, 0x1c,
+ 0x55,
+ 0x04,
+ 0x1c,
/* NID_presentationAddress */
- 0x55, 0x04, 0x1d,
+ 0x55,
+ 0x04,
+ 0x1d,
/* NID_supportedApplicationContext */
- 0x55, 0x04, 0x1e,
+ 0x55,
+ 0x04,
+ 0x1e,
/* NID_member */
- 0x55, 0x04, 0x1f,
+ 0x55,
+ 0x04,
+ 0x1f,
/* NID_owner */
- 0x55, 0x04, 0x20,
+ 0x55,
+ 0x04,
+ 0x20,
/* NID_roleOccupant */
- 0x55, 0x04, 0x21,
+ 0x55,
+ 0x04,
+ 0x21,
/* NID_seeAlso */
- 0x55, 0x04, 0x22,
+ 0x55,
+ 0x04,
+ 0x22,
/* NID_userPassword */
- 0x55, 0x04, 0x23,
+ 0x55,
+ 0x04,
+ 0x23,
/* NID_userCertificate */
- 0x55, 0x04, 0x24,
+ 0x55,
+ 0x04,
+ 0x24,
/* NID_cACertificate */
- 0x55, 0x04, 0x25,
+ 0x55,
+ 0x04,
+ 0x25,
/* NID_authorityRevocationList */
- 0x55, 0x04, 0x26,
+ 0x55,
+ 0x04,
+ 0x26,
/* NID_certificateRevocationList */
- 0x55, 0x04, 0x27,
+ 0x55,
+ 0x04,
+ 0x27,
/* NID_crossCertificatePair */
- 0x55, 0x04, 0x28,
+ 0x55,
+ 0x04,
+ 0x28,
/* NID_enhancedSearchGuide */
- 0x55, 0x04, 0x2f,
+ 0x55,
+ 0x04,
+ 0x2f,
/* NID_protocolInformation */
- 0x55, 0x04, 0x30,
+ 0x55,
+ 0x04,
+ 0x30,
/* NID_distinguishedName */
- 0x55, 0x04, 0x31,
+ 0x55,
+ 0x04,
+ 0x31,
/* NID_uniqueMember */
- 0x55, 0x04, 0x32,
+ 0x55,
+ 0x04,
+ 0x32,
/* NID_houseIdentifier */
- 0x55, 0x04, 0x33,
+ 0x55,
+ 0x04,
+ 0x33,
/* NID_supportedAlgorithms */
- 0x55, 0x04, 0x34,
+ 0x55,
+ 0x04,
+ 0x34,
/* NID_deltaRevocationList */
- 0x55, 0x04, 0x35,
+ 0x55,
+ 0x04,
+ 0x35,
/* NID_dmdName */
- 0x55, 0x04, 0x36,
+ 0x55,
+ 0x04,
+ 0x36,
/* NID_id_alg_PWRI_KEK */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x03, 0x09,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x09,
+ 0x10,
+ 0x03,
+ 0x09,
/* NID_aes_128_gcm */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x06,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x06,
/* NID_aes_128_ccm */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x07,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x07,
/* NID_id_aes128_wrap_pad */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x08,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x08,
/* NID_aes_192_gcm */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x1a,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x1a,
/* NID_aes_192_ccm */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x1b,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x1b,
/* NID_id_aes192_wrap_pad */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x1c,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x1c,
/* NID_aes_256_gcm */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2e,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x2e,
/* NID_aes_256_ccm */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2f,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x2f,
/* NID_id_aes256_wrap_pad */
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x30,
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x01,
+ 0x30,
/* NID_id_camellia128_wrap */
- 0x2a, 0x83, 0x08, 0x8c, 0x9a, 0x4b, 0x3d, 0x01, 0x01, 0x03, 0x02,
+ 0x2a,
+ 0x83,
+ 0x08,
+ 0x8c,
+ 0x9a,
+ 0x4b,
+ 0x3d,
+ 0x01,
+ 0x01,
+ 0x03,
+ 0x02,
/* NID_id_camellia192_wrap */
- 0x2a, 0x83, 0x08, 0x8c, 0x9a, 0x4b, 0x3d, 0x01, 0x01, 0x03, 0x03,
+ 0x2a,
+ 0x83,
+ 0x08,
+ 0x8c,
+ 0x9a,
+ 0x4b,
+ 0x3d,
+ 0x01,
+ 0x01,
+ 0x03,
+ 0x03,
/* NID_id_camellia256_wrap */
- 0x2a, 0x83, 0x08, 0x8c, 0x9a, 0x4b, 0x3d, 0x01, 0x01, 0x03, 0x04,
+ 0x2a,
+ 0x83,
+ 0x08,
+ 0x8c,
+ 0x9a,
+ 0x4b,
+ 0x3d,
+ 0x01,
+ 0x01,
+ 0x03,
+ 0x04,
/* NID_anyExtendedKeyUsage */
- 0x55, 0x1d, 0x25, 0x00,
+ 0x55,
+ 0x1d,
+ 0x25,
+ 0x00,
/* NID_mgf1 */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x08,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x01,
+ 0x08,
/* NID_rsassaPss */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0a,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x01,
+ 0x0a,
/* NID_rsaesOaep */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x07,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x01,
+ 0x07,
/* NID_dhpublicnumber */
- 0x2a, 0x86, 0x48, 0xce, 0x3e, 0x02, 0x01,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0xce,
+ 0x3e,
+ 0x02,
+ 0x01,
/* NID_brainpoolP160r1 */
- 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x01,
+ 0x2b,
+ 0x24,
+ 0x03,
+ 0x03,
+ 0x02,
+ 0x08,
+ 0x01,
+ 0x01,
+ 0x01,
/* NID_brainpoolP160t1 */
- 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x02,
+ 0x2b,
+ 0x24,
+ 0x03,
+ 0x03,
+ 0x02,
+ 0x08,
+ 0x01,
+ 0x01,
+ 0x02,
/* NID_brainpoolP192r1 */
- 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x03,
+ 0x2b,
+ 0x24,
+ 0x03,
+ 0x03,
+ 0x02,
+ 0x08,
+ 0x01,
+ 0x01,
+ 0x03,
/* NID_brainpoolP192t1 */
- 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x04,
+ 0x2b,
+ 0x24,
+ 0x03,
+ 0x03,
+ 0x02,
+ 0x08,
+ 0x01,
+ 0x01,
+ 0x04,
/* NID_brainpoolP224r1 */
- 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x05,
+ 0x2b,
+ 0x24,
+ 0x03,
+ 0x03,
+ 0x02,
+ 0x08,
+ 0x01,
+ 0x01,
+ 0x05,
/* NID_brainpoolP224t1 */
- 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x06,
+ 0x2b,
+ 0x24,
+ 0x03,
+ 0x03,
+ 0x02,
+ 0x08,
+ 0x01,
+ 0x01,
+ 0x06,
/* NID_brainpoolP256r1 */
- 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07,
+ 0x2b,
+ 0x24,
+ 0x03,
+ 0x03,
+ 0x02,
+ 0x08,
+ 0x01,
+ 0x01,
+ 0x07,
/* NID_brainpoolP256t1 */
- 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x08,
+ 0x2b,
+ 0x24,
+ 0x03,
+ 0x03,
+ 0x02,
+ 0x08,
+ 0x01,
+ 0x01,
+ 0x08,
/* NID_brainpoolP320r1 */
- 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x09,
+ 0x2b,
+ 0x24,
+ 0x03,
+ 0x03,
+ 0x02,
+ 0x08,
+ 0x01,
+ 0x01,
+ 0x09,
/* NID_brainpoolP320t1 */
- 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0a,
+ 0x2b,
+ 0x24,
+ 0x03,
+ 0x03,
+ 0x02,
+ 0x08,
+ 0x01,
+ 0x01,
+ 0x0a,
/* NID_brainpoolP384r1 */
- 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0b,
+ 0x2b,
+ 0x24,
+ 0x03,
+ 0x03,
+ 0x02,
+ 0x08,
+ 0x01,
+ 0x01,
+ 0x0b,
/* NID_brainpoolP384t1 */
- 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0c,
+ 0x2b,
+ 0x24,
+ 0x03,
+ 0x03,
+ 0x02,
+ 0x08,
+ 0x01,
+ 0x01,
+ 0x0c,
/* NID_brainpoolP512r1 */
- 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0d,
+ 0x2b,
+ 0x24,
+ 0x03,
+ 0x03,
+ 0x02,
+ 0x08,
+ 0x01,
+ 0x01,
+ 0x0d,
/* NID_brainpoolP512t1 */
- 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0e,
+ 0x2b,
+ 0x24,
+ 0x03,
+ 0x03,
+ 0x02,
+ 0x08,
+ 0x01,
+ 0x01,
+ 0x0e,
/* NID_pSpecified */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x09,
+ 0x2a,
+ 0x86,
+ 0x48,
+ 0x86,
+ 0xf7,
+ 0x0d,
+ 0x01,
+ 0x01,
+ 0x09,
/* NID_dhSinglePass_stdDH_sha1kdf_scheme */
- 0x2b, 0x81, 0x05, 0x10, 0x86, 0x48, 0x3f, 0x00, 0x02,
+ 0x2b,
+ 0x81,
+ 0x05,
+ 0x10,
+ 0x86,
+ 0x48,
+ 0x3f,
+ 0x00,
+ 0x02,
/* NID_dhSinglePass_stdDH_sha224kdf_scheme */
- 0x2b, 0x81, 0x04, 0x01, 0x0b, 0x00,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x01,
+ 0x0b,
+ 0x00,
/* NID_dhSinglePass_stdDH_sha256kdf_scheme */
- 0x2b, 0x81, 0x04, 0x01, 0x0b, 0x01,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x01,
+ 0x0b,
+ 0x01,
/* NID_dhSinglePass_stdDH_sha384kdf_scheme */
- 0x2b, 0x81, 0x04, 0x01, 0x0b, 0x02,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x01,
+ 0x0b,
+ 0x02,
/* NID_dhSinglePass_stdDH_sha512kdf_scheme */
- 0x2b, 0x81, 0x04, 0x01, 0x0b, 0x03,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x01,
+ 0x0b,
+ 0x03,
/* NID_dhSinglePass_cofactorDH_sha1kdf_scheme */
- 0x2b, 0x81, 0x05, 0x10, 0x86, 0x48, 0x3f, 0x00, 0x03,
+ 0x2b,
+ 0x81,
+ 0x05,
+ 0x10,
+ 0x86,
+ 0x48,
+ 0x3f,
+ 0x00,
+ 0x03,
/* NID_dhSinglePass_cofactorDH_sha224kdf_scheme */
- 0x2b, 0x81, 0x04, 0x01, 0x0e, 0x00,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x01,
+ 0x0e,
+ 0x00,
/* NID_dhSinglePass_cofactorDH_sha256kdf_scheme */
- 0x2b, 0x81, 0x04, 0x01, 0x0e, 0x01,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x01,
+ 0x0e,
+ 0x01,
/* NID_dhSinglePass_cofactorDH_sha384kdf_scheme */
- 0x2b, 0x81, 0x04, 0x01, 0x0e, 0x02,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x01,
+ 0x0e,
+ 0x02,
/* NID_dhSinglePass_cofactorDH_sha512kdf_scheme */
- 0x2b, 0x81, 0x04, 0x01, 0x0e, 0x03,
+ 0x2b,
+ 0x81,
+ 0x04,
+ 0x01,
+ 0x0e,
+ 0x03,
/* NID_ED25519 */
- 0x2b, 0x65, 0x70,
+ 0x2b,
+ 0x65,
+ 0x70,
};
static const ASN1_OBJECT kObjects[NUM_NID] = {
@@ -5708,9 +11009,11 @@
825 /* 1.2.643.2.2.31.2 (OBJ_id_Gost28147_89_CryptoPro_B_ParamSet) */,
826 /* 1.2.643.2.2.31.3 (OBJ_id_Gost28147_89_CryptoPro_C_ParamSet) */,
827 /* 1.2.643.2.2.31.4 (OBJ_id_Gost28147_89_CryptoPro_D_ParamSet) */,
- 828 /* 1.2.643.2.2.31.5 (OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet) */
+ 828 /* 1.2.643.2.2.31.5 (OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet)
+ */
,
- 829 /* 1.2.643.2.2.31.6 (OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet) */
+ 829 /* 1.2.643.2.2.31.6 (OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet)
+ */
,
830 /* 1.2.643.2.2.31.7 (OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet) */,
831 /* 1.2.643.2.2.32.0 (OBJ_id_GostR3410_94_TestParamSet) */,
diff --git a/src/crypto/perlasm/arm-xlate.pl b/src/crypto/perlasm/arm-xlate.pl
index 29e086d..eb8ea59 100755
--- a/src/crypto/perlasm/arm-xlate.pl
+++ b/src/crypto/perlasm/arm-xlate.pl
@@ -97,6 +97,16 @@
else
{ ""; }
};
+my $section = sub {
+ if ($flavour =~ /ios/) {
+ if ($_[0] eq ".rodata") {
+ return ".section\t__TEXT,__const";
+ }
+ die "Unknown section name $_[0]";
+ } else {
+ return ".section\t" . join(",", @_);
+ }
+};
sub range {
my ($r,$sfx,$start,$end) = @_;
@@ -131,6 +141,9 @@
}
print <<___;
+// This file is generated from a similarly-named Perl script in the BoringSSL
+// source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
@@ -179,6 +192,18 @@
$opcode = eval("\$$mnemonic");
}
+ if ($flavour =~ /ios/) {
+ # Mach-O and ELF use different syntax for these relocations. Note
+ # that we require :pg_hi21: to be explicitly listed. It is normally
+ # optional with adrp instructions.
+ $line =~ s|:pg_hi21:(\w+)|\1\@PAGE|;
+ $line =~ s|:lo12:(\w+)|\1\@PAGEOFF|;
+ } else {
+ # Clang's integrated assembly does not support the optional
+ # :pg_hi21: markers, so erase them.
+ $line =~ s|:pg_hi21:||;
+ }
+
my $arg=expand_line($line);
if (ref($opcode) eq 'CODE') {
diff --git a/src/crypto/perlasm/ppc-xlate.pl b/src/crypto/perlasm/ppc-xlate.pl
index 7f01dbd..0ce231f 100644
--- a/src/crypto/perlasm/ppc-xlate.pl
+++ b/src/crypto/perlasm/ppc-xlate.pl
@@ -256,6 +256,9 @@
};
print <<___;
+# This file is generated from a similarly-named Perl script in the BoringSSL
+# source tree. Do not edit by hand.
+
#if defined(__has_feature)
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
diff --git a/src/crypto/perlasm/x86_64-xlate.pl b/src/crypto/perlasm/x86_64-xlate.pl
index 3ec9b6c..49551c8 100755
--- a/src/crypto/perlasm/x86_64-xlate.pl
+++ b/src/crypto/perlasm/x86_64-xlate.pl
@@ -1123,6 +1123,16 @@
########################################################################
+{
+ my $comment = "#";
+ $comment = ";" if ($masm || $nasm);
+ print <<___;
+$comment This file is generated from a similarly-named Perl script in the BoringSSL
+$comment source tree. Do not edit by hand.
