Date: Thu, 8 Jan 2015 22:50:45 +0000 (UTC) From: Jung-uk Kim <jkim@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r276859 - in vendor-crypto/openssl/dist-0.9.8: . crypto crypto/asn1 crypto/bn crypto/bn/asm crypto/dsa crypto/ecdsa crypto/evp crypto/rsa crypto/x509 doc/ssl ssl util Message-ID: <201501082250.t08MojRM050689@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jkim Date: Thu Jan 8 22:50:44 2015 New Revision: 276859 URL: https://svnweb.freebsd.org/changeset/base/276859 Log: Import OpenSSL 0.9.8zd. Modified: vendor-crypto/openssl/dist-0.9.8/CHANGES vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade vendor-crypto/openssl/dist-0.9.8/Makefile vendor-crypto/openssl/dist-0.9.8/NEWS vendor-crypto/openssl/dist-0.9.8/README vendor-crypto/openssl/dist-0.9.8/crypto/Makefile vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_bitstr.c vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_type.c vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_verify.c vendor-crypto/openssl/dist-0.9.8/crypto/asn1/asn1.h vendor-crypto/openssl/dist-0.9.8/crypto/asn1/asn1_err.c vendor-crypto/openssl/dist-0.9.8/crypto/asn1/tasn_dec.c vendor-crypto/openssl/dist-0.9.8/crypto/asn1/x_algor.c vendor-crypto/openssl/dist-0.9.8/crypto/bn/asm/mips3.s vendor-crypto/openssl/dist-0.9.8/crypto/bn/asm/x86_64-gcc.c vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_asm.c vendor-crypto/openssl/dist-0.9.8/crypto/bn/bntest.c vendor-crypto/openssl/dist-0.9.8/crypto/bn/exptest.c vendor-crypto/openssl/dist-0.9.8/crypto/constant_time_locl.h vendor-crypto/openssl/dist-0.9.8/crypto/dsa/dsa_asn1.c vendor-crypto/openssl/dist-0.9.8/crypto/ecdsa/Makefile vendor-crypto/openssl/dist-0.9.8/crypto/ecdsa/ecs_vrf.c vendor-crypto/openssl/dist-0.9.8/crypto/evp/Makefile vendor-crypto/openssl/dist-0.9.8/crypto/evp/evp_enc.c vendor-crypto/openssl/dist-0.9.8/crypto/md32_common.h vendor-crypto/openssl/dist-0.9.8/crypto/opensslv.h vendor-crypto/openssl/dist-0.9.8/crypto/rsa/rsa_oaep.c vendor-crypto/openssl/dist-0.9.8/crypto/rsa/rsa_pk1.c vendor-crypto/openssl/dist-0.9.8/crypto/x509/x509.h vendor-crypto/openssl/dist-0.9.8/crypto/x509/x_all.c vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_set_mode.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_set_options.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod vendor-crypto/openssl/dist-0.9.8/e_os.h vendor-crypto/openssl/dist-0.9.8/openssl.spec vendor-crypto/openssl/dist-0.9.8/ssl/d1_pkt.c vendor-crypto/openssl/dist-0.9.8/ssl/d1_srvr.c vendor-crypto/openssl/dist-0.9.8/ssl/s23_srvr.c vendor-crypto/openssl/dist-0.9.8/ssl/s3_clnt.c vendor-crypto/openssl/dist-0.9.8/ssl/s3_pkt.c vendor-crypto/openssl/dist-0.9.8/ssl/s3_srvr.c vendor-crypto/openssl/dist-0.9.8/ssl/ssl.h vendor-crypto/openssl/dist-0.9.8/ssl/ssl_lib.c vendor-crypto/openssl/dist-0.9.8/util/libeay.num vendor-crypto/openssl/dist-0.9.8/util/mk1mf.pl Modified: vendor-crypto/openssl/dist-0.9.8/CHANGES ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/CHANGES Thu Jan 8 22:41:41 2015 (r276858) +++ vendor-crypto/openssl/dist-0.9.8/CHANGES Thu Jan 8 22:50:44 2015 (r276859) @@ -2,6 +2,87 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8zc and 0.9.8zd [8 Jan 2015] + + *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS + message can cause a segmentation fault in OpenSSL due to a NULL pointer + dereference. This could lead to a Denial Of Service attack. Thanks to + Markus Stenberg of Cisco Systems, Inc. for reporting this issue. + (CVE-2014-3571) + [Steve Henson] + + *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is + built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl + method would be set to NULL which could later result in a NULL pointer + dereference. Thanks to Frank Schmirler for reporting this issue. + (CVE-2014-3569) + [Kurt Roeckx] + + *) Abort handshake if server key exchange message is omitted for ephemeral + ECDH ciphersuites. + + Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for + reporting this issue. + (CVE-2014-3572) + [Steve Henson] + + *) Remove non-export ephemeral RSA code on client and server. This code + violated the TLS standard by allowing the use of temporary RSA keys in + non-export ciphersuites and could be used by a server to effectively + downgrade the RSA key length used to a value smaller than the server + certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at + INRIA or reporting this issue. + (CVE-2015-0204) + [Steve Henson] + + *) Fix various certificate fingerprint issues. + + By using non-DER or invalid encodings outside the signed portion of a + certificate the fingerprint can be changed without breaking the signature. + Although no details of the signed portion of the certificate can be changed + this can cause problems with some applications: e.g. those