mirror of
https://github.com/opnsense/src.git
synced 2026-06-08 08:12:27 -04:00
315108b816
Major changes between OpenSSL 3.0.10 and OpenSSL 3.0.11: * Fix POLY1305 MAC implementation corrupting XMM registers on Windows ([CVE-2023-4807]) Release notes can otherwise be found at https://www.openssl.org/news/openssl-3.0-notes.html. Obtained from: https://www.openssl.org/source/openssl-3.0.11.tar.gz Sponsored by: The FreeBSD Foundation Test Plan: ``` $ git status On branch vendor/openssl-3.0 Your branch is up to date with 'origin/vendor/openssl-3.0'. nothing to commit, working tree clean $ OSSLVER=3.0.11 $ XLIST=FREEBSD-Xlist $ (cd ..; fetch https://www.openssl.org/source/openssl-${OSSLVER}.tar.gz https://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc) openssl-3.0.11.tar.gz 14 MB 17 MBps 01s openssl-3.0.11.tar.gz.asc 833 B 8301 kBps 00s $ gpg --list-keys /home/khorben/.gnupg/pubring.kbx -------------------------------- pub rsa4096 2011-03-01 [SCA] DC34EE5DB2417BCC151E5100E5F8F8212F77A498 uid [ unknown] Willem Toorop <willem@nlnetlabs.nl> sub rsa4096 2011-03-01 [E] pub rsa4096 2014-10-04 [SC] [expires: 2024-01-30] EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5 uid [ unknown] OpenSSL security team <openssl-security@openssl.org> uid [ unknown] OpenSSL OMC <openssl-omc@openssl.org> uid [ unknown] OpenSSL Security <openssl-security@openssl.org> sub rsa4096 2014-10-04 [E] [expires: 2024-01-30] $ gpg --verify ../openssl-${OSSLVER}.tar.gz.asc ../openssl-${OSSLVER}.tar.gz gpg: Signature made Tue Sep 19 15:02:51 2023 CEST gpg: using RSA key EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5 gpg: Good signature from "OpenSSL security team <openssl-security@openssl.org>" [unknown] gpg: aka "OpenSSL OMC <openssl-omc@openssl.org>" [unknown] gpg: aka "OpenSSL Security <openssl-security@openssl.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: EFC0 A467 D613 CB83 C7ED 6D30 D894 E2CE 8B3D 79F5 $ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C .. $ rsync --exclude FREEBSD.* --delete -av ../openssl-${OSSLVER}/* . [...] $ diff -arq ../openssl-${OSSLVER} . Only in .: .git Only in .: FREEBSD-Xlist Only in .: FREEBSD-upgrade Only in .: appveyor.yml $ git status FREEBSD* On branch vendor/openssl-3.0 Your branch is up to date with 'origin/vendor/openssl-3.0'. nothing to commit, working tree clean ``` |
||
|---|---|---|
| .. | ||
| arm-xlate.pl | ||
| cbc.pl | ||
| ppc-xlate.pl | ||
| README.md | ||
| s390x.pm | ||
| sparcv9_modes.pl | ||
| x86_64-support.pl | ||
| x86_64-xlate.pl | ||
| x86asm.pl | ||
| x86gas.pl | ||
| x86masm.pl | ||
| x86nasm.pl | ||
Perl scripts for assembler sources
The perl scripts in this directory are my 'hack' to generate multiple different assembler formats via the one original script.
The way to use this library is to start with adding the path to this directory and then include it.
push(@INC,"perlasm","../../perlasm");
require "x86asm.pl";
The first thing we do is setup the file and type of assembler
&asm_init($ARGV[0]);
The first argument is the 'type'. Currently
cpp, sol, a.out, elf or win32.
The second argument is the file name.
The reciprocal function is
&asm_finish() which should be called at the end.
There are two main 'packages'. x86ms.pl, which is the Microsoft assembler,
and x86unix.pl which is the unix (gas) version.
Functions of interest are:
&external_label("des_SPtrans"); declare and external variable
&LB(reg); Low byte for a register
&HB(reg); High byte for a register
&BP(off,base,index,scale) Byte pointer addressing
&DWP(off,base,index,scale) Word pointer addressing
&stack_push(num) Basically a 'sub esp, num*4' with extra
&stack_pop(num) inverse of stack_push
&function_begin(name,extra) Start a function with pushing of
edi, esi, ebx and ebp. extra is extra win32
external info that may be required.
&function_begin_B(name,extra) Same as normal function_begin but no
pushing.
&function_end(name) Call at end of function.
&function_end_A(name) Standard pop and ret, for use inside
functions.
&function_end_B(name) Call at end but with pop or ret.
&swtmp(num) Address on stack temp word.
&wparam(num) Parameter number num, that was push in
C convention. This all works over pushes
and pops.
&comment("hello there") Put in a comment.
&label("loop") Refer to a label, normally a jmp target.
&set_label("loop") Set a label at this point.
&data_word(word) Put in a word of data.
So how does this all hold together? Given
int calc(int len, int *data)
{
int i,j=0;
for (i=0; i<len; i++)
{
j+=other(data[i]);
}
}
So a very simple version of this function could be coded as
push(@INC,"perlasm","../../perlasm");
require "x86asm.pl";
&asm_init($ARGV[0]);
&external_label("other");
$tmp1= "eax";
$j= "edi";
$data= "esi";
$i= "ebp";
&comment("a simple function");
&function_begin("calc");
&mov( $data, &wparam(1)); # data
&xor( $j, $j);
&xor( $i, $i);
&set_label("loop");
&cmp( $i, &wparam(0));
&jge( &label("end"));
&mov( $tmp1, &DWP(0,$data,$i,4));
&push( $tmp1);
&call( "other");
&add( $j, "eax");
&pop( $tmp1);
&inc( $i);
&jmp( &label("loop"));
&set_label("end");
&mov( "eax", $j);
&function_end("calc");
&asm_finish();
The above example is very very unoptimised but gives an idea of how things work.
There is also a cbc mode function generator in cbc.pl
&cbc($name,
$encrypt_function_name,
$decrypt_function_name,
$true_if_byte_swap_needed,
$parameter_number_for_iv,
$parameter_number_for_encrypt_flag,
$first_parameter_to_pass,
$second_parameter_to_pass,
$third_parameter_to_pass);
So for example, given
void BF_encrypt(BF_LONG *data,BF_KEY *key);
void BF_decrypt(BF_LONG *data,BF_KEY *key);
void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
BF_KEY *ks, unsigned char *iv, int enc);
&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",1,4,5,3,-1,-1);
&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);