+
+___
+}
+
if ($nasm) {
print <<___;
default rel
diff --git a/src/crypto/perlasm/x86asm.pl b/src/crypto/perlasm/x86asm.pl
index 6a2755d..c9f645e 100644
--- a/src/crypto/perlasm/x86asm.pl
+++ b/src/crypto/perlasm/x86asm.pl
@@ -255,9 +255,16 @@
sub ::asm_finish
{ &file_end();
- print "#if defined(__i386__)\n" unless $win32;
+ my $comment = "#";
+ $comment = ";" if ($win32 || $netware);
+ print <<___;
+$comment This file is generated from a similarly-named Perl script in the BoringSSL
+$comment source tree. Do not edit by hand.
+
+___
+ print "#if defined(__i386__)\n" unless ($win32 || $netware);
print @out;
- print "#endif\n" unless $win32;
+ print "#endif\n" unless ($win32 || $netware);
}
sub ::asm_init
diff --git a/src/crypto/refcount_lock.c b/src/crypto/refcount_lock.c
index 8b855d6..fb1c11f 100644
--- a/src/crypto/refcount_lock.c
+++ b/src/crypto/refcount_lock.c
@@ -21,8 +21,8 @@
#if !defined(OPENSSL_C11_ATOMIC)
-OPENSSL_COMPILE_ASSERT((CRYPTO_refcount_t)-1 == CRYPTO_REFCOUNT_MAX,
- CRYPTO_REFCOUNT_MAX_is_incorrect);
+OPENSSL_STATIC_ASSERT((CRYPTO_refcount_t)-1 == CRYPTO_REFCOUNT_MAX,
+ "CRYPTO_REFCOUNT_MAX is incorrect");
static struct CRYPTO_STATIC_MUTEX g_refcount_lock = CRYPTO_STATIC_MUTEX_INIT;
diff --git a/src/crypto/test/gtest_main.cc b/src/crypto/test/gtest_main.cc
index 5dc8b23..a557168 100644
--- a/src/crypto/test/gtest_main.cc
+++ b/src/crypto/test/gtest_main.cc
@@ -12,13 +12,22 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+#include <stdio.h>
#include <string.h>
#include <gtest/gtest.h>
+#include <openssl/cpu.h>
#include <openssl/rand.h>
#include "gtest_main.h"
+#include "../internal.h"
+
+#if (defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) && \
+ !defined(OPENSSL_STATIC_ARMCAP)
+#include <openssl/arm_arch.h>
+#define TEST_ARM_CPUS
+#endif
int main(int argc, char **argv) {
@@ -33,5 +42,34 @@
}
#endif
+#if defined(TEST_ARM_CPUS)
+ for (int i = 1; i < argc; i++) {
+ if (strncmp(argv[i], "--cpu=", 6) == 0) {
+ const char *cpu = argv[i] + 6;
+ uint32_t armcap;
+ if (strcmp(cpu, "none") == 0) {
+ armcap = 0;
+ } else if (strcmp(cpu, "neon") == 0) {
+ armcap = ARMV7_NEON;
+ } else if (strcmp(cpu, "crypto") == 0) {
+ armcap = ARMV7_NEON | ARMV8_AES | ARMV8_SHA1 | ARMV8_SHA256 | ARMV8_PMULL;
+ } else {
+ fprintf(stderr, "Unknown CPU: %s\n", cpu);
+ exit(1);
+ }
+
+ uint32_t *armcap_ptr = OPENSSL_get_armcap_pointer_for_test();
+ if ((armcap & *armcap_ptr) != armcap) {
+ fprintf(stderr,
+ "Host CPU does not support features for testing CPU '%s'.\n",
+ cpu);
+ exit(89);
+ }
+ printf("Simulating CPU '%s'\n", cpu);
+ *armcap_ptr = armcap;
+ }
+ }
+#endif // TEST_ARM_CPUS
+
return RUN_ALL_TESTS();
}
diff --git a/src/crypto/thread_pthread.c b/src/crypto/thread_pthread.c
index f8bf595..832e90e 100644
--- a/src/crypto/thread_pthread.c
+++ b/src/crypto/thread_pthread.c
@@ -24,8 +24,8 @@
#include <openssl/type_check.h>
-OPENSSL_COMPILE_ASSERT(sizeof(CRYPTO_MUTEX) >= sizeof(pthread_rwlock_t),
- CRYPTO_MUTEX_too_small);
+OPENSSL_STATIC_ASSERT(sizeof(CRYPTO_MUTEX) >= sizeof(pthread_rwlock_t),
+ "CRYPTO_MUTEX is too small");
void CRYPTO_MUTEX_init(CRYPTO_MUTEX *lock) {
if (pthread_rwlock_init((pthread_rwlock_t *) lock, NULL) != 0) {
diff --git a/src/crypto/thread_win.c b/src/crypto/thread_win.c
index 248870a..8b2b2da 100644
--- a/src/crypto/thread_win.c
+++ b/src/crypto/thread_win.c
@@ -27,8 +27,8 @@
#include <openssl/type_check.h>
-OPENSSL_COMPILE_ASSERT(sizeof(CRYPTO_MUTEX) >= sizeof(SRWLOCK),
- CRYPTO_MUTEX_too_small);
+OPENSSL_STATIC_ASSERT(sizeof(CRYPTO_MUTEX) >= sizeof(SRWLOCK),
+ "CRYPTO_MUTEX is too small");
static BOOL CALLBACK call_once_init(INIT_ONCE *once, void *arg, void **out) {
void (**init)(void) = (void (**)(void))arg;
diff --git a/src/include/openssl/bn.h b/src/include/openssl/bn.h
index 251c717..c895cc1 100644
--- a/src/include/openssl/bn.h
+++ b/src/include/openssl/bn.h
@@ -142,9 +142,11 @@
// BN_ULONG is the native word size when working with big integers.
//
// Note: on some platforms, inttypes.h does not define print format macros in
-// C++ unless |__STDC_FORMAT_MACROS| defined. As this is a public header, bn.h
-// does not define |__STDC_FORMAT_MACROS| itself. C++ source files which use the
-// FMT macros must define it externally.
+// C++ unless |__STDC_FORMAT_MACROS| defined. This is due to text in C99 which
+// was never adopted in any C++ standard and explicitly overruled in C++11. As
+// this is a public header, bn.h does not define |__STDC_FORMAT_MACROS| itself.
+// Projects which use |BN_*_FMT*| with outdated C headers may need to define it
+// externally.
#if defined(OPENSSL_64_BIT)
#define BN_ULONG uint64_t
#define BN_BITS2 64
diff --git a/src/include/openssl/cpu.h b/src/include/openssl/cpu.h
index b2759fe..edac98e 100644
--- a/src/include/openssl/cpu.h
+++ b/src/include/openssl/cpu.h
@@ -125,7 +125,7 @@
// hand-written NEON assembly. For now, continue to apply the workaround even
// when the compiler is instructed to freely emit NEON code. See
// https://crbug.com/341598 and https://crbug.com/606629.
-#if defined(__ARM_NEON__) && !defined(OPENSSL_ARM)
+#if (defined(__ARM_NEON__) || defined(__ARM_NEON)) && !defined(OPENSSL_ARM)
return 1;
#else
return CRYPTO_is_NEON_capable_at_runtime();
@@ -153,7 +153,8 @@
#else
OPENSSL_INLINE int CRYPTO_is_NEON_capable(void) {
-#if defined(OPENSSL_STATIC_ARMCAP_NEON) || defined(__ARM_NEON__)
+#if defined(OPENSSL_STATIC_ARMCAP_NEON) || \
+ (defined(__ARM_NEON__) || defined(__ARM_NEON))
return 1;
#else
return 0;
diff --git a/src/include/openssl/rsa.h b/src/include/openssl/rsa.h
index dcca9e3..2e5cc89 100644
--- a/src/include/openssl/rsa.h
+++ b/src/include/openssl/rsa.h
@@ -161,7 +161,7 @@
// with event=3 when a suitable value for |p| is found.
//
// It returns one on success or zero on error.
-OPENSSL_EXPORT int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
+OPENSSL_EXPORT int RSA_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
BN_GENCB *cb);
// RSA_generate_key_fips behaves like |RSA_generate_key_ex| but performs
diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h
index 17153c2..17c5592 100644
--- a/src/include/openssl/ssl.h
+++ b/src/include/openssl/ssl.h
@@ -3047,7 +3047,10 @@
// |SSL_QUIC_METHOD| to configure secrets and send data. If data is needed from
// the peer, it will return |SSL_ERROR_WANT_READ|. When received, the caller
// should call |SSL_provide_quic_data| and then |SSL_do_handshake| to continue
-// the handshake. It is an error to call |SSL_read| and |SSL_write| in QUIC.
+// the handshake. After the handshake is complete, the caller should call
+// |SSL_provide_quic_data| for any post-handshake data, followed by
+// |SSL_process_quic_post_handshake| to process it. It is an error to call
+// |SSL_read| and |SSL_write| in QUIC.
//
// Note that secrets for an encryption level may be available to QUIC before the
// level is active in TLS. Callers should use |SSL_quic_read_level| to determine
@@ -3064,8 +3067,7 @@
// |SSL_quic_max_handshake_flight_len| to get the maximum buffer length at each
// encryption level.
//
-// Note: 0-RTT and post-handshake tickets are not currently supported via this
-// API.
+// Note: 0-RTT is not currently supported via this API.
// ssl_encryption_level_t represents a specific QUIC encryption level used to
// transmit handshake messages.
@@ -3139,6 +3141,11 @@
const uint8_t *data, size_t len);
+// SSL_process_quic_post_handshake processes any data that QUIC has provided
+// after the handshake has completed. This includes NewSessionTicket messages
+// sent by the server. It returns one on success and zero on error.
+OPENSSL_EXPORT int SSL_process_quic_post_handshake(SSL *ssl);
+
// SSL_CTX_set_quic_method configures the QUIC hooks. This should only be
// configured with a minimum version of TLS 1.3. |quic_method| must remain valid
// for the lifetime of |ctx|. It returns one on success and zero on error.
@@ -3785,6 +3792,14 @@
// mechanism would have aborted |ssl|'s handshake and zero otherwise.
OPENSSL_EXPORT int SSL_is_tls13_downgrade(const SSL *ssl);
+// SSL_set_jdk11_workaround configures whether to workaround a bug in JDK 11's
+// TLS 1.3 implementation. Prior to 11.0.2, JDK 11 fails to send SNI in
+// connections which offer a TLS 1.3 session. Enabling this workaround will
+// disable TLS 1.3 on such clients.
+//
+// See also https://bugs.openjdk.java.net/browse/JDK-8211806.
+OPENSSL_EXPORT void SSL_set_jdk11_workaround(SSL *ssl, int enable);
+
// Deprecated functions.
diff --git a/src/include/openssl/ssl3.h b/src/include/openssl/ssl3.h
index 67d06f4..e3910f0 100644
--- a/src/include/openssl/ssl3.h
+++ b/src/include/openssl/ssl3.h
@@ -251,9 +251,9 @@
#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
(EVP_AEAD_MAX_OVERHEAD + EVP_AEAD_MAX_NONCE_LENGTH)
-OPENSSL_COMPILE_ASSERT(
- SSL3_RT_MAX_ENCRYPTED_OVERHEAD >= SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD,
- max_overheads_are_consistent);
+OPENSSL_STATIC_ASSERT(SSL3_RT_MAX_ENCRYPTED_OVERHEAD >=
+ SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD,
+ "max overheads are inconsistent");
// SSL3_RT_MAX_COMPRESSED_LENGTH is an alias for
// |SSL3_RT_MAX_PLAIN_LENGTH|. Compression is gone, so don't include the
diff --git a/src/include/openssl/stack.h b/src/include/openssl/stack.h
index c1bf520..924228a 100644
--- a/src/include/openssl/stack.h
+++ b/src/include/openssl/stack.h
@@ -416,9 +416,9 @@
// DEFINE_SPECIAL_STACK_OF defines |STACK_OF(type)| to be a stack whose elements
// are |type|, where |type| must be a typedef for a pointer.
-#define DEFINE_SPECIAL_STACK_OF(type) \
- OPENSSL_COMPILE_ASSERT(sizeof(type) == sizeof(void *), \
- special_stack_of_non_pointer_##type); \
+#define DEFINE_SPECIAL_STACK_OF(type) \
+ OPENSSL_STATIC_ASSERT(sizeof(type) == sizeof(void *), \
+ #type " is not a pointer"); \
BORINGSSL_DEFINE_STACK_OF_IMPL(type, type, const type)
diff --git a/src/include/openssl/type_check.h b/src/include/openssl/type_check.h
index 90d81f7..c267938 100644
--- a/src/include/openssl/type_check.h
+++ b/src/include/openssl/type_check.h
@@ -64,19 +64,15 @@
#endif
-// TODO(davidben): |OPENSSL_COMPILE_ASSERT| used to be implemented with a
-// typedef, so the |msg| parameter is a token. It now requires C11 or C++11
-// static asserts. If this change survives to 2018-11-05, switch the parameter
-// to a string. (Maybe rename to |OPENSSL_STATIC_ASSERT| while we're at it.)
#if defined(__cplusplus) || (defined(_MSC_VER) && !defined(__clang__))
// In C++ and non-clang MSVC, |static_assert| is a keyword.
-#define OPENSSL_COMPILE_ASSERT(cond, msg) static_assert(cond, #msg)
+#define OPENSSL_STATIC_ASSERT(cond, msg) static_assert(cond, msg)
#else
// C11 defines the |_Static_assert| keyword and the |static_assert| macro in
// assert.h. While the former is available at all versions in Clang and GCC, the
// later depends on libc and, in glibc, depends on being built in C11 mode. We
// do not require this, for now, so use |_Static_assert| directly.
-#define OPENSSL_COMPILE_ASSERT(cond, msg) _Static_assert(cond, #msg)
+#define OPENSSL_STATIC_ASSERT(cond, msg) _Static_assert(cond, msg)
#endif
// CHECKED_CAST casts |p| from type |from| to type |to|.
diff --git a/src/infra/config/cq.cfg b/src/infra/config/cq.cfg
index 72c95d8..f4cb180 100644
--- a/src/infra/config/cq.cfg
+++ b/src/infra/config/cq.cfg
@@ -3,9 +3,7 @@
version: 1
git_repo_url: "https://boringssl.googlesource.com/boringssl"
cq_status_url: "https://chromium-cq-status.appspot.com"
-gerrit {
- cq_verified_label: "CQ-Verified"
-}
+gerrit {}
verifiers {
gerrit_cq_ability {
committer_list: "project-boringssl-committers"
diff --git a/src/ssl/handshake.cc b/src/ssl/handshake.cc
index b1da056..058a793 100644
--- a/src/ssl/handshake.cc
+++ b/src/ssl/handshake.cc
@@ -147,7 +147,8 @@
pending_private_key_op(false),
grease_seeded(false),
handback(false),
- cert_compression_negotiated(false) {
+ cert_compression_negotiated(false),
+ apply_jdk11_workaround(false) {
assert(ssl);
}
diff --git a/src/ssl/handshake_client.cc b/src/ssl/handshake_client.cc
index 24331ba..c1d54bd 100644
--- a/src/ssl/handshake_client.cc
+++ b/src/ssl/handshake_client.cc
@@ -177,6 +177,7 @@
enum ssl_client_hs_state_t {
state_start_connect = 0,
state_enter_early_data,
+ state_early_reverify_server_certificate,
state_read_hello_verify_request,
state_read_server_hello,
state_tls13,
@@ -466,10 +467,26 @@
// Stash the early data session, so connection properties may be queried out
// of it.