using the + certificate fingerprint for blacklists. + + 1. Reject signatures with non zero unused bits. + + If the BIT STRING containing the signature has non zero unused bits reject + the signature. All current signature algorithms require zero unused bits. + + 2. Check certificate algorithm consistency. + + Check the AlgorithmIdentifier inside TBS matches the one in the + certificate signature. NB: this will result in signature failure + errors for some broken certificates. + + Thanks to Konrad Kraszewski from Google for reporting this issue. + + 3. Check DSA/ECDSA signatures use DER. + + Reencode DSA/ECDSA signatures and compare with the original received + signature. Return an error if there is a mismatch. + + This will reject various cases including garbage after signature + (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS + program for discovering this case) and use of BER or invalid ASN.1 INTEGERs + (negative or with leading zeroes). + + Further analysis was conducted and fixes were developed by Stephen Henson + of the OpenSSL core team. + + (CVE-2014-8275) + [Steve Henson] + + *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect + results on some platforms, including x86_64. This bug occurs at random + with a very low probability, and is not known to be exploitable in any + way, though its exact impact is difficult to determine. Thanks to Pieter + Wuille (Blockstream) who reported this issue and also suggested an initial + fix. Further analysis was conducted by the OpenSSL development team and + Adam Langley of Google. The final fix was developed by Andy Polyakov of + the OpenSSL core team. + (CVE-2014-3570) + [Andy Polyakov] + Changes between 0.9.8zb and 0.9.8zc [15 Oct 2014] *) Session Ticket Memory Leak. Modified: vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade Thu Jan 8 22:41:41 2015 (r276858) +++ vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade Thu Jan 8 22:50:44 2015 (r276859) @@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/Subv # Xlist setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist setenv FSVN "svn+ssh://svn.freebsd.org/base" -setenv OSSLVER 0.9.8zc -# OSSLTAG format: v0_9_8zc +setenv OSSLVER 0.9.8zd +# OSSLTAG format: v0_9_8zd ###setenv OSSLTAG v`echo ${OSSLVER} | tr . _` Modified: vendor-crypto/openssl/dist-0.9.8/Makefile ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/Makefile Thu Jan 8 22:41:41 2015 (r276858) +++ vendor-crypto/openssl/dist-0.9.8/Makefile Thu Jan 8 22:50:44 2015 (r276859) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=0.9.8zc +VERSION=0.9.8zd MAJOR=0 MINOR=9.8 SHLIB_VERSION_NUMBER=0.9.8 Modified: vendor-crypto/openssl/dist-0.9.8/NEWS ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/NEWS Thu Jan 8 22:41:41 2015 (r276858) +++ vendor-crypto/openssl/dist-0.9.8/NEWS Thu Jan 8 22:50:44 2015 (r276859) @@ -5,6 +5,15 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.8zc and OpenSSL 0.9.8zd [8 Jan 2015] + + o Fix for CVE-2014-3571 + o Fix for CVE-2014-3569 + o Fix for CVE-2014-3572 + o Fix for CVE-2015-0204 + o Fix for CVE-2014-8275 + o Fix for CVE-2014-3570 + Major changes between OpenSSL 0.9.8zb and OpenSSL 0.9.8zc [15 Oct 2014]: o Fix for CVE-2014-3513 Modified: vendor-crypto/openssl/dist-0.9.8/README ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/README Thu Jan 8 22:41:41 2015 (r276858) +++ vendor-crypto/openssl/dist-0.9.8/README Thu Jan 8 22:50:44 2015 (r276859) @@ -1,5 +1,5 @@ - OpenSSL 0.9.8zc 15 Oct 2014 + OpenSSL 0.9.8zd 8 Jan 2015 Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: vendor-crypto/openssl/dist-0.9.8/crypto/Makefile ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/Makefile Thu Jan 8 22:41:41 2015 (r276858) +++ vendor-crypto/openssl/dist-0.9.8/crypto/Makefile Thu Jan 8 22:50:44 2015 (r276859) @@ -41,7 +41,8 @@ SRC= $(LIBSRC) EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \ ossl_typ.h -HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h $(EXHEADER) +HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \ + constant_time_locl.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_bitstr.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_bitstr.c Thu Jan 8 22:41:41 2015 (r276858) +++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_bitstr.c Thu Jan 8 22:50:44 2015 (r276859) @@ -136,11 +136,16 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN p= *pp; i= *(p++); + if (i > 7) + { + i=ASN1_R_INVALID_BIT_STRING_BITS_LEFT; + goto err; + } /* We do this to preserve the settings. If we modify * the settings, via the _set_bit function, we will recalculate * on output */ ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */ - ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */ + ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|i); /* set */ if (len-- > 1) /* using one because of the bits left byte */ { Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_type.