- hs->in_early_data = true;
hs->early_session = UpRef(ssl->session);
- hs->can_early_write = true;
+ hs->state = state_early_reverify_server_certificate;
+ return ssl_hs_ok;
+}
+static enum ssl_hs_wait_t do_early_reverify_server_certificate(SSL_HANDSHAKE *hs) {
+ if (hs->ssl->ctx->reverify_on_resume) {
+ switch (ssl_reverify_peer_cert(hs)) {
+ case ssl_verify_ok:
+ break;
+ case ssl_verify_invalid:
+ return ssl_hs_error;
+ case ssl_verify_retry:
+ hs->state = state_early_reverify_server_certificate;
+ return ssl_hs_certificate_verify;
+ }
+ }
+
+ hs->in_early_data = true;
+ hs->can_early_write = true;
hs->state = state_read_server_hello;
return ssl_hs_early_return;
}
@@ -595,10 +612,14 @@
static_assert(
sizeof(kTLS12DowngradeRandom) == sizeof(kTLS13DowngradeRandom),
"downgrade signals have different size");
+ static_assert(
+ sizeof(kJDK11DowngradeRandom) == sizeof(kTLS13DowngradeRandom),
+ "downgrade signals have different size");
auto suffix =
MakeConstSpan(ssl->s3->server_random, sizeof(ssl->s3->server_random))
.subspan(SSL3_RANDOM_SIZE - sizeof(kTLS13DowngradeRandom));
- if (suffix == kTLS12DowngradeRandom || suffix == kTLS13DowngradeRandom) {
+ if (suffix == kTLS12DowngradeRandom || suffix == kTLS13DowngradeRandom ||
+ suffix == kJDK11DowngradeRandom) {
ssl->s3->tls13_downgrade = true;
if (!hs->config->ignore_tls13_downgrade) {
OPENSSL_PUT_ERROR(SSL, SSL_R_TLS13_DOWNGRADE);
@@ -1692,6 +1713,9 @@
case state_enter_early_data:
ret = do_enter_early_data(hs);
break;
+ case state_early_reverify_server_certificate:
+ ret = do_early_reverify_server_certificate(hs);
+ break;
case state_read_hello_verify_request:
ret = do_read_hello_verify_request(hs);
break;
@@ -1775,6 +1799,8 @@
return "TLS client start_connect";
case state_enter_early_data:
return "TLS client enter_early_data";
+ case state_early_reverify_server_certificate:
+ return "TLS client early_reverify_server_certificate";
case state_read_hello_verify_request:
return "TLS client read_hello_verify_request";
case state_read_server_hello:
diff --git a/src/ssl/handshake_server.cc b/src/ssl/handshake_server.cc
index c546088..c4f3b75 100644
--- a/src/ssl/handshake_server.cc
+++ b/src/ssl/handshake_server.cc
@@ -401,6 +401,109 @@
return ssl_hs_ok;
}
+// is_probably_jdk11_with_tls13 returns whether |client_hello| was probably sent
+// from a JDK 11 client (11.0.1 or earlier) with both TLS 1.3 and a prior
+// version enabled.
+static bool is_probably_jdk11_with_tls13(const SSL_CLIENT_HELLO *client_hello) {
+ // JDK 11 ClientHellos contain a number of unusual properties which should
+ // limit false positives.
+
+ // JDK 11 does not support ChaCha20-Poly1305. This is unusual: many modern
+ // clients implement ChaCha20-Poly1305.
+ if (ssl_client_cipher_list_contains_cipher(
+ client_hello, TLS1_CK_CHACHA20_POLY1305_SHA256 & 0xffff)) {
+ return false;
+ }
+
+ // JDK 11 always sends extensions in a particular order.
+ constexpr uint16_t kMaxFragmentLength = 0x0001;
+ constexpr uint16_t kStatusRequestV2 = 0x0011;
+ static CONSTEXPR_ARRAY struct {
+ uint16_t id;
+ bool required;
+ } kJavaExtensions[] = {
+ {TLSEXT_TYPE_server_name, false},
+ {kMaxFragmentLength, false},
+ {TLSEXT_TYPE_status_request, false},
+ {TLSEXT_TYPE_supported_groups, true},
+ {TLSEXT_TYPE_ec_point_formats, false},
+ {TLSEXT_TYPE_signature_algorithms, true},
+ // Java always sends signature_algorithms_cert.
+ {TLSEXT_TYPE_signature_algorithms_cert, true},
+ {TLSEXT_TYPE_application_layer_protocol_negotiation, false},
+ {kStatusRequestV2, false},
+ {TLSEXT_TYPE_extended_master_secret, false},
+ {TLSEXT_TYPE_supported_versions, true},
+ {TLSEXT_TYPE_cookie, false},
+ {TLSEXT_TYPE_psk_key_exchange_modes, true},
+ {TLSEXT_TYPE_key_share, true},
+ {TLSEXT_TYPE_renegotiate, false},
+ {TLSEXT_TYPE_pre_shared_key, false},
+ };
+ Span<const uint8_t> sigalgs, sigalgs_cert;
+ bool has_status_request = false, has_status_request_v2 = false;
+ CBS extensions, supported_groups;
+ CBS_init(&extensions, client_hello->extensions, client_hello->extensions_len);
+ for (const auto &java_extension : kJavaExtensions) {
+ CBS copy = extensions;
+ uint16_t id;
+ if (CBS_get_u16(©, &id) && id == java_extension.id) {
+ // The next extension is the one we expected.
+ extensions = copy;
+ CBS body;
+ if (!CBS_get_u16_length_prefixed(&extensions, &body)) {
+ return false;
+ }
+ switch (id) {
+ case TLSEXT_TYPE_status_request:
+ has_status_request = true;
+ break;
+ case kStatusRequestV2:
+ has_status_request_v2 = true;
+ break;
+ case TLSEXT_TYPE_signature_algorithms:
+ sigalgs = body;
+ break;
+ case TLSEXT_TYPE_signature_algorithms_cert:
+ sigalgs_cert = body;
+ break;
+ case TLSEXT_TYPE_supported_groups:
+ supported_groups = body;
+ break;
+ }
+ } else if (java_extension.required) {
+ return false;
+ }
+ }
+ if (CBS_len(&extensions) != 0) {
+ return false;
+ }
+
+ // JDK 11 never advertises X25519. It is not offered by default, and
+ // -Djdk.tls.namedGroups=x25519 does not work. This is unusual: many modern
+ // clients implement X25519.
+ while (CBS_len(&supported_groups) > 0) {
+ uint16_t group;
+ if (!CBS_get_u16(&supported_groups, &group) ||
+ group == SSL_CURVE_X25519) {
+ return false;
+ }
+ }
+
+ if (// JDK 11 always sends the same contents in signature_algorithms and
+ // signature_algorithms_cert. This is unusual: signature_algorithms_cert,
+ // if omitted, is treated as if it were signature_algorithms.
+ sigalgs != sigalgs_cert ||
+ // When TLS 1.2 or below is enabled, JDK 11 sends status_request_v2 iff it
+ // sends status_request. This is unusual: status_request_v2 is not widely
+ // implemented.
+ has_status_request != has_status_request_v2) {
+ return false;
+ }
+
+ return true;
+}
+
static enum ssl_hs_wait_t do_read_client_hello(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
@@ -446,6 +549,11 @@
return ssl_hs_error;
}
+ if (hs->config->jdk11_workaround &&
+ is_probably_jdk11_with_tls13(&client_hello)) {
+ hs->apply_jdk11_workaround = true;
+ }
+
uint8_t alert = SSL_AD_DECODE_ERROR;
if (!negotiate_version(hs, &alert, &client_hello)) {
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
@@ -674,6 +782,12 @@
return ssl_hs_ok;
}
+static void copy_suffix(Span<uint8_t> out, Span<const uint8_t> in) {
+ out = out.subspan(out.size() - in.size());
+ assert(out.size() == in.size());
+ OPENSSL_memcpy(out.data(), in.data(), in.size());
+}
+
static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
@@ -705,13 +819,18 @@
// Implement the TLS 1.3 anti-downgrade feature.
if (ssl_supports_version(hs, TLS1_3_VERSION)) {
if (ssl_protocol_version(ssl) == TLS1_2_VERSION) {
- OPENSSL_memcpy(ssl->s3->server_random + SSL3_RANDOM_SIZE -
- sizeof(kTLS13DowngradeRandom),
- kTLS13DowngradeRandom, sizeof(kTLS13DowngradeRandom));
+ if (hs->apply_jdk11_workaround) {
+ // JDK 11 implements the TLS 1.3 downgrade signal, so we cannot send it
+ // here. However, the signal is only effective if all TLS 1.2
+ // ServerHellos produced by the server are marked. Thus we send a
+ // different non-standard signal for the time being, until JDK 11.0.2 is
+ // released and clients have updated.
+ copy_suffix(ssl->s3->server_random, kJDK11DowngradeRandom);
+ } else {
+ copy_suffix(ssl->s3->server_random, kTLS13DowngradeRandom);
+ }
} else {
- OPENSSL_memcpy(ssl->s3->server_random + SSL3_RANDOM_SIZE -
- sizeof(kTLS12DowngradeRandom),
- kTLS12DowngradeRandom, sizeof(kTLS12DowngradeRandom));
+ copy_suffix(ssl->s3->server_random, kTLS12DowngradeRandom);
}
}
diff --git a/src/ssl/internal.h b/src/ssl/internal.h
index fa86bda..f8a2ea7 100644
--- a/src/ssl/internal.h
+++ b/src/ssl/internal.h
@@ -1040,6 +1040,7 @@
extern const uint8_t kHelloRetryRequest[SSL3_RANDOM_SIZE];
extern const uint8_t kTLS12DowngradeRandom[8];
extern const uint8_t kTLS13DowngradeRandom[8];
+extern const uint8_t kJDK11DowngradeRandom[8];
// ssl_max_handshake_message_len returns the maximum number of bytes permitted
// in a handshake message for |ssl|.
@@ -1596,6 +1597,10 @@
// cert_compression_negotiated is true iff |cert_compression_alg_id| is valid.
bool cert_compression_negotiated : 1;
+ // apply_jdk11_workaround is true if the peer is probably a JDK 11 client
+ // which implemented TLS 1.3 incorrectly.
+ bool apply_jdk11_workaround : 1;
+
// client_version is the value sent or received in the ClientHello version.
uint16_t client_version = 0;
@@ -2489,7 +2494,11 @@
// ignore_tls13_downgrade is whether the connection should continue when the
// server random signals a downgrade.
- bool ignore_tls13_downgrade:1;
+ bool ignore_tls13_downgrade : 1;
+
+ // jdk11_workaround is whether to disable TLS 1.3 for JDK 11 clients, as a
+ // workaround for https://bugs.openjdk.java.net/browse/JDK-8211806.
+ bool jdk11_workaround : 1;
};
// From RFC 8446, used in determining PSK modes.
diff --git a/src/ssl/ssl_asn1.cc b/src/ssl/ssl_asn1.cc
index caccef4..669f776 100644
--- a/src/ssl/ssl_asn1.cc
+++ b/src/ssl/ssl_asn1.cc
@@ -80,13 +80,6 @@
* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
* OTHERWISE. */
-// Per C99, various stdint.h macros are unavailable in C++ unless some macros
-// are defined. C++11 overruled this decision, but older Android NDKs still
-// require it.
-#if !defined(__STDC_LIMIT_MACROS)
-#define __STDC_LIMIT_MACROS
-#endif
-
#include <openssl/ssl.h>
#include <limits.h>
diff --git a/src/ssl/ssl_lib.cc b/src/ssl/ssl_lib.cc
index 8a88802..b9c823d 100644
--- a/src/ssl/ssl_lib.cc
+++ b/src/ssl/ssl_lib.cc
@@ -711,7 +711,8 @@
retain_only_sha256_of_client_certs(false),
handoff(false),
shed_handshake_config(false),
- ignore_tls13_downgrade(false) {
+ ignore_tls13_downgrade(false),
+ jdk11_workaround(false) {
assert(ssl);
}
@@ -948,6 +949,33 @@
return 1;
}
+int SSL_process_quic_post_handshake(SSL *ssl) {
+ ssl_reset_error_state(ssl);
+
+ if (SSL_in_init(ssl)) {
+ OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+
+ // Replay post-handshake message errors.
+ if (!check_read_error(ssl)) {
+ return 0;
+ }
+
+ // Process any buffered post-handshake messages.
+ SSLMessage msg;
+ while (ssl->method->get_message(ssl, &msg)) {
+ // Handle the post-handshake message and try again.
+ if (!ssl_do_post_handshake(ssl, msg)) {
+ ssl_set_read_error(ssl);
+ return 0;
+ }
+ ssl->method->next_message(ssl);
+ }
+
+ return 1;
+}
+
static int ssl_read_impl(SSL *ssl) {
ssl_reset_error_state(ssl);
@@ -2748,6 +2776,13 @@
ssl->config->shed_handshake_config = !!enable;
}
+void SSL_set_jdk11_workaround(SSL *ssl, int enable) {
+ if (!ssl->config) {
+ return;
+ }
+ ssl->config->jdk11_workaround = !!enable;
+}
+
int SSL_clear(SSL *ssl) {
if (!ssl->config) {
return 0; // SSL_clear may not be used after shedding config.
diff --git a/src/ssl/ssl_test.cc b/src/ssl/ssl_test.cc
index f945898..470379c 100644
--- a/src/ssl/ssl_test.cc
+++ b/src/ssl/ssl_test.cc
@@ -4727,6 +4727,21 @@
return true;
}
+ bool CreateSecondClientAndServer() {
+ client_.reset(SSL_new(client_ctx_.get()));
+ server_.reset(SSL_new(server_ctx_.get()));
+ if (!client_ || !server_) {
+ return false;
+ }
+
+ SSL_set_connect_state(client_.get());
+ SSL_set_accept_state(server_.get());
+
+ ex_data_.Set(client_.get(), second_transport_.client());
+ ex_data_.Set(server_.get(), second_transport_.server());
+ return true;
+ }
+
// The following functions may be configured on an |SSL_QUIC_METHOD| as
// default implementations.