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_type.c Thu Jan 8 22:41:41 2015 (r276858) +++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_type.c Thu Jan 8 22:50:44 2015 (r276859) @@ -108,3 +108,49 @@ int ASN1_TYPE_set1(ASN1_TYPE *a, int typ IMPLEMENT_STACK_OF(ASN1_TYPE) IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) + +/* Returns 0 if they are equal, != 0 otherwise. */ +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) + { + int result = -1; + + if (!a || !b || a->type != b->type) return -1; + + switch (a->type) + { + case V_ASN1_OBJECT: + result = OBJ_cmp(a->value.object, b->value.object); + break; + case V_ASN1_NULL: + result = 0; /* They do not have content. */ + break; + case V_ASN1_INTEGER: + case V_ASN1_NEG_INTEGER: + case V_ASN1_ENUMERATED: + case V_ASN1_NEG_ENUMERATED: + case V_ASN1_BIT_STRING: + case V_ASN1_OCTET_STRING: + case V_ASN1_SEQUENCE: + case V_ASN1_SET: + case V_ASN1_NUMERICSTRING: + case V_ASN1_PRINTABLESTRING: + case V_ASN1_T61STRING: + case V_ASN1_VIDEOTEXSTRING: + case V_ASN1_IA5STRING: + case V_ASN1_UTCTIME: + case V_ASN1_GENERALIZEDTIME: + case V_ASN1_GRAPHICSTRING: + case V_ASN1_VISIBLESTRING: + case V_ASN1_GENERALSTRING: + case V_ASN1_UNIVERSALSTRING: + case V_ASN1_BMPSTRING: + case V_ASN1_UTF8STRING: + case V_ASN1_OTHER: + default: + result = ASN1_STRING_cmp((ASN1_STRING *) a->value.ptr, + (ASN1_STRING *) b->value.ptr); + break; + } + + return result; + } Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_verify.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_verify.c Thu Jan 8 22:41:41 2015 (r276858) +++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_verify.c Thu Jan 8 22:50:44 2015 (r276859) @@ -89,6 +89,12 @@ int ASN1_verify(i2d_of_void *i2d, X509_A ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); goto err; } + + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) + { + ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + goto err; + } inl=i2d(data,NULL); buf_in=OPENSSL_malloc((unsigned int)inl); @@ -144,6 +150,12 @@ int ASN1_item_verify(const ASN1_ITEM *it return -1; } + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) + { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + return -1; + } + EVP_MD_CTX_init(&ctx); i=OBJ_obj2nid(a->algorithm); type=EVP_get_digestbyname(OBJ_nid2sn(i)); Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/asn1.h ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/asn1.h Thu Jan 8 22:41:41 2015 (r276858) +++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/asn1.h Thu Jan 8 22:50:44 2015 (r276859) @@ -769,6 +769,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, int ASN1_TYPE_get(ASN1_TYPE *a); void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); ASN1_OBJECT * ASN1_OBJECT_new(void ); void ASN1_OBJECT_free(ASN1_OBJECT *a); @@ -1260,6 +1261,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_ILLEGAL_TIME_VALUE 184 #define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 +#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 #define ASN1_R_INVALID_BMPSTRING_LENGTH 129 #define ASN1_R_INVALID_DIGIT 130 #define ASN1_R_INVALID_MIME_TYPE 200 @@ -1308,6 +1310,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_TIME_NOT_ASCII_FORMAT 193 #define ASN1_R_TOO_LONG 155 #define ASN1_R_TYPE_NOT_CONSTRUCTED 156 +#define ASN1_R_TYPE_NOT_PRIMITIVE 218 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 #define ASN1_R_UNEXPECTED_EOC 159 Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/asn1_err.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/asn1_err.c Thu Jan 8 22:41:41 2015 (r276858) +++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/asn1_err.c Thu Jan 8 22:50:44 2015 (r276859) @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* ==================================================================== - * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -235,6 +235,7 @@ static ERR_STRING_DATA ASN1_str_reasons[ {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE) ,"illegal time value"}, {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"}, {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"}, +{ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),"invalid bit string bits left"}, {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"}, {ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"}, {ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"}, @@ -283,6 +284,7 @@ static ERR_STRING_DATA ASN1_str_reasons[ {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT),"time not ascii format"}, {ERR_REASON(ASN1_R_TOO_LONG) ,"too long"}, {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"}, +{ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE) ,"type not primitive"}, {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"}, {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"}, {ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"}, Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/tasn_dec.