@@ -4760,6 +4775,7 @@
static UnownedSSLExData<MockQUICTransport> ex_data_;
MockQUICTransportPair transport_;
+ MockQUICTransportPair second_transport_;
bssl::UniquePtr<SSL> client_;
bssl::UniquePtr<SSL> server_;
@@ -4776,6 +4792,10 @@
SendAlertCallback,
};
+ g_last_session = nullptr;
+
+ SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
+ SSL_CTX_sess_set_new_cb(client_ctx_.get(), SaveLastSession);
ASSERT_TRUE(SSL_CTX_set_quic_method(client_ctx_.get(), &quic_method));
ASSERT_TRUE(SSL_CTX_set_quic_method(server_ctx_.get(), &quic_method));
ASSERT_TRUE(CreateClientAndServer());
@@ -4807,13 +4827,43 @@
EXPECT_FALSE(transport_.server()->has_alert());
// The server sent NewSessionTicket messages in the handshake.
- //
- // TODO(davidben,svaldez): Add an API for the client to consume post-handshake
- // messages and update these tests.
- std::vector<uint8_t> new_session_ticket;
- ASSERT_TRUE(transport_.client()->ReadHandshakeData(
- &new_session_ticket, ssl_encryption_application));
- EXPECT_FALSE(new_session_ticket.empty());
+ EXPECT_FALSE(g_last_session);
+ ASSERT_TRUE(ProvideHandshakeData(client_.get()));
+ EXPECT_EQ(SSL_process_quic_post_handshake(client_.get()), 1);
+ EXPECT_TRUE(g_last_session);
+
+ // Create a second connection to verify resumption works.
+ ASSERT_TRUE(CreateSecondClientAndServer());
+ bssl::UniquePtr<SSL_SESSION> session = std::move(g_last_session);
+ SSL_set_session(client_.get(), session.get());
+
+ for (;;) {
+ ASSERT_TRUE(ProvideHandshakeData(client_.get()));
+ int client_ret = SSL_do_handshake(client_.get());
+ if (client_ret != 1) {
+ ASSERT_EQ(client_ret, -1);
+ ASSERT_EQ(SSL_get_error(client_.get(), client_ret), SSL_ERROR_WANT_READ);
+ }
+
+ ASSERT_TRUE(ProvideHandshakeData(server_.get()));
+ int server_ret = SSL_do_handshake(server_.get());
+ if (server_ret != 1) {
+ ASSERT_EQ(server_ret, -1);
+ ASSERT_EQ(SSL_get_error(server_.get(), server_ret), SSL_ERROR_WANT_READ);
+ }
+
+ if (client_ret == 1 && server_ret == 1) {
+ break;
+ }
+ }
+
+ EXPECT_EQ(SSL_do_handshake(client_.get()), 1);
+ EXPECT_EQ(SSL_do_handshake(server_.get()), 1);
+ EXPECT_TRUE(transport_.SecretsMatch(ssl_encryption_application));
+ EXPECT_FALSE(transport_.client()->has_alert());
+ EXPECT_FALSE(transport_.server()->has_alert());
+ EXPECT_TRUE(SSL_session_reused(client_.get()));
+ EXPECT_TRUE(SSL_session_reused(server_.get()));
}
// Test only releasing data to QUIC one byte at a time on request, to maximize
@@ -5073,6 +5123,56 @@
SSL_provide_quic_data(client_.get(), ssl_encryption_initial, &b, 1));
}
+// Provide invalid post-handshake data.
+TEST_F(QUICMethodTest, BadPostHandshake) {
+ const SSL_QUIC_METHOD quic_method = {
+ SetEncryptionSecretsCallback,
+ AddHandshakeDataCallback,
+ FlushFlightCallback,
+ SendAlertCallback,
+ };
+
+ g_last_session = nullptr;
+
+ SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
+ SSL_CTX_sess_set_new_cb(client_ctx_.get(), SaveLastSession);
+ ASSERT_TRUE(SSL_CTX_set_quic_method(client_ctx_.get(), &quic_method));
+ ASSERT_TRUE(SSL_CTX_set_quic_method(server_ctx_.get(), &quic_method));
+ ASSERT_TRUE(CreateClientAndServer());
+
+ for (;;) {
+ ASSERT_TRUE(ProvideHandshakeData(client_.get()));
+ int client_ret = SSL_do_handshake(client_.get());
+ if (client_ret != 1) {
+ ASSERT_EQ(client_ret, -1);
+ ASSERT_EQ(SSL_get_error(client_.get(), client_ret), SSL_ERROR_WANT_READ);
+ }
+
+ ASSERT_TRUE(ProvideHandshakeData(server_.get()));
+ int server_ret = SSL_do_handshake(server_.get());
+ if (server_ret != 1) {
+ ASSERT_EQ(server_ret, -1);
+ ASSERT_EQ(SSL_get_error(server_.get(), server_ret), SSL_ERROR_WANT_READ);
+ }
+
+ if (client_ret == 1 && server_ret == 1) {
+ break;
+ }
+ }
+
+ EXPECT_EQ(SSL_do_handshake(client_.get()), 1);
+ EXPECT_EQ(SSL_do_handshake(server_.get()), 1);
+ EXPECT_TRUE(transport_.SecretsMatch(ssl_encryption_application));
+ EXPECT_FALSE(transport_.client()->has_alert());
+ EXPECT_FALSE(transport_.server()->has_alert());
+
+ // Junk sent as part of post-handshake data should cause an error.
+ uint8_t kJunk[] = {0x17, 0x0, 0x0, 0x4, 0xB, 0xE, 0xE, 0xF};
+ ASSERT_TRUE(SSL_provide_quic_data(client_.get(), ssl_encryption_application,
+ kJunk, sizeof(kJunk)));
+ EXPECT_EQ(SSL_process_quic_post_handshake(client_.get()), 0);
+}
+
// TODO(davidben): Convert this file to GTest properly.
TEST(SSLTest, AllTests) {
if (!TestSSL_SESSIONEncoding(kOpenSSLSession) ||
diff --git a/src/ssl/ssl_versions.cc b/src/ssl/ssl_versions.cc
index 7df7fe7..8616967 100644
--- a/src/ssl/ssl_versions.cc
+++ b/src/ssl/ssl_versions.cc
@@ -340,6 +340,18 @@
continue;
}
+ // JDK 11, prior to 11.0.2, has a buggy TLS 1.3 implementation which fails
+ // to send SNI when offering 1.3 sessions. Disable TLS 1.3 for such
+ // clients. We apply this logic here rather than |ssl_supports_version| so
+ // the downgrade signal continues to query the true capabilities. (The
+ // workaround is a limitation of the peer's capabilities rather than our
+ // own.)
+ //
+ // See https://bugs.openjdk.java.net/browse/JDK-8211806.
+ if (versions[i] == TLS1_3_VERSION && hs->apply_jdk11_workaround) {
+ continue;
+ }
+
CBS copy = *peer_versions;
while (CBS_len(©) != 0) {
uint16_t version;
diff --git a/src/ssl/test/bssl_shim.cc b/src/ssl/test/bssl_shim.cc
index dc12559..675a08a 100644
--- a/src/ssl/test/bssl_shim.cc
+++ b/src/ssl/test/bssl_shim.cc
@@ -12,10 +12,6 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#if !defined(__STDC_FORMAT_MACROS)
-#define __STDC_FORMAT_MACROS
-#endif
-
#include <openssl/base.h>
#if !defined(OPENSSL_WINDOWS)
@@ -708,6 +704,7 @@
// Reset the connection and try again at 1-RTT.
SSL_reset_early_data_reject(ssl.get());
+ GetTestState(ssl.get())->cert_verified = false;
// After reseting, the socket should report it is no longer in an early data
// state.
diff --git a/src/ssl/test/runner/chacha20_poly1305_test.go b/src/ssl/test/runner/chacha20_poly1305_test.go
index 38c4b70..b59bb02 100644
--- a/src/ssl/test/runner/chacha20_poly1305_test.go
+++ b/src/ssl/test/runner/chacha20_poly1305_test.go
@@ -16,7 +16,6 @@
import (
"bytes"
- "encoding/hex"
"testing"
)
@@ -80,14 +79,6 @@
}
}
-func decodeHexOrPanic(in string) []byte {
- out, err := hex.DecodeString(in)
- if err != nil {
- panic(err)
- }
- return out
-}
-
var chaCha20Poly1305TestVectors = []struct {
key, input, nonce, ad, output string
}{
diff --git a/src/ssl/test/runner/common.go b/src/ssl/test/runner/common.go
index 702814d..73b8889 100644
--- a/src/ssl/test/runner/common.go
+++ b/src/ssl/test/runner/common.go
@@ -1626,6 +1626,25 @@
// SendCertUncompressedLength, if not zero, sets the uncompressed length that
// will be sent in the compressed certificate message.
SendCertUncompressedLength uint32
+
+ // SendClientHelloWithFixes, if not nil, sends the specified byte string
+ // instead of the ClientHello. This string is incorporated into the
+ // transcript as if it were the real ClientHello, but the handshake will
+ // otherwise behave as if this was not sent in terms of what ciphers it
+ // will accept, etc.
+ //
+ // The input is modified to match key share entries. DefaultCurves must
+ // be configured to match. The random and session ID fields are
+ // extracted from the ClientHello.
+ SendClientHelloWithFixes []byte
+
+ // SendJDK11DowngradeRandom, if true, causes the server to send the JDK
+ // 11 downgrade signal.
+ SendJDK11DowngradeRandom bool
+
+ // ExpectJDK11DowngradeRandom is whether the client should expect the
+ // server to send the JDK 11 downgrade signal.
+ ExpectJDK11DowngradeRandom bool
}
func (c *Config) serverInit() {
@@ -2067,6 +2086,9 @@
// See RFC 8446, section 4.1.3.
downgradeTLS13 = []byte{0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01}
downgradeTLS12 = []byte{0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00}
+
+ // This is a non-standard randomly-generated value.
+ downgradeJDK11 = []byte{0xed, 0xbf, 0xb4, 0xa8, 0xc2, 0x47, 0x10, 0xff}
)
func containsGREASE(values []uint16) bool {
diff --git a/src/ssl/test/runner/fuzzer_mode.json b/src/ssl/test/runner/fuzzer_mode.json
index a840f37..1a154c2 100644
--- a/src/ssl/test/runner/fuzzer_mode.json
+++ b/src/ssl/test/runner/fuzzer_mode.json
@@ -44,8 +44,7 @@
"EarlyData-ALPNOmitted1-Server-*": "Trial decryption does not work with the NULL cipher.",
"EarlyData-ALPNOmitted2-Server-*": "Trial decryption does not work with the NULL cipher.",
"*-EarlyData-RejectUnfinishedWrite-Client-*": "Trial decryption does not work with the NULL cipher.",
- "EarlyData-Reject-Client-*": "Trial decryption does not work with the NULL cipher.",
- "EarlyData-RejectTicket-Client-*": "Trial decryption does not work with the NULL cipher.",
+ "EarlyData-Reject*-Client-*": "Trial decryption does not work with the NULL cipher.",
"CustomExtensions-Server-EarlyDataOffered": "Trial decryption does not work with the NULL cipher.",
"Renegotiate-Client-BadExt*": "Fuzzer mode does not check renegotiation_info.",
diff --git a/src/ssl/test/runner/handshake_client.go b/src/ssl/test/runner/handshake_client.go
index 4dfa469..ab1f4dd 100644
--- a/src/ssl/test/runner/handshake_client.go
+++ b/src/ssl/test/runner/handshake_client.go
@@ -49,6 +49,32 @@
panic("Unknown ClientHello version.")
}
+func fixClientHellos(hello *clientHelloMsg, in []byte) ([]byte, error) {
+ ret := append([]byte{}, in...)
+ newHello := new(clientHelloMsg)
+ if !newHello.unmarshal(ret) {
+ return nil, errors.New("tls: invalid ClientHello")
+ }
+
+ hello.random = newHello.random
+ hello.sessionId = newHello.sessionId
+
+ // Replace |ret|'s key shares with those of |hello|. For simplicity, we
+ // require their lengths match, which is satisfied by matching the
+ // DefaultCurves setting to the selection in the replacement
+ // ClientHello.
+ bb := newByteBuilder()
+ hello.marshalKeyShares(bb)
+ keyShares := bb.finish()
+ if len(keyShares) != len(newHello.keySharesRaw) {
+ return nil, errors.New("tls: ClientHello key share length is inconsistent with DefaultCurves setting")
+ }
+ // |newHello.keySharesRaw| aliases |ret|.
+ copy(newHello.keySharesRaw, keyShares)
+
+ return ret, nil
+}
+
func (c *Conn) clientHandshake() error {
if c.config == nil {
c.config = defaultConfig()
@@ -405,7 +431,14 @@
}
generatePSKBinders(version, hello, pskCipherSuite, session.masterSecret, []byte{}, []byte{}, c.config)
}
- helloBytes = hello.marshal()
+ if c.config.Bugs.SendClientHelloWithFixes != nil {
+ helloBytes, err = fixClientHellos(hello, c.config.Bugs.SendClientHelloWithFixes)
+ if err != nil {
+ return err
+ }
+ } else {
+ helloBytes = hello.marshal()
+ }
if c.config.Bugs.PartialClientFinishedWithClientHello {
// Include one byte of Finished. We can compute it
@@ -604,21 +637,30 @@
_, supportsTLS13 := c.config.isSupportedVersion(VersionTLS13, false)
// Check for downgrade signals in the server random, per RFC 8446, section 4.1.3.
+ gotDowngrade := serverHello.random[len(serverHello.random)-8:]
if (supportsTLS13 || c.config.Bugs.CheckTLS13DowngradeRandom) && !c.config.Bugs.IgnoreTLS13DowngradeRandom {
if c.vers <= VersionTLS12 && c.config.maxVersion(c.isDTLS) >= VersionTLS13 {
- if bytes.Equal(serverHello.random[len(serverHello.random)-8:], downgradeTLS13) {
+ if bytes.Equal(gotDowngrade, downgradeTLS13) {
c.sendAlert(alertProtocolVersion)
return errors.New("tls: downgrade from TLS 1.3 detected")
}
}
if c.vers <= VersionTLS11 && c.config.maxVersion(c.isDTLS) >= VersionTLS12 {
- if bytes.Equal(serverHello.random[len(serverHello.random)-8:], downgradeTLS12) {
+ if bytes.Equal(gotDowngrade, downgradeTLS12) {
c.sendAlert(alertProtocolVersion)
return errors.New("tls: downgrade from TLS 1.2 detected")
}
}
}
+ if bytes.Equal(gotDowngrade, downgradeJDK11) != c.config.Bugs.ExpectJDK11DowngradeRandom {
+ c.sendAlert(alertProtocolVersion)
+ if c.config.Bugs.ExpectJDK11DowngradeRandom {
+ return errors.New("tls: server did not send a JDK 11 downgrade signal")
+ }
+ return errors.New("tls: server sent an unexpected JDK 11 downgrade signal")
+ }
+
suite := mutualCipherSuite(hello.cipherSuites, serverHello.cipherSuite)
if suite == nil {
c.sendAlert(alertHandshakeFailure)
diff --git a/src/ssl/test/runner/handshake_messages.go b/src/ssl/test/runner/handshake_messages.go
index edc5a92..e0867a5 100644
--- a/src/ssl/test/runner/handshake_messages.go
+++ b/src/ssl/test/runner/handshake_messages.go
@@ -266,6 +266,7 @@
supportedPoints []uint8
hasKeyShares bool
keyShares []keyShareEntry
+ keySharesRaw []byte
trailingKeyShareData bool
pskIdentities []pskIdentity
pskKEModes []byte
@@ -352,6 +353,18 @@
eqUint16s(m.compressedCertAlgs, m1.compressedCertAlgs)
}
+func (m *clientHelloMsg) marshalKeyShares(bb *byteBuilder) {
+ keyShares := bb.addU16LengthPrefixed()
+ for _, keyShare := range m.keyShares {
+ keyShares.addU16(uint16(keyShare.group))
+ keyExchange := keyShares.addU16LengthPrefixed()
+ keyExchange.addBytes(keyShare.keyExchange)
+ }
+ if m.trailingKeyShareData {
+ keyShares.addU8(0)
+ }
+}
+
func (m *clientHelloMsg) marshal() []byte {
if m.raw != nil {
return m.raw
@@ -456,17 +469,7 @@
if m.hasKeyShares {
extensions.addU16(extensionKeyShare)
keyShareList := extensions.addU16LengthPrefixed()
-
- keyShares := keyShareList.addU16LengthPrefixed()
- for _, keyShare := range m.keyShares {
- keyShares.addU16(uint16(keyShare.group))
- keyExchange := keyShares.addU16LengthPrefixed()
- keyExchange.addBytes(keyShare.keyExchange)
- }
-
- if m.trailingKeyShareData {
- keyShares.addU8(0)
- }
+ m.marshalKeyShares(keyShareList)
}
if len(m.pskKEModes) > 0 {
extensions.addU16(extensionPSKKeyExchangeModes)
@@ -763,11 +766,12 @@
m.sessionTicket = []byte(body)
case extensionKeyShare:
// https://tools.ietf.org/html/rfc8446#section-4.2.8
+ m.hasKeyShares = true
+ m.keySharesRaw = body
var keyShares byteReader
if !body.readU16LengthPrefixed(&keyShares) || len(body) != 0 {
return false
}
- m.hasKeyShares = true
for len(keyShares) > 0 {
var entry keyShareEntry
var group uint16
diff --git a/src/ssl/test/runner/handshake_server.go b/src/ssl/test/runner/handshake_server.go
index 4950a4f..6a75242 100644
--- a/src/ssl/test/runner/handshake_server.go
+++ b/src/ssl/test/runner/handshake_server.go
@@ -1182,6 +1182,9 @@
copy(hs.hello.random[len(hs.hello.random)-8:], downgradeTLS12)
}
}
+ if config.Bugs.SendJDK11DowngradeRandom {
+ copy(hs.hello.random[len(hs.hello.random)-8:], downgradeJDK11)
+ }
if len(hs.clientHello.sessionId) == 0 && c.config.Bugs.ExpectClientHelloSessionID {
return false, errors.New("tls: expected non-empty session ID from client")
diff --git a/src/ssl/test/runner/runner.go b/src/ssl/test/runner/runner.go
index 9631e6e..fadc890 100644
--- a/src/ssl/test/runner/runner.go
+++ b/src/ssl/test/runner/runner.go
@@ -42,6 +42,8 @@
"sync"
"syscall"
"time"
+
+ "boringssl.googlesource.com/boringssl/util/testresult"
)
var (
@@ -303,6 +305,14 @@
return ret
}
+func decodeHexOrPanic(in string) []byte {
+ ret, err := hex.DecodeString(in)
+ if err != nil {
+ panic(err)
+ }
+ return ret
+}
+
type testType int
const (
@@ -908,7 +918,7 @@
for i, v := range buf {
if v != testMessage[i]^0xff {
- return fmt.Errorf("bad reply contents at byte %d", i)
+ return fmt.Errorf("bad reply contents at byte %d; got %q and wanted %q", i, buf, testMessage)
}
}
}
@@ -5016,6 +5026,165 @@
}, flags...),
resumeSession: true,
})
+ if vers.version >= VersionTLS13 {
+ tests = append(tests, testCase{
+ testType: testType,
+ name: "EarlyData-RejectTicket-Client-Reverify" + suffix,
+ config: Config{
+ MaxVersion: vers.version,
+ MaxEarlyDataSize: 16384,
+ },
+ resumeConfig: &Config{
+ MaxVersion: vers.version,
+ MaxEarlyDataSize: 16384,
+ SessionTicketsDisabled: true,
+ },
+ tls13Variant: vers.tls13Variant,
+ resumeSession: true,
+ expectResumeRejected: true,
+ flags: append([]string{
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ "-reverify-on-resume",
+ "-on-resume-shim-writes-first",
+ // Session tickets are disabled, so the runner will not send a ticket.
+ "-on-retry-expect-no-session",
+ "-expect-reject-early-data",
+ }, flags...),
+ })
+ tests = append(tests, testCase{
+ testType: testType,
+ name: "EarlyData-Reject0RTT-Client-Reverify" + suffix,
+ config: Config{
+ MaxVersion: vers.version,
+ MaxEarlyDataSize: 16384,
+ },
+ resumeConfig: &Config{
+ MaxVersion: vers.version,
+ MaxEarlyDataSize: 16384,
+ Bugs: ProtocolBugs{
+ AlwaysRejectEarlyData: true,
+ },
+ },
+ tls13Variant: vers.tls13Variant,
+ resumeSession: true,
+ expectResumeRejected: false,
+ flags: append([]string{
+ "-enable-early-data",
+ "-expect-reject-early-data",
+ "-expect-ticket-supports-early-data",
+ "-reverify-on-resume",
+ "-on-resume-shim-writes-first",
+ }, flags...),
+ })
+ tests = append(tests, testCase{
+ testType: testType,
+ name: "EarlyData-RejectTicket-Client-ReverifyFails" + suffix,
+ config: Config{
+ MaxVersion: vers.version,
+ MaxEarlyDataSize: 16384,
+ },
+ resumeConfig: &Config{
+ MaxVersion: vers.version,
+ MaxEarlyDataSize: 16384,
+ SessionTicketsDisabled: true,
+ },
+ tls13Variant: vers.tls13Variant,
+ resumeSession: true,
+ expectResumeRejected: true,
+ shouldFail: true,
+ expectedError: ":CERTIFICATE_VERIFY_FAILED:",
+ flags: append([]string{
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ "-reverify-on-resume",
+ "-on-resume-shim-writes-first",
+ // Session tickets are disabled, so the runner will not send a ticket.
+ "-on-retry-expect-no-session",
+ "-on-retry-verify-fail",
+ "-expect-reject-early-data",
+ }, flags...),
+ })
+ tests = append(tests, testCase{
+ testType: testType,
+ name: "EarlyData-Reject0RTT-Client-ReverifyFails" + suffix,
+ config: Config{
+ MaxVersion: vers.version,
+ MaxEarlyDataSize: 16384,
+ },
+ resumeConfig: &Config{
+ MaxVersion: vers.version,
+ MaxEarlyDataSize: 16384,
+ Bugs: ProtocolBugs{
+ AlwaysRejectEarlyData: true,
+ },
+ },
+ tls13Variant: vers.tls13Variant,
+ resumeSession: true,
+ expectResumeRejected: false,
+ shouldFail: true,
+ expectedError: ":CERTIFICATE_VERIFY_FAILED:",
+ flags: append([]string{
+ "-enable-early-data",
+ "-expect-reject-early-data",
+ "-expect-ticket-supports-early-data",
+ "-reverify-on-resume",
+ "-on-resume-shim-writes-first",
+ "-on-retry-verify-fail",
+ }, flags...),
+ })
+ // This tests that we only call the verify callback once.
+ tests = append(tests, testCase{
+ testType: testType,
+ name: "EarlyData-Accept0RTT-Client-Reverify" + suffix,
+ config: Config{
+ MaxVersion: vers.version,
+ MaxEarlyDataSize: 16384,
+ },
+ resumeConfig: &Config{
+ MaxVersion: vers.version,
+ MaxEarlyDataSize: 16384,
+ Bugs: ProtocolBugs{
+ ExpectEarlyData: [][]byte{[]byte("hello")},
+ },
+ },
+ tls13Variant: vers.tls13Variant,
+ resumeSession: true,
+ expectResumeRejected: false,
+ flags: append([]string{
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ "-reverify-on-resume",
+ "-on-resume-shim-writes-first",
+ }, flags...),
+ })
+ tests = append(tests, testCase{
+ testType: testType,
+ name: "EarlyData-Accept0RTT-Client-ReverifyFails" + suffix,
+ config: Config{
+ MaxVersion: vers.version,
+ MaxEarlyDataSize: 16384,
+ },
+ resumeConfig: &Config{
+ MaxVersion: vers.version,
+ MaxEarlyDataSize: 16384,
+ Bugs: ProtocolBugs{
+ ExpectEarlyData: [][]byte{[]byte("hello")},
+ },
+ },
+ tls13Variant: vers.tls13Variant,
+ resumeSession: true,
+ shouldFail: true,
+ expectedError: ":CERTIFICATE_VERIFY_FAILED:",
+ flags: append([]string{
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ "-reverify-on-resume",
+ "-on-resume-verify-fail",
+ "-on-resume-shim-writes-first",
+ }, flags...),
+ })
+ }
}
}
}
@@ -14467,6 +14636,162 @@
}
}
+func addJDK11WorkaroundTests() {
+ // Test the client treats the JDK 11 downgrade random like the usual one.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "Client-RejectJDK11DowngradeRandom",
+ config: Config{
+ MaxVersion: VersionTLS12,
+ Bugs: ProtocolBugs{
+ SendJDK11DowngradeRandom: true,
+ },
+ },
+ shouldFail: true,
+ expectedError: ":TLS13_DOWNGRADE:",
+ expectedLocalError: "remote error: illegal parameter",
+ })
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "Client-AcceptJDK11DowngradeRandom",
+ config: Config{
+ MaxVersion: VersionTLS12,
+ Bugs: ProtocolBugs{
+ SendJDK11DowngradeRandom: true,
+ },
+ },
+ flags: []string{"-max-version", strconv.Itoa(VersionTLS12)},
+ })
+
+ var clientHelloTests = []struct {
+ clientHello []byte
+ isJDK11 bool
+ }{
+ {
+ // A default JDK 11 ClientHello.
+ decodeHexOrPanic("010001a9030336a379aa355a22a064b4402760efae1c73977b0b4c975efc7654c35677723dde201fe3f8a2bca60418a68f72463ea19f3c241e7cbfceb347e451a62bd2417d8981005a13011302c02cc02bc030009dc02ec032009f00a3c02f009cc02dc031009e00a2c024c028003dc026c02a006b006ac00ac0140035c005c00f00390038c023c027003cc025c02900670040c009c013002fc004c00e0033003200ff01000106000000080006000003736e69000500050100000000000a0020001e0017001800190009000a000b000c000d000e001601000101010201030104000b00020100000d002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020032002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020011000900070200040000000000170000002b0009080304030303020301002d000201010033004700450017004104721f007464cb08a0f36e093ad178eb78d6968df20077b2dd882694a85dc4c9884caf5092db41f16cc3f8d41f59426992fa5e32cfb9ad08deee752cdd95b1a6b5"),
+ true,
+ },
+ {
+ // The above with supported_versions and
+ // psk_key_exchange_modes in the wrong order.
+ decodeHexOrPanic("010001a9030336a379aa355a22a064b4402760efae1c73977b0b4c975efc7654c35677723dde201fe3f8a2bca60418a68f72463ea19f3c241e7cbfceb347e451a62bd2417d8981005a13011302c02cc02bc030009dc02ec032009f00a3c02f009cc02dc031009e00a2c024c028003dc026c02a006b006ac00ac0140035c005c00f00390038c023c027003cc025c02900670040c009c013002fc004c00e0033003200ff01000106000000080006000003736e69000500050100000000000a0020001e0017001800190009000a000b000c000d000e001601000101010201030104000b00020100000d002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020032002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020011000900070200040000000000170000002d00020101002b00090803040303030203010033004700450017004104721f007464cb08a0f36e093ad178eb78d6968df20077b2dd882694a85dc4c9884caf5092db41f16cc3f8d41f59426992fa5e32cfb9ad08deee752cdd95b1a6b5"),
+ false,
+ },
+ {
+ // The above with a padding extension added at the end.
+ decodeHexOrPanic("010001b4030336a379aa355a22a064b4402760efae1c73977b0b4c975efc7654c35677723dde201fe3f8a2bca60418a68f72463ea19f3c241e7cbfceb347e451a62bd2417d8981005a13011302c02cc02bc030009dc02ec032009f00a3c02f009cc02dc031009e00a2c024c028003dc026c02a006b006ac00ac0140035c005c00f00390038c023c027003cc025c02900670040c009c013002fc004c00e0033003200ff01000111000000080006000003736e69000500050100000000000a0020001e0017001800190009000a000b000c000d000e001601000101010201030104000b00020100000d002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020032002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020011000900070200040000000000170000002b0009080304030303020301002d000201010033004700450017004104721f007464cb08a0f36e093ad178eb78d6968df20077b2dd882694a85dc4c9884caf5092db41f16cc3f8d41f59426992fa5e32cfb9ad08deee752cdd95b1a6b50015000770616464696e67"),
+ false,
+ },
+ {
+ // A JDK 11 ClientHello offering a TLS 1.3 PSK.
+ decodeHexOrPanic("0100024c0303a8d71b20f060545a398226e807d21371a7a02b7ca2f96f476c2dea7e5860c5a400005a13011302c02cc02bc030009dc02ec032009f00a3c02f009cc02dc031009e00a2c024c028003dc026c02a006b006ac00ac0140035c005c00f00390038c023c027003cc025c02900670040c009c013002fc004c00e0033003200ff010001c9000500050100000000000a0020001e0017001800190009000a000b000c000d000e001601000101010201030104000b00020100000d002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020032002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020011000900070200040000000000170000002b0009080304030303020301002d000201010033004700450017004104aaec585ea9e121b24710a23560571322b2cf8ab8cd14e5762ef0486d8a6d0ecd721d8f2abda2eb8ed5ab7195505660450f49bba94bbf0c3f0070a531d9a1be4f002900cb00a600a0e6f7586d9a2bf64a54c1adf55a2f76657047e8e88e26629e2e7b9d630941e06fd87792770f6834e159a70b252157a9b4b082183f24629c8ff5049088b07ce37c49de8cf752a2ed7a545aff63bdc7a1b18e1bc201f23f159ee75d4987a04e00f840824f764691ab83a20e3032646e793065874cdb46138a52f50ed71406f399f96f9309eba4e5b1966148c22a63dc4aa1364269dd41dd5cc0e848d07af0095622c52cfcfc00212009cc315259e2328d65ad17a3de7c182c7874140a9356fecdd4614657806cd659"),
+ true,
+ },
+ {
+ // A JDK 11 ClientHello offering a TLS 1.2 session.