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/tasn_dec.c Thu Jan 8 22:41:41 2015 (r276858) +++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/tasn_dec.c Thu Jan 8 22:50:44 2015 (r276859) @@ -866,6 +866,14 @@ static int asn1_d2i_ex_primitive(ASN1_VA } else if (cst) { + if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN + || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER + || utype == V_ASN1_ENUMERATED) + { + ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, + ASN1_R_TYPE_NOT_PRIMITIVE); + return 0; + } buf.length = 0; buf.max = 0; buf.data = NULL; Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/x_algor.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/x_algor.c Thu Jan 8 22:41:41 2015 (r276858) +++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/x_algor.c Thu Jan 8 22:50:44 2015 (r276859) @@ -128,3 +128,13 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj } } +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) + { + int rv; + rv = OBJ_cmp(a->algorithm, b->algorithm); + if (rv) + return rv; + if (!a->parameter && !b->parameter) + return 0; + return ASN1_TYPE_cmp(a->parameter, b->parameter); + } Modified: vendor-crypto/openssl/dist-0.9.8/crypto/bn/asm/mips3.s ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/bn/asm/mips3.s Thu Jan 8 22:41:41 2015 (r276858) +++ vendor-crypto/openssl/dist-0.9.8/crypto/bn/asm/mips3.s Thu Jan 8 22:50:44 2015 (r276859) @@ -1584,17 +1584,17 @@ LEAF(bn_sqr_comba8) dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu c_2,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1609,63 +1609,63 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu c_3,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu AT,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 sd c_1,24(a0) dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu c_1,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu AT,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1680,93 +1680,93 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu c_2,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu AT,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu AT,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 sd c_3,40(a0) dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu c_3,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu AT,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu AT,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1781,108 +1781,108 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu c_1,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu AT,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu AT,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu AT,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 sd c_2,56(a0) dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu c_2,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu AT,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu AT,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_4,a_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1897,78 +1897,78 @@ LEAF(bn_sqr_comba8) dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu c_3,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu AT,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu AT,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 sd c_1,72(a0) dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu c_1,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu AT,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_5,a_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1983,48 +1983,48 @@ LEAF(bn_sqr_comba8) dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu c_2,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu AT,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 sd c_3,88(a0) dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu c_3,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -2039,17 +2039,17 @@ LEAF(bn_sqr_comba8) dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu c_1,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 sd c_2,104(a0) dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ @@ -2070,9 +2070,9 @@ LEAF(bn_sqr_comba4) .set reorder ld a_0,0(a1) ld a_1,8(a1) + dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ ld a_2,16(a1) ld a_3,24(a1) - dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ mflo c_1 mfhi c_2 sd c_1,0(a0) @@ -2093,17 +2093,17 @@ LEAF(bn_sqr_comba4) dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201501082250.t08MojRM050689>