+ decodeHexOrPanic("010001a903038cdec49f4836d064a75046c93f22d0b9c2cf4900917332e6f0e1f41d692d3146201a3e99047492285ec65ab4e0eeee59f8f9d1eb7687398887bcd7b81353e93923005a13011302c02cc02bc030009dc02ec032009f00a3c02f009cc02dc031009e00a2c024c028003dc026c02a006b006ac00ac0140035c005c00f00390038c023c027003cc025c02900670040c009c013002fc004c00e0033003200ff01000106000000080006000003736e69000500050100000000000a0020001e0017001800190009000a000b000c000d000e001601000101010201030104000b00020100000d002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020032002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020011000900070200040000000000170000002b0009080304030303020301002d0002010100330047004500170041041c83c42fcd8fc06265b9f6e4f076f7e7ee17ace915c587845c0e1bc8cd177f904befeb611b682cae4702509a5f5d0c7162a282b8152d843169b91136e7c6f3e7"),
+ true,
+ },
+ {
+ // A JDK 11 ClientHello with EMS disabled.
+ decodeHexOrPanic("010001a50303323a857c324a9ef57d6e2544d129073830385cb1dc75ea79f6a2ec8ae09d2e7320f85fdd081678874c67ebab235e6d6a81d947f690bc0af9be4d39854ed67d9ef9005a13011302c02cc02bc030009dc02ec032009f00a3c02f009cc02dc031009e00a2c024c028003dc026c02a006b006ac00ac0140035c005c00f00390038c023c027003cc025c02900670040c009c013002fc004c00e0033003200ff01000102000000080006000003736e69000500050100000000000a0020001e0017001800190009000a000b000c000d000e001601000101010201030104000b00020100000d002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020032002800260403050306030804080508060809080a080b040105010601040203030301030202030201020200110009000702000400000000002b0009080304030303020301002d0002010100330047004500170041049c904c4850b495d75522f955d79e9cabea065c90279d6037a101a4c4ee712afc93ad0df5d12d287d53e458c7075d9a3ce3969c939bb62222bda779cecf54a603"),
+ true,
+ },
+ {
+ // A JDK 11 ClientHello with OCSP stapling disabled.
+ decodeHexOrPanic("0100019303038a50481dc85ee4f6581670821c50f2b3d34ac3251dc6e9b751bfd2521ab47ab02069a963c5486034c37ae0577ddb4c2db28cab592380ef8e4599d1305148712112005a13011302c02cc02bc030009dc02ec032009f00a3c02f009cc02dc031009e00a2c024c028003dc026c02a006b006ac00ac0140035c005c00f00390038c023c027003cc025c02900670040c009c013002fc004c00e0033003200ff010000f0000000080006000003736e69000a0020001e0017001800190009000a000b000c000d000e001601000101010201030104000b00020100000d002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020032002800260403050306030804080508060809080a080b040105010601040203030301030202030201020200170000002b0009080304030303020301002d00020101003300470045001700410438a97824f842c549e3c339322d8b2dbaa85d10bd7bca9c969376cb0c60b1e929eb4d13db38dcb0082ad8c637b24f55466a9acbb0b63634c1f431ec8342cf720d"),
+ true,
+ },
+ {
+ // A JDK 11 ClientHello configured with a smaller set of
+ // ciphers.
+ decodeHexOrPanic("0100015603036f5706bbdf1dcae671cd9be043603f5ed20f8fc195b426504cafb4f353edb0012007aabd35e588bc2504a72eda42cbbf89d69cfc0a6a1d77db0d757606f1f4811800061301c02bc02f01000107000000080006000003736e69000500050100000000000a0020001e0017001800190009000a000b000c000d000e001601000101010201030104000b00020100000d002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020032002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020011000900070200040000000000170000002b00050403040303002d000201010033004700450017004104d283f3d5a90259b61d43ea1511211f568ce5d18457326b717e1f9d6b7d1476f2b51cdc3c798d3bdfba5095edff0ffd0540f6bc0c324bd9744f3b3f24317496e3ff01000100"),
+ true,
+ },
+ {
+ // The above with TLS_CHACHA20_POLY1305_SHA256 added,
+ // which JDK 11 does not support.
+ decodeHexOrPanic("0100015803036f5706bbdf1dcae671cd9be043603f5ed20f8fc195b426504cafb4f353edb0012007aabd35e588bc2504a72eda42cbbf89d69cfc0a6a1d77db0d757606f1f48118000813011303c02bc02f01000107000000080006000003736e69000500050100000000000a0020001e0017001800190009000a000b000c000d000e001601000101010201030104000b00020100000d002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020032002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020011000900070200040000000000170000002b00050403040303002d000201010033004700450017004104d283f3d5a90259b61d43ea1511211f568ce5d18457326b717e1f9d6b7d1476f2b51cdc3c798d3bdfba5095edff0ffd0540f6bc0c324bd9744f3b3f24317496e3ff01000100"),
+ false,
+ },
+ {
+ // The above with X25519 added, which JDK 11 does not
+ // support.
+ decodeHexOrPanic("0100015803036f5706bbdf1dcae671cd9be043603f5ed20f8fc195b426504cafb4f353edb0012007aabd35e588bc2504a72eda42cbbf89d69cfc0a6a1d77db0d757606f1f4811800061301c02bc02f01000109000000080006000003736e69000500050100000000000a00220020001d0017001800190009000a000b000c000d000e001601000101010201030104000b00020100000d002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020032002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020011000900070200040000000000170000002b00050403040303002d000201010033004700450017004104d283f3d5a90259b61d43ea1511211f568ce5d18457326b717e1f9d6b7d1476f2b51cdc3c798d3bdfba5095edff0ffd0540f6bc0c324bd9744f3b3f24317496e3ff01000100"),
+ false,
+ },
+ {
+ // A JDK 11 ClientHello with ALPN protocols configured.
+ decodeHexOrPanic("010001bb0303c0e0ea707b00c5311eb09cabd58626692cebfaefaef7265637e4550811dae16220da86d6eea04e214e873675223f08a6926bcf79f16d866280bdbab85e9e09c3ff005a13011302c02cc02bc030009dc02ec032009f00a3c02f009cc02dc031009e00a2c024c028003dc026c02a006b006ac00ac0140035c005c00f00390038c023c027003cc025c02900670040c009c013002fc004c00e0033003200ff01000118000000080006000003736e69000500050100000000000a0020001e0017001800190009000a000b000c000d000e001601000101010201030104000b00020100000d002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020032002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020010000e000c02683208687474702f312e310011000900070200040000000000170000002b0009080304030303020301002d00020101003300470045001700410416def07c1d66ddde5fc9dcc328c8e77022d321c590c0d30cb41d515b38dca34540819a216c6c053bd47b9068f4f6b960f03647de4e36e8b7ffeea78f7252e3d9"),
+ true,
+ },
+ }
+ for i, t := range clientHelloTests {
+ expectedVersion := uint16(VersionTLS13)
+ if t.isJDK11 {
+ expectedVersion = VersionTLS12
+ }
+
+ // In each of these tests, we set DefaultCurves to P-256 to
+ // match the test inputs. SendClientHelloWithFixes requires the
+ // key_shares extension to match in type.
+
+ // With the workaround enabled, we should negotiate TLS 1.2 on
+ // JDK 11 ClientHellos.
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: fmt.Sprintf("Server-JDK11-%d", i),
+ config: Config{
+ MaxVersion: VersionTLS13,
+ DefaultCurves: []CurveID{CurveP256},
+ Bugs: ProtocolBugs{
+ SendClientHelloWithFixes: t.clientHello,
+ ExpectJDK11DowngradeRandom: t.isJDK11,
+ },
+ },
+ expectedVersion: expectedVersion,
+ flags: []string{"-jdk11-workaround"},
+ })
+
+ // With the workaround disabled, we always negotiate TLS 1.3.
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: fmt.Sprintf("Server-JDK11-NoWorkaround-%d", i),
+ config: Config{
+ MaxVersion: VersionTLS13,
+ DefaultCurves: []CurveID{CurveP256},
+ Bugs: ProtocolBugs{
+ SendClientHelloWithFixes: t.clientHello,
+ ExpectJDK11DowngradeRandom: false,
+ },
+ },
+ expectedVersion: VersionTLS13,
+ })
+
+ // If the server does not support TLS 1.3, the workaround should
+ // be a no-op. In particular, it should not send the downgrade
+ // signal.
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: fmt.Sprintf("Server-JDK11-TLS12-%d", i),
+ config: Config{
+ MaxVersion: VersionTLS13,
+ DefaultCurves: []CurveID{CurveP256},
+ Bugs: ProtocolBugs{
+ SendClientHelloWithFixes: t.clientHello,
+ ExpectJDK11DowngradeRandom: false,
+ },
+ },
+ expectedVersion: VersionTLS12,
+ flags: []string{
+ "-jdk11-workaround",
+ "-max-version", strconv.Itoa(VersionTLS12),
+ },
+ })
+ }
+}
+
func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
defer wg.Done()
@@ -14502,10 +14827,10 @@
err error
}
-func statusPrinter(doneChan chan *testOutput, statusChan chan statusMsg, total int) {
+func statusPrinter(doneChan chan *testresult.Results, statusChan chan statusMsg, total int) {
var started, done, failed, unimplemented, lineLen int
- testOutput := newTestOutput()
+ testOutput := testresult.NewResults()
for msg := range statusChan {
if !*pipe {
// Erase the previous status line.
@@ -14528,18 +14853,22 @@
fmt.Printf("UNIMPLEMENTED (%s)\n", msg.test.name)
}
unimplemented++
- testOutput.addResult(msg.test.name, "UNIMPLEMENTED")
+ if *allowUnimplemented {
+ testOutput.AddSkip(msg.test.name)
+ } else {
+ testOutput.AddResult(msg.test.name, "SKIP")
+ }
} else {
fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err)
failed++
- testOutput.addResult(msg.test.name, "FAIL")
+ testOutput.AddResult(msg.test.name, "FAIL")
}
} else {
if *pipe {
// Print each test instead of a status line.
fmt.Printf("PASSED (%s)\n", msg.test.name)
}
- testOutput.addResult(msg.test.name, "PASS")
+ testOutput.AddResult(msg.test.name, "PASS")
}
}
@@ -14596,6 +14925,7 @@
addExtraHandshakeTests()
addOmitExtensionsTests()
addCertCompressionTests()
+ addJDK11WorkaroundTests()
testCases = append(testCases, convertToSplitHandshakeTests(testCases)...)
@@ -14603,7 +14933,7 @@
statusChan := make(chan statusMsg, *numWorkers)
testChan := make(chan *testCase, *numWorkers)
- doneChan := make(chan *testOutput)
+ doneChan := make(chan *testresult.Results)
if len(*shimConfigFile) != 0 {
encoded, err := ioutil.ReadFile(*shimConfigFile)
@@ -14676,16 +15006,12 @@
fmt.Printf("\n")
if *jsonOutput != "" {
- if err := testOutput.writeTo(*jsonOutput); err != nil {
+ if err := testOutput.WriteToFile(*jsonOutput); err != nil {
fmt.Fprintf(os.Stderr, "Error: %s\n", err)
}
}
- if !*allowUnimplemented && testOutput.NumFailuresByType["UNIMPLEMENTED"] > 0 {
- os.Exit(1)
- }
-
- if !testOutput.noneFailed {
+ if !testOutput.HasUnexpectedResults() {
os.Exit(1)
}
}
diff --git a/src/ssl/test/runner/test_output.go b/src/ssl/test/runner/test_output.go
deleted file mode 100644
index eb54638..0000000
--- a/src/ssl/test/runner/test_output.go
+++ /dev/null
@@ -1,79 +0,0 @@
-/* Copyright (c) 2015, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-package runner
-
-import (
- "encoding/json"
- "os"
- "time"
-)
-
-// testOutput is a representation of Chromium's JSON test result format. See
-// https://www.chromium.org/developers/the-json-test-results-format
-type testOutput struct {
- Version int `json:"version"`
- Interrupted bool `json:"interrupted"`
- PathDelimiter string `json:"path_delimiter"`
- SecondsSinceEpoch float64 `json:"seconds_since_epoch"`
- NumFailuresByType map[string]int `json:"num_failures_by_type"`
- Tests map[string]testResult `json:"tests"`
- noneFailed bool
-}
-
-type testResult struct {
- Actual string `json:"actual"`
- Expected string `json:"expected"`
- IsUnexpected bool `json:"is_unexpected"`
-}
-
-func newTestOutput() *testOutput {
- return &testOutput{
- Version: 3,
- PathDelimiter: ".",
- SecondsSinceEpoch: float64(time.Now().UnixNano()) / float64(time.Second/time.Nanosecond),
- NumFailuresByType: make(map[string]int),
- Tests: make(map[string]testResult),
- noneFailed: true,
- }
-}
-
-func (t *testOutput) addResult(name, result string) {
- if _, found := t.Tests[name]; found {
- panic(name)
- }
- t.Tests[name] = testResult{
- Actual: result,
- Expected: "PASS",
- IsUnexpected: result != "PASS",
- }
- t.NumFailuresByType[result]++
- if result != "PASS" && result != "UNIMPLEMENTED" {
- t.noneFailed = false
- }
-}
-
-func (t *testOutput) writeTo(name string) error {
- file, err := os.Create(name)
- if err != nil {
- return err
- }
- defer file.Close()
- out, err := json.MarshalIndent(t, "", " ")
- if err != nil {
- return err
- }
- _, err = file.Write(out)
- return err
-}
diff --git a/src/ssl/test/test_config.cc b/src/ssl/test/test_config.cc
index 52e6cf7..7447d5a 100644
--- a/src/ssl/test/test_config.cc
+++ b/src/ssl/test/test_config.cc
@@ -146,6 +146,7 @@
{ "-is-handshaker-supported", &TestConfig::is_handshaker_supported },
{ "-handshaker-resume", &TestConfig::handshaker_resume },
{ "-reverify-on-resume", &TestConfig::reverify_on_resume },
+ { "-jdk11-workaround", &TestConfig::jdk11_workaround },
};
const Flag<std::string> kStringFlags[] = {
@@ -1624,6 +1625,9 @@
return nullptr;
}
}
+ if (jdk11_workaround) {
+ SSL_set_jdk11_workaround(ssl.get(), 1);
+ }
if (session != NULL) {
if (!is_server) {
diff --git a/src/ssl/test/test_config.h b/src/ssl/test/test_config.h
index b65ca42..bffe911 100644
--- a/src/ssl/test/test_config.h
+++ b/src/ssl/test/test_config.h
@@ -169,6 +169,7 @@
bool is_handshaker_supported = false;
bool handshaker_resume = false;
std::string handshaker_path;
+ bool jdk11_workaround = false;
int argc;
char **argv;
diff --git a/src/ssl/tls13_both.cc b/src/ssl/tls13_both.cc
index 299fc14..6baeaf7 100644
--- a/src/ssl/tls13_both.cc
+++ b/src/ssl/tls13_both.cc
@@ -43,12 +43,15 @@
0x8c, 0x5e, 0x07, 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c,
};
+// See RFC 8446, section 4.1.3.
const uint8_t kTLS12DowngradeRandom[8] = {0x44, 0x4f, 0x57, 0x4e,
0x47, 0x52, 0x44, 0x00};
-
const uint8_t kTLS13DowngradeRandom[8] = {0x44, 0x4f, 0x57, 0x4e,
0x47, 0x52, 0x44, 0x01};
+// This is a non-standard randomly-generated value.
+const uint8_t kJDK11DowngradeRandom[8] = {0xed, 0xbf, 0xb4, 0xa8,
+ 0xc2, 0x47, 0x10, 0xff};
bool tls13_get_cert_verify_signature_input(
SSL_HANDSHAKE *hs, Array<uint8_t> *out,
diff --git a/src/ssl/tls13_client.cc b/src/ssl/tls13_client.cc
index fb56001..0d3e877 100644
--- a/src/ssl/tls13_client.cc
+++ b/src/ssl/tls13_client.cc
@@ -465,7 +465,7 @@
SSL *const ssl = hs->ssl;
// CertificateRequest may only be sent in non-resumption handshakes.
if (ssl->s3->session_reused) {
- if (ssl->ctx->reverify_on_resume) {
+ if (ssl->ctx->reverify_on_resume && !ssl->s3->early_data_accepted) {
hs->tls13_state = state_server_certificate_reverify;
return ssl_hs_ok;
}
diff --git a/src/ssl/tls13_server.cc b/src/ssl/tls13_server.cc
index 969d4b1..b4c4ca5 100644
--- a/src/ssl/tls13_server.cc
+++ b/src/ssl/tls13_server.cc
@@ -12,13 +12,6 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-// Per C99, various stdint.h macros are unavailable in C++ unless some macros
-// are defined. C++11 overruled this decision, but older Android NDKs still
-// require it.
-#if !defined(__STDC_LIMIT_MACROS)
-#define __STDC_LIMIT_MACROS
-#endif
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/src/third_party/fiat/curve25519.c b/src/third_party/fiat/curve25519.c
index 58a5ed0..15623c6 100644
--- a/src/third_party/fiat/curve25519.c
+++ b/src/third_party/fiat/curve25519.c
@@ -1396,8 +1396,8 @@
}
static void fe_copy_lt(fe_loose *h, const fe *f) {
- OPENSSL_COMPILE_ASSERT(sizeof(fe_loose) == sizeof(fe),
- fe_and_fe_loose_mismatch);
+ OPENSSL_STATIC_ASSERT(sizeof(fe_loose) == sizeof(fe),
+ "fe and fe_loose mismatch");
OPENSSL_memmove(h, f, sizeof(fe));
}
#if !defined(OPENSSL_SMALL)
diff --git a/src/third_party/fiat/p256.c b/src/third_party/fiat/p256.c
index c8e42a3..414b7e0 100644
--- a/src/third_party/fiat/p256.c
+++ b/src/third_party/fiat/p256.c
@@ -35,6 +35,7 @@
#include <openssl/mem.h>
#include <openssl/type_check.h>
+#include <assert.h>
#include <string.h>
#include "../../crypto/fipsmodule/delocate.h"
@@ -902,9 +903,9 @@
static void fe_to_generic(EC_FELEM *out, const fe in) {
// This works because 256 is a multiple of 64, so there are no excess bytes to
// zero when rounding up to |BN_ULONG|s.
- OPENSSL_COMPILE_ASSERT(
+ OPENSSL_STATIC_ASSERT(
256 / 8 == sizeof(BN_ULONG) * ((256 + BN_BITS2 - 1) / BN_BITS2),
- bytes_left_over);
+ "fe_tobytes leaves bytes uninitialized");
fe_tobytes(out->bytes, in);
}
@@ -1807,6 +1808,52 @@
fe_to_generic(&r->Z, ret[2]);
}
+static int ec_GFp_nistp256_cmp_x_coordinate(const EC_GROUP *group,
+ const EC_RAW_POINT *p,
+ const EC_SCALAR *r) {
+ if (ec_GFp_simple_is_at_infinity(group, p)) {
+ return 0;
+ }
+
+ // We wish to compare X/Z^2 with r. This is equivalent to comparing X with
+ // r*Z^2. Note that X and Z are represented in Montgomery form, while r is
+ // not.
+ fe Z2_mont;
+ fe_from_generic(Z2_mont, &p->Z);
+ fe_mul(Z2_mont, Z2_mont, Z2_mont);
+
+ fe r_Z2;
+ fe_frombytes(r_Z2, r->bytes); // r < order < p, so this is valid.
+ fe_mul(r_Z2, r_Z2, Z2_mont);
+
+ fe X;
+ fe_from_generic(X, &p->X);
+ fe_from_montgomery(X);
+
+ if (OPENSSL_memcmp(&r_Z2, &X, sizeof(r_Z2)) == 0) {
+ return 1;
+ }
+
+ // During signing the x coefficient is reduced modulo the group order.
+ // Therefore there is a small possibility, less than 1/2^128, that group_order
+ // < p.x < P. in that case we need not only to compare against |r| but also to
+ // compare against r+group_order.
+ assert(group->field.width == group->order.width);
+ if (bn_less_than_words(r->words, group->field_minus_order.words,
+ group->field.width)) {
+ // We can ignore the carry because: r + group_order < p < 2^256.
+ EC_FELEM tmp;
+ bn_add_words(tmp.words, r->words, group->order.d, group->order.width);
+ fe_from_generic(r_Z2, &tmp);
+ fe_mul(r_Z2, r_Z2, Z2_mont);
+ if (OPENSSL_memcmp(&r_Z2, &X, sizeof(r_Z2)) == 0) {
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistp256_method) {
out->group_init = ec_GFp_mont_group_init;
out->group_finish = ec_GFp_mont_group_finish;
@@ -1823,7 +1870,7 @@
out->felem_to_bignum = ec_GFp_mont_felem_to_bignum;
out->scalar_inv_montgomery = ec_simple_scalar_inv_montgomery;
out->scalar_inv_montgomery_vartime = ec_GFp_simple_mont_inv_mod_ord_vartime;
- out->cmp_x_coordinate = ec_GFp_simple_cmp_x_coordinate;
+ out->cmp_x_coordinate = ec_GFp_nistp256_cmp_x_coordinate;
};
#undef BORINGSSL_NISTP256_64BIT
diff --git a/src/tool/server.cc b/src/tool/server.cc
index c4b23bf..a655db5 100644
--- a/src/tool/server.cc
+++ b/src/tool/server.cc
@@ -85,6 +85,10 @@
"The server will require a client certificate.",
},
{
+ "-jdk11-workaround", kBooleanArgument,
+ "Enable the JDK 11 workaround",
+ },
+ {
"", kOptionalArgument, "",
},
};
@@ -365,6 +369,10 @@
bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
SSL_set_bio(ssl.get(), bio, bio);
+ if (args_map.count("-jdk11-workaround") != 0) {
+ SSL_set_jdk11_workaround(ssl.get(), 1);
+ }
+
int ret = SSL_accept(ssl.get());
if (ret != 1) {
int ssl_err = SSL_get_error(ssl.get(), ret);
diff --git a/src/util/all_tests.go b/src/util/all_tests.go
index d5794fc..55e1921 100644
--- a/src/util/all_tests.go
+++ b/src/util/all_tests.go
@@ -18,6 +18,7 @@
"bufio"
"bytes"
"encoding/json"
+ "errors"
"flag"
"fmt"
"math/rand"
@@ -29,7 +30,8 @@
"strings"
"sync"
"syscall"
- "time"
+
+ "boringssl.googlesource.com/boringssl/util/testresult"
)
// TODO(davidben): Link tests with the malloc shim and port -malloc-test to this runner.
@@ -45,13 +47,19 @@
jsonOutput = flag.String("json-output", "", "The file to output JSON results to.")
mallocTest = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.")
mallocTestDebug = flag.Bool("malloc-test-debug", false, "If true, ask each test to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.")
+ simulateARMCPUs = flag.Bool("simulate-arm-cpus", simulateARMCPUsDefault(), "If true, runs tests simulating different ARM CPUs.")
)
+func simulateARMCPUsDefault() bool {
+ return runtime.GOOS == "linux" && (runtime.GOARCH == "arm" || runtime.GOARCH == "arm64")
+}
+
type test struct {
args []string
shard, numShards int
- // cpu, if not empty, contains an Intel CPU code to simulate. Run
- // `sde64 -help` to get a list of these codes.
+ // cpu, if not empty, contains a code to simulate. For SDE, run `sde64
+ // -help` to get a list of these codes. For ARM, see gtest_main.cc for
+ // the supported values.
cpu string
}
@@ -61,23 +69,6 @@
Error error
}
-// testOutput is a representation of Chromium's JSON test result format. See
-// https://www.chromium.org/developers/the-json-test-results-format
-type testOutput struct {
- Version int `json:"version"`
- Interrupted bool `json:"interrupted"`
- PathDelimiter string `json:"path_delimiter"`
- SecondsSinceEpoch float64 `json:"seconds_since_epoch"`
- NumFailuresByType map[string]int `json:"num_failures_by_type"`
- Tests map[string]testResult `json:"tests"`
-}
-
-type testResult struct {
- Actual string `json:"actual"`
- Expected string `json:"expected"`
- IsUnexpected bool `json:"is_unexpected"`
-}
-
// sdeCPUs contains a list of CPU code that we run all tests under when *useSDE
// is true.
var sdeCPUs = []string{
@@ -100,40 +91,10 @@
"knm", // Knights Mill
}
-func newTestOutput() *testOutput {
- return &testOutput{
- Version: 3,
- PathDelimiter: ".",
- SecondsSinceEpoch: float64(time.Now().UnixNano()) / float64(time.Second/time.Nanosecond),
- NumFailuresByType: make(map[string]int),
- Tests: make(map[string]testResult),
- }
-}
-
-func (t *testOutput) addResult(name, result string) {
- if _, found := t.Tests[name]; found {
- panic(name)
- }
- t.Tests[name] = testResult{
- Actual: result,
- Expected: "PASS",
- IsUnexpected: result != "PASS",
- }
- t.NumFailuresByType[result]++
-}
-
-func (t *testOutput) writeTo(name string) error {
- file, err := os.Create(name)
- if err != nil {
- return err
- }
- defer file.Close()
- out, err := json.MarshalIndent(t, "", " ")
- if err != nil {
- return err
- }
- _, err = file.Write(out)
- return err
+var armCPUs = []string{
+ "none", // No support for any ARM extensions.
+ "neon", // Support for NEON.
+ "crypto", // Support for NEON and crypto extensions.
}
func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd {
@@ -178,17 +139,17 @@
return exec.Command(*sdePath, sdeArgs...)
}
-type moreMallocsError struct{}
-
-func (moreMallocsError) Error() string {
- return "child process did not exhaust all allocation calls"
-}
-
-var errMoreMallocs = moreMallocsError{}
+var (
+ errMoreMallocs = errors.New("child process did not exhaust all allocation calls")
+ errTestSkipped = errors.New("test was skipped")
+)
func runTestOnce(test test, mallocNumToFail int64) (passed bool, err error) {
prog := path.Join(*buildDir, test.args[0])
args := test.args[1:]
+ if *simulateARMCPUs && test.cpu != "" {
+ args = append([]string{"--cpu=" + test.cpu}, args...)
+ }
var cmd *exec.Cmd
if *useValgrind {
cmd = valgrindOf(false, prog, args...)
@@ -218,8 +179,12 @@
}
if err := cmd.Wait(); err != nil {
if exitError, ok := err.(*exec.ExitError); ok {
- if exitError.Sys().(syscall.WaitStatus).ExitStatus() == 88 {
+ switch exitError.Sys().(syscall.WaitStatus).ExitStatus() {
+ case 88:
return false, errMoreMallocs
+ case 89:
+ fmt.Print(string(outBuf.Bytes()))
+ return false, errTestSkipped
}
}
fmt.Print(string(outBuf.Bytes()))
@@ -433,6 +398,15 @@
testForCPU.cpu = cpu
tests <- testForCPU
}
+ } else if *simulateARMCPUs {
+ // This mode is run instead of the default path,
+ // so also include the native flow.
+ tests <- test
+ for _, cpu := range armCPUs {
+ testForCPU := test
+ testForCPU.cpu = cpu
+ tests <- testForCPU
+ }
} else {
shards, err := test.getGTestShards()
if err != nil {
@@ -450,34 +424,46 @@
close(results)
}()
- testOutput := newTestOutput()
- var failed []test
+ testOutput := testresult.NewResults()
+ var failed, skipped []test
for testResult := range results {
test := testResult.Test
args := test.args
- if testResult.Error != nil {
+ if testResult.Error == errTestSkipped {
+ fmt.Printf("%s\n", test.longName())
+ fmt.Printf("%s was skipped\n", args[0])
+ skipped = append(skipped, test)
+ testOutput.AddSkip(test.longName())
+ } else if testResult.Error != nil {
fmt.Printf("%s\n", test.longName())
fmt.Printf("%s failed to complete: %s\n", args[0], testResult.Error)
failed = append(failed, test)
- testOutput.addResult(test.longName(), "CRASHED")
+ testOutput.AddResult(test.longName(), "CRASH")
} else if !testResult.Passed {
fmt.Printf("%s\n", test.longName())
fmt.Printf("%s failed to print PASS on the last line.\n", args[0])
failed = append(failed, test)
- testOutput.addResult(test.longName(), "FAIL")
+ testOutput.AddResult(test.longName(), "FAIL")
} else {
fmt.Printf("%s\n", test.shortName())
- testOutput.addResult(test.longName(), "PASS")
+ testOutput.AddResult(test.longName(), "PASS")
}
}
if *jsonOutput != "" {
- if err := testOutput.writeTo(*jsonOutput); err != nil {
+ if err := testOutput.WriteToFile(*jsonOutput); err != nil {
fmt.Fprintf(os.Stderr, "Error: %s\n", err)
}
}
+ if len(skipped) > 0 {
+ fmt.Printf("\n%d of %d tests were skipped:\n", len(skipped), len(testCases))
+ for _, test := range skipped {
+ fmt.Printf("\t%s%s\n", strings.Join(test.args, " "), test.cpuMsg())
+ }
+ }
+
if len(failed) > 0 {
fmt.Printf("\n%d of %d tests failed:\n", len(failed), len(testCases))
for _, test := range failed {
diff --git a/src/util/testresult/testresult.go b/src/util/testresult/testresult.go
new file mode 100644
index 0000000..5226716
--- /dev/null
+++ b/src/util/testresult/testresult.go
@@ -0,0 +1,95 @@
+/* Copyright (c) 2018, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+// testresult is an implementation of Chromium's JSON test result format. See
+// https://chromium.googlesource.com/chromium/src/+/master/docs/testing/json_test_results_format.md
+package testresult
+
+import (
+ "encoding/json"
+ "os"
+ "time"
+)
+
+// Results stores the top-level test results.
+type Results struct {
+ Version int `json:"version"`
+ Interrupted bool `json:"interrupted"`
+ PathDelimiter string `json:"path_delimiter"`
+ SecondsSinceEpoch float64 `json:"seconds_since_epoch"`
+ NumFailuresByType map[string]int `json:"num_failures_by_type"`
+ Tests map[string]Result `json:"tests"`
+}
+
+func NewResults() *Results {
+ return &Results{
+ Version: 3,
+ PathDelimiter: ".",
+ SecondsSinceEpoch: float64(time.Now().UnixNano()) / float64(time.Second/time.Nanosecond),
+ NumFailuresByType: make(map[string]int),
+ Tests: make(map[string]Result),
+ }
+}
+
+func (t *Results) addResult(name, result, expected string) {
+ if _, found := t.Tests[name]; found {
+ panic(name)
+ }
+ t.Tests[name] = Result{
+ Actual: result,
+ Expected: expected,
+ IsUnexpected: result != expected,
+ }
+ t.NumFailuresByType[result]++
+}
+
+// AddResult records a test result with the given result string. The test is a
+// failure if the result is not "PASS".
+func (t *Results) AddResult(name, result string) {
+ t.addResult(name, result, "PASS")
+}
+
+// AddSkip marks a test as being skipped. It is not considered a failure.
+func (t *Results) AddSkip(name string) {
+ t.addResult(name, "SKIP", "SKIP")
+}
+
+func (t *Results) HasUnexpectedResults() bool {
+ for _, r := range t.Tests {
+ if r.IsUnexpected {
+ return false
+ }
+ }
+ return true
+}
+
+func (t *Results) WriteToFile(name string) error {
+ file, err := os.Create(name)
+ if err != nil {
+ return err
+ }
+ defer file.Close()
+ out, err := json.MarshalIndent(t, "", " ")
+ if err != nil {
+ return err
+ }
+ _, err = file.Write(out)
+ return err
+}
+
+type Result struct {
+ Actual string `json:"actual"`
+ Expected string `json:"expected"`
+ IsUnexpected bool `json:"is_unexpected"`
+}
diff --git a/win-x86/crypto/chacha/chacha-x86.asm b/win-x86/crypto/chacha/chacha-x86.asm
index 3ba31a2..639a3cb 100644
--- a/win-x86/crypto/chacha/chacha-x86.asm
+++ b/win-x86/crypto/chacha/chacha-x86.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
%ifidn __OUTPUT_FORMAT__,obj
section code use32 class=code align=64
%elifidn __OUTPUT_FORMAT__,win32
diff --git a/win-x86/crypto/fipsmodule/aes-586.asm b/win-x86/crypto/fipsmodule/aes-586.asm
index a431f7b..80e4826 100644
--- a/win-x86/crypto/fipsmodule/aes-586.asm
+++ b/win-x86/crypto/fipsmodule/aes-586.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
%ifidn __OUTPUT_FORMAT__,obj
section code use32 class=code align=64
%elifidn __OUTPUT_FORMAT__,win32
diff --git a/win-x86/crypto/fipsmodule/aesni-x86.asm b/win-x86/crypto/fipsmodule/aesni-x86.asm
index a9a5956..9ed8932 100644
--- a/win-x86/crypto/fipsmodule/aesni-x86.asm
+++ b/win-x86/crypto/fipsmodule/aesni-x86.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
%ifidn __OUTPUT_FORMAT__,obj
section code use32 class=code align=64
%elifidn __OUTPUT_FORMAT__,win32
diff --git a/win-x86/crypto/fipsmodule/bn-586.asm b/win-x86/crypto/fipsmodule/bn-586.asm
index b222040..20c3ddf 100644
--- a/win-x86/crypto/fipsmodule/bn-586.asm
+++ b/win-x86/crypto/fipsmodule/bn-586.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
%ifidn __OUTPUT_FORMAT__,obj
section code use32 class=code align=64
%elifidn __OUTPUT_FORMAT__,win32
diff --git a/win-x86/crypto/fipsmodule/co-586.asm b/win-x86/crypto/fipsmodule/co-586.asm
index 5780dc8..0f89d1b 100644
--- a/win-x86/crypto/fipsmodule/co-586.asm
+++ b/win-x86/crypto/fipsmodule/co-586.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
%ifidn __OUTPUT_FORMAT__,obj
section code use32 class=code align=64
%elifidn __OUTPUT_FORMAT__,win32
diff --git a/win-x86/crypto/fipsmodule/ghash-x86.asm b/win-x86/crypto/fipsmodule/ghash-x86.asm
index 1d350d6..faa7344 100644
--- a/win-x86/crypto/fipsmodule/ghash-x86.asm
+++ b/win-x86/crypto/fipsmodule/ghash-x86.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
%ifidn __OUTPUT_FORMAT__,obj
section code use32 class=code align=64
%elifidn __OUTPUT_FORMAT__,win32
diff --git a/win-x86/crypto/fipsmodule/md5-586.asm b/win-x86/crypto/fipsmodule/md5-586.asm
index 67ee216..9060060 100644
--- a/win-x86/crypto/fipsmodule/md5-586.asm
+++ b/win-x86/crypto/fipsmodule/md5-586.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
%ifidn __OUTPUT_FORMAT__,obj
section code use32 class=code align=64
%elifidn __OUTPUT_FORMAT__,win32
diff --git a/win-x86/crypto/fipsmodule/sha1-586.asm b/win-x86/crypto/fipsmodule/sha1-586.asm
index cee8c62..7888ea2 100644
--- a/win-x86/crypto/fipsmodule/sha1-586.asm
+++ b/win-x86/crypto/fipsmodule/sha1-586.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
%ifidn __OUTPUT_FORMAT__,obj
section code use32 class=code align=64
%elifidn __OUTPUT_FORMAT__,win32
diff --git a/win-x86/crypto/fipsmodule/sha256-586.asm b/win-x86/crypto/fipsmodule/sha256-586.asm
index 3e7cfcc..e48cb0d 100644
--- a/win-x86/crypto/fipsmodule/sha256-586.asm
+++ b/win-x86/crypto/fipsmodule/sha256-586.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
%ifidn __OUTPUT_FORMAT__,obj
section code use32 class=code align=64
%elifidn __OUTPUT_FORMAT__,win32
diff --git a/win-x86/crypto/fipsmodule/sha512-586.asm b/win-x86/crypto/fipsmodule/sha512-586.asm
index 88ed0b3..a6acc55 100644
--- a/win-x86/crypto/fipsmodule/sha512-586.asm
+++ b/win-x86/crypto/fipsmodule/sha512-586.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
%ifidn __OUTPUT_FORMAT__,obj
section code use32 class=code align=64
%elifidn __OUTPUT_FORMAT__,win32
diff --git a/win-x86/crypto/fipsmodule/vpaes-x86.asm b/win-x86/crypto/fipsmodule/vpaes-x86.asm
index b08b056..e3e4238 100644
--- a/win-x86/crypto/fipsmodule/vpaes-x86.asm
+++ b/win-x86/crypto/fipsmodule/vpaes-x86.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
%ifidn __OUTPUT_FORMAT__,obj
section code use32 class=code align=64
%elifidn __OUTPUT_FORMAT__,win32
diff --git a/win-x86/crypto/fipsmodule/x86-mont.asm b/win-x86/crypto/fipsmodule/x86-mont.asm
index befb2fb..f8800c6 100644
--- a/win-x86/crypto/fipsmodule/x86-mont.asm
+++ b/win-x86/crypto/fipsmodule/x86-mont.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
%ifidn __OUTPUT_FORMAT__,obj
section code use32 class=code align=64
%elifidn __OUTPUT_FORMAT__,win32
diff --git a/win-x86_64/crypto/chacha/chacha-x86_64.asm b/win-x86_64/crypto/chacha/chacha-x86_64.asm
index 712c344..d79ac32 100644
--- a/win-x86_64/crypto/chacha/chacha-x86_64.asm
+++ b/win-x86_64/crypto/chacha/chacha-x86_64.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
default rel
%define XMMWORD
%define YMMWORD
diff --git a/win-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.asm b/win-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.asm
index 7698cc5..e711826 100644
--- a/win-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.asm
+++ b/win-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
default rel
%define XMMWORD
%define YMMWORD
diff --git a/win-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.asm b/win-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.asm
index a62a346..9b226ed 100644
--- a/win-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.asm
+++ b/win-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
default rel
%define XMMWORD
%define YMMWORD
diff --git a/win-x86_64/crypto/fipsmodule/aes-x86_64.asm b/win-x86_64/crypto/fipsmodule/aes-x86_64.asm
index 7edf417..d714d5c 100644
--- a/win-x86_64/crypto/fipsmodule/aes-x86_64.asm
+++ b/win-x86_64/crypto/fipsmodule/aes-x86_64.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
default rel
%define XMMWORD
%define YMMWORD
diff --git a/win-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.asm b/win-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.asm
index cfdbe7c..bb715a1 100644
--- a/win-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.asm
+++ b/win-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
default rel
%define XMMWORD
%define YMMWORD
diff --git a/win-x86_64/crypto/fipsmodule/aesni-x86_64.asm b/win-x86_64/crypto/fipsmodule/aesni-x86_64.asm
index e9af4df..1b56679 100644
--- a/win-x86_64/crypto/fipsmodule/aesni-x86_64.asm
+++ b/win-x86_64/crypto/fipsmodule/aesni-x86_64.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
default rel
%define XMMWORD
%define YMMWORD
diff --git a/win-x86_64/crypto/fipsmodule/bsaes-x86_64.asm b/win-x86_64/crypto/fipsmodule/bsaes-x86_64.asm
index 57e3156..7dc0c5a 100644
--- a/win-x86_64/crypto/fipsmodule/bsaes-x86_64.asm
+++ b/win-x86_64/crypto/fipsmodule/bsaes-x86_64.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
default rel
%define XMMWORD
%define YMMWORD
diff --git a/win-x86_64/crypto/fipsmodule/ghash-x86_64.asm b/win-x86_64/crypto/fipsmodule/ghash-x86_64.asm
index 230f42c..31d601a 100644
--- a/win-x86_64/crypto/fipsmodule/ghash-x86_64.asm
+++ b/win-x86_64/crypto/fipsmodule/ghash-x86_64.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
default rel
%define XMMWORD
%define YMMWORD
diff --git a/win-x86_64/crypto/fipsmodule/md5-x86_64.asm b/win-x86_64/crypto/fipsmodule/md5-x86_64.asm
index 2c799de..2f79e33 100644
--- a/win-x86_64/crypto/fipsmodule/md5-x86_64.asm
+++ b/win-x86_64/crypto/fipsmodule/md5-x86_64.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
default rel
%define XMMWORD
%define YMMWORD
diff --git a/win-x86_64/crypto/fipsmodule/p256-x86_64-asm.asm b/win-x86_64/crypto/fipsmodule/p256-x86_64-asm.asm
index ad578b9..54a87bb 100644
--- a/win-x86_64/crypto/fipsmodule/p256-x86_64-asm.asm
+++ b/win-x86_64/crypto/fipsmodule/p256-x86_64-asm.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
default rel
%define XMMWORD
%define YMMWORD
diff --git a/win-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.asm b/win-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.asm
index 9023d8d..81c09ce 100644
--- a/win-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.asm
+++ b/win-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
default rel
%define XMMWORD
%define YMMWORD
diff --git a/win-x86_64/crypto/fipsmodule/rdrand-x86_64.asm b/win-x86_64/crypto/fipsmodule/rdrand-x86_64.asm
index db379dd..a34249b 100644
--- a/win-x86_64/crypto/fipsmodule/rdrand-x86_64.asm
+++ b/win-x86_64/crypto/fipsmodule/rdrand-x86_64.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
default rel
%define XMMWORD
%define YMMWORD
diff --git a/win-x86_64/crypto/fipsmodule/rsaz-avx2.asm b/win-x86_64/crypto/fipsmodule/rsaz-avx2.asm
index 155c5e4..5165c58 100644
--- a/win-x86_64/crypto/fipsmodule/rsaz-avx2.asm
+++ b/win-x86_64/crypto/fipsmodule/rsaz-avx2.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
default rel
%define XMMWORD
%define YMMWORD
diff --git a/win-x86_64/crypto/fipsmodule/sha1-x86_64.asm b/win-x86_64/crypto/fipsmodule/sha1-x86_64.asm
index cec6e2b..62dcc62 100644
--- a/win-x86_64/crypto/fipsmodule/sha1-x86_64.asm
+++ b/win-x86_64/crypto/fipsmodule/sha1-x86_64.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
default rel
%define XMMWORD
%define YMMWORD
diff --git a/win-x86_64/crypto/fipsmodule/sha256-x86_64.asm b/win-x86_64/crypto/fipsmodule/sha256-x86_64.asm
index 5c78767..68c74cc 100644
--- a/win-x86_64/crypto/fipsmodule/sha256-x86_64.asm
+++ b/win-x86_64/crypto/fipsmodule/sha256-x86_64.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
default rel
%define XMMWORD
%define YMMWORD
diff --git a/win-x86_64/crypto/fipsmodule/sha512-x86_64.asm b/win-x86_64/crypto/fipsmodule/sha512-x86_64.asm
index 6447391..ea6c4f1 100644
--- a/win-x86_64/crypto/fipsmodule/sha512-x86_64.asm
+++ b/win-x86_64/crypto/fipsmodule/sha512-x86_64.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
default rel
%define XMMWORD
%define YMMWORD
diff --git a/win-x86_64/crypto/fipsmodule/vpaes-x86_64.asm b/win-x86_64/crypto/fipsmodule/vpaes-x86_64.asm
index 015c0b2..d1d1fe7 100644
--- a/win-x86_64/crypto/fipsmodule/vpaes-x86_64.asm
+++ b/win-x86_64/crypto/fipsmodule/vpaes-x86_64.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
default rel
%define XMMWORD
%define YMMWORD
diff --git a/win-x86_64/crypto/fipsmodule/x86_64-mont.asm b/win-x86_64/crypto/fipsmodule/x86_64-mont.asm
index d28d117..d6d8bdd 100644
--- a/win-x86_64/crypto/fipsmodule/x86_64-mont.asm
+++ b/win-x86_64/crypto/fipsmodule/x86_64-mont.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
default rel
%define XMMWORD
%define YMMWORD
diff --git a/win-x86_64/crypto/fipsmodule/x86_64-mont5.asm b/win-x86_64/crypto/fipsmodule/x86_64-mont5.asm
index 8cbce47..2ef94fc 100644
--- a/win-x86_64/crypto/fipsmodule/x86_64-mont5.asm
+++ b/win-x86_64/crypto/fipsmodule/x86_64-mont5.asm
@@ -1,3 +1,6 @@
+; This file is generated from a similarly-named Perl script in the BoringSSL
+; source tree. Do not edit by hand.
+
default rel
%define XMMWORD
%define YMMWORD
